SonicWall
Newsroom SonicWall’s Mid-Year Cyber Threat Report Finds Malicious Microsoft Office Files On Rise, Ransomware Up in US, Globally

SonicWall’s Mid-Year Cyber Threat Report Finds Malicious Microsoft Office Files On Rise, Ransomware Up in US, Globally

  • 20% jump in ransomware globally, 109% spike in United States
  • 24% drop in malware attacks worldwide
  • 7% of phishing attacks capitalized on COVID-19 pandemic
  • 176% increase in malicious Microsoft Office file types
  • 23% of malware attacks leveraged non-standards ports
  • 50% rise of IoT malware attacks
  • Report analyzes threat intelligence data gathered from 1.1 million sensors in over 215 countries and territories

MILPITAS, Calif. — July 23, 2020 —The SonicWall Capture Labs threat research team today published the mid-year update to the 2020 SonicWall Cyber Threat Report, highlighting increases in ransomware, opportunistic use of COVID-19 pandemic, systemic weaknesses and growing reliance on Microsoft Office files by cybercriminals.

“Cybercriminals can be resourceful, often setting traps to take advantage of people’s kindness during a natural disaster, panic throughout a crisis and trust in systems used in everyday life,” said SonicWall President and CEO Bill Conner. “This latest cyber threat data shows that cybercriminals continue to morph their tactics to sway the odds in their favor during uncertain times. With everyone more remote and mobile than ever before, businesses are highly exposed and the cybercriminal industry is very aware of that. It’s imperative that organizations move away from makeshift or traditional security strategies and realize this new business normal is no longer new.”

Changing Landscape Leads to Waning Malware Volume
During the first half of 2020, global malware attacks fell from 4.8 billion to 3.2 billion (-24%) over 2019’s mid-year total. This drop is the continuation of a downward trend that began last November.

There are regional differences in both the amount of malware and the percentage change year over year, highlighting shifting cybercriminal focus. For example, the United States (-24%), United Kingdom (-27%), Germany (-60%) and India (-64%) all experienced reduced malware volume. Less malware doesn’t necessarily mean a safer world; ransomware has seen a corresponding jump over the same time period.

Ransomware Attackers Raise Stakes Again
Despite the global decline of malware volume, ransomware continues to be the most concerning threat to corporations and the preferred tool for cybercriminals, increasing a staggering 20% (121.4 million) globally in the first half of 2020.

“Remote and mobile workforces are at a turning point on the subject of security,” said Chad Sweet, Founder and CEO The Chertoff Group. “It has never been more prevalent for enterprises and organizations to prioritize online security and make what used to be a luxury, a secured and protected necessity.”

Comparatively, the U.S. and U.K. are facing different odds. SonicWall Capture Labs threat researchers logged 79.9 million ransomware attacks (+109%) in the U.S. and 5.9 million ransomware attacks (-6%) in the U.K. — trends that continue to ebb and flow based on the behaviors of agile cybercriminal networks.

Malware-laden COVID-19 Emails
The combination of the global pandemic and social-engineered cyberattacks has proven to be an effective mix for cybercriminals utilizing phishing and other email scams. Dating as far back as Feb. 4, SonicWall researchers detected a flurry of increased attacks, scams and exploits specifically based around COVID-19 and noted a 7% increase in COVID-related phishing attempts during the first two quarters.

As expected, COVID-19 phishing began rising in March, and saw its most significant peaks on March 24, April 3 and June 19. This contrasts with phishing as a whole, which started strong in January and was down slightly globally (-15%) by the time the pandemic phishing attempts began to pick up steam.

Office Lures Remain a Staple
Microsoft Office is a necessity with millions of employees now more remote and dependent on the business productivity suite of applications. Cybercriminals were quick to leverage this shift, as SonicWall threat researchers found a 176% increase in new malware attacks disguised as trusted Microsoft Office file types.

Leveraging SonicWall Capture Advanced Threat Protection (ATP) with Real-Time Deep Memory Inspection™ (RTDMI) technology, SonicWall discovered that 22% of Microsoft Office files and 11% of PDF files made up 33% of all newly identified malware in 2020. The patent-pending RTDMI™ technology identified a record 120,910 ‘never-before-seen’ malware variants during that time — a 63% increase over the first six months of 2019.  

“Cybercriminals are too sophisticated to use known malware variants, so they’re re-imagining and re-writing malware to defeat security controls like traditional sandboxing techniques — and it’s working,” said Conner.

What are the Riskiest U.S. States for Malware?
With over 1.1 million sensors worldwide collecting threat intelligence around the clock, SonicWall’s new ‘malware spread’ data highlights the riskiest U.S. states for malware attacks.

In the U.S., California, home to Silicon Valley, ranked the highest for total malware volume in 2020. However, it was not the riskiest state — or even in the top half of those ranked. Organizations in Kansas are more likely to experience a malware encounter, as nearly a third (31.3%) of sensors in the state detected a hit.

In contrast, just over a fifth of the sensors in North Dakota (21.9%) logged an attempted malware attack. The top five riskiest U.S. states, based on malware spread, are Kansas (31.3%), Montana (29.0%), Rhode Island (28.3%), Iowa (28.1% and Hawaii (27.7%).

This method of tracking malware spread is conducted by calculating the percentage of sensors that detected a malware attack, resulting in more useful and precise information about whether an organization is likely to see malware in an area. The greater the malware spread percentage, the more widespread malware is in a given region.

Attacks Using Non-standard Ports Make Comeback
Overall, an average of 23% of attacks took place over non-standard ports so far in 2020 — the highest mark since SonicWall began tracking the attack vector in 2018.

By sending malware across non-standard ports, assailants can bypass traditional firewall technologies, ensuring increased success for payloads. A ‘non-standard’ port is leveraged by services running on a port other than its default assignment (e.g., Ports 80 and 443 are standard ports for web traffic).

Two new monthly records were set during the first two quarters of 2020. In February, non-standard port attacks reached 26% before climbing to an unprecedented 30% in May. During that month, there was a surge in many specific attacks, such as VBA Trojan Downloader, that may have contributed to the spike.

IoT Continues to Serve Threats
Work-from-home (WFH) employees or remote workforces can introduce many new risks, including Internet of Things (IoT) devices like refrigerators, baby cameras, doorbells or gaming consoles. IT departments are besieged with countless devices swarming networks and endpoints as the footprint of their corporate expands beyond the traditional perimeter.

Researchers at SonicWall found a 50% increase in IoT malware attacks, a number that mirrors the number of additional devices that are connected online as individuals and enterprise alike function from home. Unchecked IoT devices can provide cybercriminals an open door into what may otherwise be a well-secured organization.

To download the full mid-year update, please visit www.sonicwall.com/ThreatReport.

About SonicWall
SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Latest Stories

" alt="" />
July 3, 2024

SonicWall Launches EMEA Managed Security Services Backed by a 24×7 European Security Operations Center (SOC)

SonicWall delivers on its promises of more fortification and flexibility for EMEA partners with key Managed Security Services additions – all ahead of strict new EU tech regulations MILPITAS, Calif. — July 3, 2024 — SonicWall announced today that it has rolled out its new Managed Security Services suite for European Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs) and other partners, all backed by a new locally-based 24x7x365 Security Operations Center (SOC) providing local understanding of regional cyber threats, regulations, and business environments, enhancing threat detection and response capabilities. The announcement reinforces SonicWall’s commitment to its valued partners and extends its portfolio to include EMEA-based Managed Detection and Response (MDR), Security Operations Center services (SOCaaS), and other managed security services that are delivered in partnership with MSPs and MSSPs. “Within the past year, SonicWall made a commitment to its global partners that it would take an endpoint agnostic and flexible tailored to their unique journeys – we delivered that in February,” said SonicWall CEO and President Bob VanKirk. “Building on this commitment, we’re now introducing managed security services, an EMEA-based SOC, and a suite of additional tools and resources essential for our partners’ success. Our establishment of an EMEA-based SOC with European data residency further strengthens our promise to empower partners with local expertise and rapid response capabilities, crucial for effective client protection amidst Europe's ever-evolving cybersecurity landscape. Additionally, we've upheld our pledge to partners by recently launching MDR for Capture Client, Sentinel One, and Microsoft Defender. SonicWall’s European-based SOC is now available, ensuring European partners can offer their customers enterprise-grade SOC monitoring while remaining compliant with European regulations. In many cases, MSPs and other organizations don’t have an in-house SOC team monitoring alerts and managing the performance of security solutions around the clock, meaning there can be delays in taking defensive action at critical times. Alert fatigue can also be a problem as it can be difficult to identify true problems in the noise of false positives. Adding a SOC provides 24x7x365 monitoring, so that alerts are prioritized, and no alert is missed, no matter when it comes in. Sustained EMEA Momentum This announcement comes a week after the conclusion of SonicWall’s EMEA Partner Conference Elevate 2024, held in Lisbon, Portugal. Partners from across Europe joined SonicWall’s leadership for a hands-on understanding of SonicWall’s new Managed Security Services solutions, and for a better understanding on how to grow and diversify their business in an increasingly dynamic threat and business environment. “We listened to our community and delivered solutions that will dramatically impact their businesses, and the feedback we received at Elevate 2024 was overwhelmingly positive,” said SonicWall Chief Strategy Officer Matt Neiderman. “Our commitment to empowering our partners with a platform of modern solutions designed to help them grow their business is evident in both EMEA and around the globe, and we will continue to enhance the solutions and tools they need to sustain this current momentum.” EU’s Strict Regulations The addition of these Managed Security Service solutions comes just ahead of the European Union’s strict new DORA regulations which, from January 17, 2025, will place additional compliance burdens on cybersecurity providers and their customers. Compliance with DORA will involve a rethink of current risk management frameworks and operational resilience assessments including penetration testing, incident response and third-party risks. “The EU is leading the way globally on cyber-resilience to protect its economic interests with DORA,” said SonicWall Vice President of EMEA Spencer Starkey. “SonicWall’s new SOC is physical proof we’re onboard ahead of this important new regulatory reality. We know attackers work internationally and not just nine to five, now our partners can offer ultra-fast, local response capabilities with EU data residency starting today.” The new enterprise-grade SOC is an addition to SonicWall’s existing Managed Extended Detection and Response (MXDR) capabilities announced earlier this year to deliver powerful cybersecurity monitoring and response across the entire attack surface, including firewalls, endpoint protection, antivirus and cloud threat detection for MSPs and MSSPs. “Having a European-based SOC is pivotal for ensuring compliance with stringent regulations like GDPR and DORA,” said long-time SonicWall Partner and CTO at Data-Sec GmbH Moritz Freiherr von Schwerin. “It not only strengthens our ability to protect sensitive data and uphold privacy standards but also enables us to provide localized, agile responses to emerging cybersecurity threats specific to our region. This localization is crucial for maintaining trust and delivering effective security solutions that meet the unique needs of our clients across Europe. SonicWall has enhanced its offerings, both organically and through acquisitions, and they’re focused on supporting us better than ever before.” For more information on SonicWall’s Managed Security Services please visit: https://www.sonicwall.com/products/managed-security-services/. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
June 11, 2024

SonicWall Builds off its Partner Strength to Drive New Heights at Elevate 2024

Partners will get exclusive previews of the recently announced SonicPlatform and SonicWall’s newly enhanced solution roadmap from its recent acquisitions MILPITAS, Calif. — June 11, 2024 — SonicWall announced today the return of SonicWall Elevate, its premier partner event where it will detail its recent acquisitions and preview its solution roadmap which is helping organization create defensive measures from cloud to endpoint. This is yet another delivery for SonicWall’s valued partner and customer community – which has generated incredible momentum over the last several quarters. “SonicWall has been actively listening to its partner channel for the last 18 months and Elevate 2024 is another testament to our commitment to provide partners what they need to succeed in 2024 and beyond,” said SonicWall CEO Bob VanKirk. “Our partners are a force multiplier, one of our key differentiators, and we will be sharing an updated roadmap that has been specifically shaped by our partners’ voices. We have added managed security services, cloud-native security and more – all to put our partners in position to take their businesses to new heights.” SonicWall Elevate will involve sharing  key updates on its network security products, threat intelligence, as well as its newly acquired additions which include security service edge (SSE), zero trust network access (ZTNA) and additional managed security services for threat detection and response. With the platform, users get a unified backend for threat visibility and simplified workflows, uniquely positioning SonicWall well with an end-to-end solution. Elevate 2024 is designed to give partners all the tools they need to succeed in the coming year and beyond, including: Exclusive demos of SonicWall’s latest technology, including the new SonicPlatform Information on how to leverage recent acquisitions and how partners can grow and diversify their business to increase revenue Enhance the value of network security solutions and see what’s coming next Everything partners need to know about decreasing alert fatigue and growing opportunities with the 24x7 SOC protection of SonicWall MDR Interactive breakout sessions, complete with workshops and Q&A Opportunities for partners to offer feedback directly to SonicWall executive leadership SonicWall is experiencing consecutive quarters of partner growth, fueled by the explosive expansion in our Service Provider Program, recent program enhancements, and a dedicated focus on channel engagement. Over the last three quarters, SonicWall has seen an increase of transacting partners, including a 4% quarter-over-quarter growth. When and Where Americas June 12-14:Dallas, TX USA Europe, Middle East and Africa June 26-28: Lisbon, Portugal Asia, Pacific and Japan July 10-12: Bali, Indonesia For more information about Elevate 2024 and to register, please visit https://www.sonicwall.com/events/sonicwall-elevate-2024/. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
May 2, 2024

SonicWall Data Reveals the Top Five Most Widespread Network Attacks Used Against Small Businesses

The last two years of firewall telemetry data, paints a clear picture of what attacks are most widespread amongst SMBs – demanding the need for prioritization MILPITAS, Calif. — May 2, 2024 — A review of SonicWall telemetry data suggests that the most widespread network attacks to small businesses (SMBs) are older vulnerabilities with a large amount of publicly available information and affecting major vendors. In light of this data, prioritization is a critically important factor for today’s CISOs who are asked to manage and prioritize risk. “In order to properly prioritize threats, we must first understand what attacks, vulnerabilities, and tactics are being used by our enemies,” said SonicWall Executive Director of Threat Research Doug McKee. “Relying too heavily on one factor (e.g., CVSS scores) can lead to an incomplete view of the risk associated with a vulnerability. Consider all factors together to develop a comprehensive understanding of the risk landscape and prioritize vulnerabilities accordingly.” From January 2022 to March 2024, using SonicWall IPS data, SonicWall determined the most widespread attacks against small businesses. Here are the top five ranked: Log4j (CVE-2021-44228) - 43% of organizations were under attack Fortinet SSL VPN Path Traversal (CVE-2018-13379) - 35% of organizations were under attack Heartbleed (CVE-2014-0160) - 35% of organizations were under attack Atlassian Pre-Auth Arbitrary File Read (CVE-2021-26085) - 32% of organizations were under attack VMware SSRF (CVE-2021-21975) - 28% of organizations were under attack The “newest” vulnerability on this list is almost three years old, and the oldest goes back almost a decade.  This suggests the biggest “win” for small businesses is to ensure they have a solid methodology in place for dealing with well-known vulnerabilities, regardless of the age of the threat. “It is still very relevant to spend time and resources tracking down items like heart bleed and log4j, which is arguably more valuable than worrying about the latest AI threat or zero days in Microsoft with no publicly available exploit,” said McKee. Prioritization is Key Prioritization is a critical factor for today’s CISOs who are asked to manage and prioritize risk.  The largest challenge with supply chain issues like Log4j, is understanding simply – is it used and where?  Product security testing or other forms of deep technical analysis of the product used on your network is vital to ensure a business is protected from threats being used by attackers and therefore should take priority in terms of funding. For more information visit www.sonicwall.com. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
April 25, 2024

Riding a Wave of Momentum, SonicWall Debuts New Cybersecurity Management Platform at RSA Conference 2024

After securing three acquisitions, adding MSP-tailored managed services and cloud security to build out its platform, SonicWall is delivering on partner commitments MILPITAS, Calif. — April 25, 2024 — In recent months, SonicWall reinforced its ongoing commitment to its valued partners and extended its cybersecurity portfolio to include managed security services and cloud edge security solutions that are tailor-made for MSPs (Managed Service Providers) and MSSPs (Managed Security Service Providers). Now, SonicWall and its new solutions, together with its new cybersecurity management platform will be showcased at the RSA Conference 2024 in San Francisco, Calif., May 6-9, at Booth N-5353, North Expo Hall, at the Moscone Center. “An unwavering commitment to SonicWall partners and customers around the globe is, and will continue to be, SonicWall’s priority,” said SonicWall CEO and President Bob VanKirk. “It’s encouraging to experience the remarkable momentum sweeping across our business – It starts with taking an outside in approach and executing on that insight. As a result, SonicWall is proud to demonstrate its updated capabilities and introduce the SonicPlatform, all of which are a direct result of feedback from our partners.” SonicWall returns to RSA Conference in 2024 after introducing its revamped executive leadership team last year. It will provide insightful sessions, new technology demos and one-on-one conversations with SonicWall cybersecurity and MSP experts, and an after-hours networking event. "As a SonicWall partner, it’s invaluable to learn the latest in cybersecurity trends and technologies,” said Logically CEO and SonicWall Partner Joshua Skeens. “This past year we've seen SonicWall transform, becoming even more partner friendly and focused on ensuring we have the security solutions and business tools we need to protect our customers as they do business. With the introduction of the SonicPlatform, SonicWall is ensuring that we are positioned to provide world-class security across multiple solutions in a more cohesive and efficient way." SonicWall Partner Momentum SonicWall’s business momentum is fueled by growth in its partner community – with key new partner wins over the last three quarters as part of a growing trend. SonicWall’s commitment to providing meaningful initiatives to its partners is paying dividends. Within the last 6-months SonicWall has offered: New Customer Deal Registration: Partners can receive additional discounts ranging from 10% for any qualified approved opportunity to up to 50% discount for a qualified new customer. Tier Match +1: For a limited time, SonicWall will beat the loyalty status partners currently hold with a competing firewall manufacturer. Eligible partners can have their SonicWall partner account matched to the closest equivalent tier, plus one for 180 days. Exclusive Partner Support: In addition to flexible subscription pricing, SonicWall offers exclusive technical support in addition to its Service Provider Plan. This offering allows partners priority access to tier two subject matter experts (SMEs) across the SonicWall portfolio – all with an exceptional response time. These and other partner initiatives have led to a 42% increase in partner growth year-over-year, with 63% of new partners transacting within the same quarter they onboarded. Additionally, partners in the Service Provider Program increased 91% year-over-year. SonicPlatform SonicWall is proud to introduce SonicPlatform, an innovative management platform designed to unify SonicWall products into a single integrated interface. SonicPlatform is not only focused on streamlining management tasks; it also delivers deep product integration that enables the sharing of contextual information across all enforcement points. SonicPlatform is built to deliver on a vision of a comprehensive, intuitive, and unified management that greatly simplifies the oversight of both cloud-based and on-premises infrastructures. SonicWall has added numerous security and networking solutions, including endpoint security, wireless access, cloud email security and threat intelligence, along with its recent additions of security service edge (SSE), zero trust network access (ZTNA) and managed security services, such as managed detection and response (MDR). With the platform’s unified backend for threat visibility and simplified workflows, partners will have a highly coherent end-to-end solution. This platform is especially beneficial for MSPs and MSSPs, enabling them to efficiently manage multiple client environments, automate key tasks, reduce operational costs, enhance service delivery, and garner valuable insights—all through a single, user-friendly interface. SonicPlatform serves as a centralized hub for managing all client resources, with key features such as: Unified Console: A single, intuitive interface for managing all clients and their resources. Unified System Health Visibility: Comprehensive insights into the health and performance of clients' products – including maintenance needs. Enhanced Security Management: Advanced capabilities for detecting and mitigating threats. Expanded Inventory Management: Efficient management of clients' resources, including appliances, subscriptions, and licenses, across on-premises and cloud environments. SonicPlatform represents a significant stride towards a more integrated, efficient, and secure management ecosystem for SonicWall's increasingly diverse suite of security solutions. More Information SonicWall leaders and experts will be available during the company’s exhibition hours to demo and answer any questions regarding its recent acquisitions and SonicPlatform. SonicWall | Booth 5353, North Hall | Moscone Center Tues., May 7: 10 a.m. - 6 p.m. PT Wed., May 8: 10 a.m. - 6 p.m. PT Thurs., May 9: 10 a.m. - 2 p.m. PT For more information, or to request a 1-on-1 meeting with a SonicWall cybersecurity expert, please visit SonicWall.com/RSA. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
Follow Us

© 2024 SonicWall. All Rights Reserved.

Company
Popular resources
Subscribe to newsletter

Stay In Touch

  • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.