Industry News and Events

SonicWall Defends Businesses, Users from Memory-based Attacks and Zero-Day Malware, Including Malicious PDFs and Office Documents

PRESS RELEASE – April 10, 2018

SonicWall RTDMITM identified more than 3,500 never-before-seen attack variants since January 2018

MILPITAS, Calif. — SonicWall, the trusted security partner protecting more than 1 million networks worldwide, expands the capabilities of the patent-pending SonicWall Real-Time Deep Memory Inspection (RTDMITM) technology to enhance protection against malicious PDFs and Microsoft Office files. A key component of the SonicWall Capture Cloud Platform, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, using RTDMI technology, identified more than 3,500 never-before-seen attack variants since January 1, 2018.

“Cybercriminals are executing with extreme agility to exploit any and all vulnerabilities in both technology and user behavior,” said SonicWall President and CEO Bill Conner. “Memory regions are the next key battlegrounds where organizations will combat cybercriminals. If left unmitigated, they’ll leave a key attack vector vulnerable to new waves of modern cyberattacks.”

First announced in February 2018, RTDMI technology is used by the SonicWall Capture Cloud Platform to identify and mitigate even the most insidious cyber threats, including memory-based attacks. RTDMI proactively detects and blocks unknown mass-market malware — including malicious PDFs and attacks leveraging Microsoft Office documents — via deep memory inspection in real time.

“Attacks are leveraging sophisticated and proprietary encryption techniques to mask their attacks within memory,” said SonicWall CTO John Gmuender. “For this reason, organizations need to be proactive in identifying and mitigating attacks where weaponry only is exposed for up to 100 nanoseconds. More and more malware, ransomware and other advanced attacks will be delivered via this vector in the coming months and years.”

The 2018 SonicWall Cyber Threat Report advises that cybercriminals will continue to leverage users’ trust in PDFs and Microsoft Office applications (which represented five of the top 10 attacked applications of 2017). Because of obfuscation techniques, many legacy firewalls and anti-virus solutions are unable to effectively identify and mitigate PDFs or Microsoft Office file types that contain malicious content.

RTDMI is already operational for SonicWall customers with active subscriptions to SonicWall Capture ATP sandbox service and SonicWall Email Security solutions.

Capture ATP, RTDMI Stop Malicious PDFs, Office Documents

RTDMI is a core multi-technology detection capability included in the SonicWall Capture ATP sandbox service. RTDMI identifies and blocks malware that may not exhibit any detectable malicious behavior or hides its weaponry via encryption.

By forcing malware to reveal its weaponry into memory, RTDMI proactively stops mass-market, zero-day threats and unknown malware accurately utilizing real-time, memory-based inspection techniques. RTDMI also analyzes documents dynamically via proprietary exploit detection technology, along with static inspection, to detect many malicious document categories, including:

  • Malicious Flash-based Microsoft Office documents
  • Dynamic Data Exchange-based (DDE) exploits and malware inside Microsoft Office files
  • Microsoft Office and PDF files containing malware or other malicious executables
  • Malevolent shellcode-based and multi-layer files
  • Macro-based malicious files
  • PDF documents with “JavaScript infectors”
  • JavaScript-based exploits in PDF documents
  • Malicious, phishing-based PDF documents leading to both phishing and malware hosting websites

Earlier this year, SonicWall Capture Labs threat researchers validated that the SonicWall RTDMI technology — specifically the technology’s real-time analysis of instruction and memory usage patterns — is effective against future exploits built on the Meltdown vulnerability.

Meltdown, a processor vulnerability publically announced by Google’s Project Zero security team in January 2018, could allow an attacker to access sensitive information (e.g., passwords, emails, documents) inside protected memory regions on modern processors.

SonicWall Publishes Advanced Cyber Threat Data for SonicWall Customers and Partners

To further aid organizations’ pursuit of protecting their data, networks, customers and brand, SonicWall launched the SonicWall Security Center with all-new, real-time threat meters to provide actionable cyberattack data and threat intelligence

The threat meters display ongoing attacks, as they happen, in locations around the world and maps them by origin. It tracks malware, intrusions, ransomware, encrypted threats, spam, phishing and emerging zero-day threats.

Complementing the research in the 2018 SonicWall Cyber Threat Report, the SonicWall Security Center threat meters rank threat volumes and trends month-over-month and year-over-year, so organizations can make better-informed security decisions. The SonicWall Capture Cloud Platform identified 1,184 new attack variants per business day since the start of February 2018. In March 2018 alone, the average SonicWall customer faced:

  • 2,652 malware attacks, a year-over-year increase of 181 percent
  • 81 ransomware attacks, a year-over-year increase of 562 percent
  • 79 encrypted cyberattacks, a year-over-year increase of 690 percent
  • 11 phishing attacks per day
“Organizations are better prepared to protect their networks and data if they know the volume and specific cyberattack types they are up against,” said Conner. “SonicWall will continue to arm customers and partners with actionable, real-time threat intelligence to help mitigate advanced attacks in the fast-moving cyber arms race.”

The SonicWall Security Center gathers input from more than 1 million Capture Threat Network sensors worldwide, including active SonicWall firewalls, email security solutions, endpoint security devices, honeypots, content-filtering systems and multi‐engine Capture ATP sandbox environments.

To learn more about SonicWall Capture ATP, visit sonicwall.com/Capture.

For More Information

To learn more about SonicWall, or to partner with us, please visit:

About SonicWall

SonicWall has been fighting the cybercriminal industry for over 26 years defending small, medium-size businesses and enterprises worldwide. Backed by research from SonicWall Capture Labs and the formidable resources of over 23,000 loyal channel partners around the globe, our award-winning, real-time breach detection and prevention solutions secure more than a million business and mobile networks and their emails, applications and data. This combination of products and partners has enabled an automated real-time breach detection and prevention solution tuned to the specific needs of the more than 500,000 organizations in over 150 countries. These businesses can run more effectively and fear less about security. For more information, visit www.sonicwall.com.

latest stories

  • SonicWallがサイバー攻撃全体の急激な増加について詳細なレポートを発表、企業の潜在的な収益リスクを明らかに
    組織の年間収益の6%以上にサイバー脅威のリスクあり センサーが検知した攻撃時間は125% – 1日(8時間業務)に10回の攻撃を検知 企業は880時間の業務時間の間に平均で1,104時間のクリティカルな攻撃に耐え、46日間のダウンタイムの可能性を回避 マルウェアは5月だけで92%の急増を見せ、前年比30%の増加傾向 ランサムウェアが北米で急増(+15%)、中南米で爆発的増加(...
    Read More
  • SonicWallの脅威データがサイバー攻撃の深刻さと マネージドサービスプロバイダー(MSP)の重要性を明らかに
    サイバー犯罪者の手口の多様化に伴い、侵入の試みの総数が増加(+20%) – 世界中で攻撃が増加 ランサムウェアは年間を通じて増加(下半期は+27%)、夏季がピーク(+37%) クリプトジャックの総数 – 全世界で+659%の急増 IoTエクスプロイト(+15%)と暗号化された脅威(+117%)も増加傾向 SonicWallは29万3,989件の「未知の」マルウェア亜種を発見 ...
    Read More
  • SonicWall、マネージドエンドポイントサービスによってより高い柔軟性を提供する公約を実現
    SonicWallは24時間年中無休のセキュリティオペレーションセンター(SOC)によってマネージド検出/応答(MDR)ソリューションを強化し、一連のマネージドソリューションでパートナーの成長を推進 カリフォルニア州ミルピタス — 2024年2月8日 —SonicWallは、大切なチャネルパートナーからのフィードバックを活用し、MSP向けにカスタマイズされた多数のマネージドサービスを初めて提供する...
    Read More