Industry News and Events

SonicWall Defends Businesses, Users from Memory-based Attacks and Zero-Day Malware, Including Malicious PDFs and Office Documents

PRESS RELEASE – April 10, 2018

SonicWall RTDMITM identified more than 3,500 never-before-seen attack variants since January 2018

MILPITAS, Calif. — SonicWall, the trusted security partner protecting more than 1 million networks worldwide, expands the capabilities of the patent-pending SonicWall Real-Time Deep Memory Inspection (RTDMITM) technology to enhance protection against malicious PDFs and Microsoft Office files. A key component of the SonicWall Capture Cloud Platform, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, using RTDMI technology, identified more than 3,500 never-before-seen attack variants since January 1, 2018.

“Cybercriminals are executing with extreme agility to exploit any and all vulnerabilities in both technology and user behavior,” said SonicWall President and CEO Bill Conner. “Memory regions are the next key battlegrounds where organizations will combat cybercriminals. If left unmitigated, they’ll leave a key attack vector vulnerable to new waves of modern cyberattacks.”

First announced in February 2018, RTDMI technology is used by the SonicWall Capture Cloud Platform to identify and mitigate even the most insidious cyber threats, including memory-based attacks. RTDMI proactively detects and blocks unknown mass-market malware — including malicious PDFs and attacks leveraging Microsoft Office documents — via deep memory inspection in real time.

“Attacks are leveraging sophisticated and proprietary encryption techniques to mask their attacks within memory,” said SonicWall CTO John Gmuender. “For this reason, organizations need to be proactive in identifying and mitigating attacks where weaponry only is exposed for up to 100 nanoseconds. More and more malware, ransomware and other advanced attacks will be delivered via this vector in the coming months and years.”

The 2018 SonicWall Cyber Threat Report advises that cybercriminals will continue to leverage users’ trust in PDFs and Microsoft Office applications (which represented five of the top 10 attacked applications of 2017). Because of obfuscation techniques, many legacy firewalls and anti-virus solutions are unable to effectively identify and mitigate PDFs or Microsoft Office file types that contain malicious content.

RTDMI is already operational for SonicWall customers with active subscriptions to SonicWall Capture ATP sandbox service and SonicWall Email Security solutions.

Capture ATP, RTDMI Stop Malicious PDFs, Office Documents

RTDMI is a core multi-technology detection capability included in the SonicWall Capture ATP sandbox service. RTDMI identifies and blocks malware that may not exhibit any detectable malicious behavior or hides its weaponry via encryption.

By forcing malware to reveal its weaponry into memory, RTDMI proactively stops mass-market, zero-day threats and unknown malware accurately utilizing real-time, memory-based inspection techniques. RTDMI also analyzes documents dynamically via proprietary exploit detection technology, along with static inspection, to detect many malicious document categories, including:

  • Malicious Flash-based Microsoft Office documents
  • Dynamic Data Exchange-based (DDE) exploits and malware inside Microsoft Office files
  • Microsoft Office and PDF files containing malware or other malicious executables
  • Malevolent shellcode-based and multi-layer files
  • Macro-based malicious files
  • PDF documents with “JavaScript infectors”
  • JavaScript-based exploits in PDF documents
  • Malicious, phishing-based PDF documents leading to both phishing and malware hosting websites

Earlier this year, SonicWall Capture Labs threat researchers validated that the SonicWall RTDMI technology — specifically the technology’s real-time analysis of instruction and memory usage patterns — is effective against future exploits built on the Meltdown vulnerability.

Meltdown, a processor vulnerability publically announced by Google’s Project Zero security team in January 2018, could allow an attacker to access sensitive information (e.g., passwords, emails, documents) inside protected memory regions on modern processors.

SonicWall Publishes Advanced Cyber Threat Data for SonicWall Customers and Partners

To further aid organizations’ pursuit of protecting their data, networks, customers and brand, SonicWall launched the SonicWall Security Center with all-new, real-time threat meters to provide actionable cyberattack data and threat intelligence

The threat meters display ongoing attacks, as they happen, in locations around the world and maps them by origin. It tracks malware, intrusions, ransomware, encrypted threats, spam, phishing and emerging zero-day threats.

Complementing the research in the 2018 SonicWall Cyber Threat Report, the SonicWall Security Center threat meters rank threat volumes and trends month-over-month and year-over-year, so organizations can make better-informed security decisions. The SonicWall Capture Cloud Platform identified 1,184 new attack variants per business day since the start of February 2018. In March 2018 alone, the average SonicWall customer faced:

  • 2,652 malware attacks, a year-over-year increase of 181 percent
  • 81 ransomware attacks, a year-over-year increase of 562 percent
  • 79 encrypted cyberattacks, a year-over-year increase of 690 percent
  • 11 phishing attacks per day
“Organizations are better prepared to protect their networks and data if they know the volume and specific cyberattack types they are up against,” said Conner. “SonicWall will continue to arm customers and partners with actionable, real-time threat intelligence to help mitigate advanced attacks in the fast-moving cyber arms race.”

The SonicWall Security Center gathers input from more than 1 million Capture Threat Network sensors worldwide, including active SonicWall firewalls, email security solutions, endpoint security devices, honeypots, content-filtering systems and multi‐engine Capture ATP sandbox environments.

To learn more about SonicWall Capture ATP, visit sonicwall.com/Capture.

For More Information

To learn more about SonicWall, or to partner with us, please visit:

About SonicWall

SonicWall has been fighting the cybercriminal industry for over 26 years defending small, medium-size businesses and enterprises worldwide. Backed by research from SonicWall Capture Labs and the formidable resources of over 23,000 loyal channel partners around the globe, our award-winning, real-time breach detection and prevention solutions secure more than a million business and mobile networks and their emails, applications and data. This combination of products and partners has enabled an automated real-time breach detection and prevention solution tuned to the specific needs of the more than 500,000 organizations in over 150 countries. These businesses can run more effectively and fear less about security. For more information, visit www.sonicwall.com.

latest stories

  • El Informe de Ciberamenazas de SonicWall de julio de 2024 detalla el aumento exponencial de los ciberataques en general y el consecuente riesgo para las empresas
    Al menos el 12,6% de los ingresos anuales de una organización han estado en riesgo de ciberamenazas Los sensores han detectado un 125% de horas de ataque: 10 horas de ataque en una jornada labora...
    Read More
  • El Informe de Ciberamenazas 2024 de SonicWall se adentra en las profundidades de los ciberataques y refuerza la necesidad de proveedores de servicios gestionados (MSP)
    Aumentan los intentos globales de ataques (+20%) a medida que las amenazas diversifican sus tácticas El ransomware se intensifica a lo largo del año (+27% en el segundo semestre), alcanzando su p...
    Read More
  • SonicWall añade mayor flexibilidad en los servicios para endpoints gestionados
    SonicWall amplía su solución de Detección y respuesta gestionadas (MDR) con un Centro de operaciones de seguridad (SOC) que impulsará el crecimiento de los partners con una suite de soluciones gestion...
    Read More