SonicWall
Newsroom SonicWall Cyber Threat Report Illustrates Intense Cyber Arms Race; Cyber Attacks Becoming No. 1 Business Risk

SonicWall Cyber Threat Report Illustrates Intense Cyber Arms Race; Cyber Attacks Becoming No. 1 Business Risk

PRESS RELEASE – March 6, 2018

  • 9.32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase
  • Ransomware attacks dropped from 638 million to 184 million between 2016 and 2017
  • Ransomware variants, however, increased 101.2 percent
  • Average organization will see almost 900 file-based attacks per year hidden by SSL/TLS encryption

MILPITAS, Calif. – SonicWall, the trusted security partner protecting more than 1 million networks worldwide, announces research and intelligence from its 2018 Cyber Threat Report. In sum, the company recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures (CVE) reported for the year.

“The cyber arms race affects every government, business, organization and individual. It cannot be won by any one of us,” said SonicWall CEO Bill Conner. “Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we collectively improve our business and security postures against today’s most malicious threats and criminals.”

The annual threat report frames, compares and contrasts advances made by both cybersecurity professionals and global cybercriminals.

  • Cyber attacks are becoming the No. 1 risk to business, brands, operations and financials
  • 9.32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase from 2016
  • Ransomware attacks dropped from 638 million to 184 million between 2016 and 2017
  • Ransomware variants, however, increased 101.2 percent
  • Traffic encrypted by SSL/TLS standards increased 24 percent, representing 68 percent of total traffic
  • Without SSL decryption capabilities in place, the average organization will see almost 900 attacks per year hidden by SSL/TLS encryption
  • SonicWall identifies almost 500 new previously unknown malicious files each day

“The risks to business, privacy and related data grow by the day — so much so that cybersecurity is outranking some of the more traditional business risks and concerns,” said Conner.

Security Industry Advances

Total ransomware attack volume declines.
Even with WannaCry, Petya, NotPetya and Bad Rabbit ransomware attacks stealing the headlines, the expectations of more ransomware attacks simply did not materialize as anticipated in 2017. Full-year data shows that ransomware attacks dropped from 638 million to 184 million between 2016 and 2017.

  • Volume marked a 71.2 percent drop from the 638 million ransomware attack events SonicWall recorded in 2016
  • Regionally, the Americas were victimized the most, receiving 46 percent of all ransomware attack attempts in 2017
  • Europe saw 37 percent of ransomware attacks in 2017
  • SonicWall Capture Advanced Threat Protection (ATP), a cloud-based, multi-engine sandbox, identified one new malware variant for every 250 unknown hits

SSL/TLS use increases again.
Web traffic encrypted by SSL/TLS standards made yet another significant jump in 2017. This shift has already given more opportunity for cybercriminals and threat actors to hide malicious payloads in encrypted traffic.

  • Encrypted SSL/TLS traffic increased 24 percent
  • SSL/TLS traffic made up 68 percent of total traffic in 2017
  • Organizations are beginning to implement security controls, such as deep packet inspection (DPI) of SSL/TLS traffic, to responsibly inspect, detect and mitigate attacks in encrypted traffic

Effectiveness of exploit kits impacted.
With most browsers dropping support of Adobe Flash, no critical flash vulnerabilities were discovered in 2017. That, however, hasn’t deterred threat actors from attempting new strategies.

  • SonicWall provided protection against Microsoft Edge attacks, which we observed grew 13 percent in 2017 over 2016
  • SonicWall also protects the most popular Adobe products — Acrobat, Acrobat DC, Reader DC and Reader — and we observed attacks against these applications were down across the board
  • New targeted applications (e.g., Apple TV, Microsoft Office) cracked SonicWall’s top 10 for the first time

Law enforcement turns the tide.
Key arrests of cybercriminals continued to help disrupt malware supply chains and impact the rise of new would-be hackers and authors.

  • Law enforcement agencies are making an impact by arresting and convicting malware authors and disruptors
  • Cybercriminals are being more careful with how they conduct business, including dynamic cryptocurrency wallets and using different transaction currencies
  • Cooperation between national and international law enforcement agencies is strengthening the disruption of global cyber threats

“Stabilizing the cyber arms race requires the responsible, transparent and agile collaboration between governments, law enforcement and the private sector,” said the Honorable Michael Chertoff, Chairman of the Chertoff Group, and former U.S. Secretary of Homeland Security. “Like we witnessed in 2017, joint efforts deliver a hard-hitting impact to cybercriminals and threat actors. This diligence helps disrupt the development and deployment of advanced exploits and payloads, and also deters future criminals from engaging in malicious activity against well-meaning organizations, governments, businesses and individuals.”

Cybercriminal Advances

More unique types of ransomware found in the wild.
While the total volume of ransomware attacks was down significantly year over year, the number of ransomware variants created continues an upward trend since 2015. The variant increase, coupled with the associated volume of 184 million attacks, leaves ransomware a prevelant threat.

  • Ransomware variants increased 101.2 percent in 2017
  • SonicWall Capture Labs threat researchers created 2,855 new unique ransomware signatures in 2017, up from the 1,419 published in 2016
  • Ransomware against IoT and mobile devices is expected to increase in 2018

SSL encryption still hiding cyber attacks.
Hackers and cybercriminals continued to encrypt their malware payloads to circumvent traditional security controls. For the first time ever, SonicWall has real-world data that unmasks the volume of malware and other exploits hidden in encrypted traffic.

  • Encryption was leveraged more than previous years, for both legitimate traffic and malicious payload delivery
  • SonicWall Capture Labs found, on average, 60 file-based malware propagation attempts per SonicWall firewall each day
  • Without SSL decryption capabilities in place, the average organization will see almost 900 file-based attacks per year hidden by TLS/SSL encryption

“Industry reports indicate as high as 41% of attack or malicious traffic now leverages encryption for obfuscation, which means that traffic analysis solutions and web transaction solutions such as secure web gateways each must support the ability to decrypt SSL traffic to be effective,” wrote Ruggero Contu and Lawrence Pingree of Gartner.*

Malware cocktails mixing things up.
While no single exploit in 2017 rose to the level of darknet hacker tools Angler or Neutrino in 2016, there were plenty of malware writers leveraging one another’s code and mixing them to form new malware, thus putting a strain on signature-only security controls. SonicWall Capture Labs uses machine-learning technology to examine individual malware artifacts and categorizes each as unique or as a malware that already exists.

  • SonicWall collected 56 million unique malware samples in 2017, a slight 6.7 percent decrease from 2016
  • Total volume of unique malware samples in 2017 was 51.4 percent higher than 2014

Chip processors, IoT are emerging battlegrounds.
Cybercriminals are pushing new attack techniques into advanced technology spaces, notably chip processors.

  • Memory regions are the next key battleground that organizations will battle over with cybercriminals
  • Modern malware writers implement advanced techniques, including custom encryption, obfuscation and packing, as well as acting benign within sandbox environments, to allow malicious behavior to remain hidden in memory
  • Organizations will soon need to implement advanced techniques that can detect and block malware that does not exhibit any malicious behavior and hides its weaponry via custom encryption

“Sandbox techniques are often ineffective when analyzing the most modern malware,” said SonicWall CTO John Gmuender. “Real-time deep memory inspection is very fast and very precise, and can mitigate sophisticated attacks where the malware’s most protected weaponry is exposed for less than 100 nanoseconds.”

In addition to these findings, the 2018 SonicWall Annual Threat Report also identified best practices and security predictions for 2018, which are discussed in detail in the full report. To download the complete report, please visit www.sonicwall.com/ThreatReport.

For current cyber attack data, visit the SonicWall Security Center to see latest attack trends, types and volume across the world.

*Gartner, “Competitive Landscape: Secure Web Gateways,” Ruggero Contu, Lawrence Pingree, 12 September 2017.

About the SonicWall Capture Threat Network
Data for the 2018 SonicWall Cyber Threat Report was gathered by the SonicWall Capture Threat Network, which sources information from global devices and resources including more than 1 million security sensors in nearly 200 countries and territories; cross‐vector, threat‐related information shared among SonicWall security systems, including firewalls, email security, endpoint security, honeypots, content-filtering systems; SonicWall Capture Advanced Threat Protection multi‐engine sandbox; and SonicWall’s internal malware analysis automation framework.

For More Information
To learn more about opportunities to partner with SonicWall, please visit:

About SonicWall
SonicWall has been fighting the cyber-criminal industry for over 26 years defending small, medium-size businesses and enterprises worldwide. Backed by research from SonicWall Capture Labs, our award-winning real-time breach detection and prevention solutions coupled with the formidable resources of over 21,000 loyal channel partners around the globe, are the backbone securing more than a million business and mobile networks and their emails, applications, and data. This combination of products and partners has enabled an automated real-time breach detection and prevention solution tuned to the specific needs of the more than 500,000 organizations in over 150 countries. These businesses can run more effectively and fear less about security. For more information, visit www.sonicwall.com.

Latest Stories

" alt="" />
November 6, 2024

SonicWall Unveils TZ80: Empowering Service Providers to Deliver Comprehensive Security, Remote Access and Networking Solutions for Branch Offices and SOHO

More Than a Firewall: SonicWall Introduces Integrated Cybersecurity Platform with the TZ80 at the Core of the Market’s Next-Gen SOHO Solution, Featuring: Industry-First Warranties, Cloud Native VPN, Firewall Management and Flexible Pricing MILPITAS, Calif. — November 7, 2024 — SonicWall announced today the launch of the TZ80, a groundbreaking security solution designed specifically for branch offices and small office/home office (SOHO) environments. With its comprehensive, cost-effective package of networking, access, and security solutions, the TZ80 is a subscription-based device designed for service providers and value-added resellers (VARs) – and is set to revolutionize the way they deliver cybersecurity. The SonicWall TZ80 combines performance and price and provides industry leading networking and security capabilities, with advanced threat protection at a low total cost of ownership (TCO), making the TZ80 ideal for branch offices with remote workers, SOHO, IoT, and businesses with small form-factor requirements. This best-in-class firewall platform features built-in integration with cloud-native zero trust network access (ZTNA) and VPN as a service (VPNaaS) for hybrid environments and is backed by world-class technical support, available firewall management and network monitoring, and an industry-first cyber threat warranty. “The TZ80 is more than a firewall; it embodies the future of cybersecurity for managed service providers and their customers,” said SonicWall President and CEO Bob VanKirk. “With this launch, we’re transforming network security by integrating on-premise, hybrid, and cloud technologies into a cohesive solution. Our unified approach enhances security and performance while protecting customer data with modern cloud management and backed by expert services to keep our partners secure in today’s evolving threat landscape.” MSPs can complement their existing firewall monitoring and network operations center (NOC) to enhance their services with SonicWall’s managed security services, who work behind the scenes as a force multiplier for SonicWall partners. The Managed Protection Services Suite (MPSS) bundle provides management for TZ80 devices, with remote implementation, firmware and vulnerability management, and system health monitoring to help MSPs ensure that their customers employ best practices and stay up-to-date for the highest level of protection in today’s threat landscape. “We’ve been looking for a solution like the TZ80, and it’s exciting to see SonicWall deliver precisely what we need,” said President/CEO and SonicWall partner Brian A. Reed of Firewalls.com. “This opens up significant opportunities in the SOHO market for us, and the bundled cloud native VPN adds tremendous value, while the pay-as-you-go model makes it even more accessible. Additionally, the MPSS bundle enhances our offering and helps us stay focused on the core of our business, ensuring our clients stay secure.” To further enhance the value proposition, SonicWall will offer industry-first cybersecurity warranties for the TZ80 and other SonicWall front-line defense products certified by Cysurance. These warranties will help supplement insurance coverage by providing cash for covering deductibles or other out of pocket expenses before insurance kicks in. SonicWall will offer warranties for the TZ80 and other certified products as follows: $100K for a qualifying firewall $200K for a qualifying managed firewall Additionally, SonicWall is excited to introduce its latest and new "3 & Free" promotion. This promotion includes cloud native VPN licenses along with a free next-gen firewall. When purchasing a 3-year Advanced Protection Services Suite (APSS) or Essential Protection Services Suite (EPSS) customers get more than just free firewalls - they also gain comprehensive protection from latest cyber threats. SonicWall remains dedicated to equipping its partners with the tools they need to deliver security outcomes in a rapidly evolving cybersecurity landscape. The TZ80 represents a significant leap forward in delivering scalable, and integrated security solutions via our MSPs for branch offices and SOHO environments. To learn more about SonicWall’s TZ80, the full offering, new warranties and promotions please visit https://www.sonicwall.com/products/firewalls/soho. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />

Infinigate and SonicWall Expand Partnership Across Eastern Europe

SonicWall and Infinigate extend their successful collaboration to cover the Eastern European region, including Balkan countries.   Rotkreuz, Switzerland – November 6, 2024: The Infinigate Group, the leading technology platform and trusted advisor in cybersecurity, cloud and network infrastructure, and SonicWall, a leading cybersecurity innovator and partner-first company, are extending their partnership across Eastern Europe. Infinigate will distribute SonicWall’s entire advanced portfolio of network and endpoint security, Cloud Secure Edge (CSE) and Managed Security Services (MSS) offering channel partners effective solutions to meet the ever-evolving requirements of a broad customer base – from SMB through to enterprise organisations. Spencer Starkey, Executive Vice President at SonicWall said: “The Eastern European market presents a strong opportunity for growth and Infinigate, in view of our long-standing successful collaboration and their reach and experience in this geographical area, is absolutely the right distribution partner for us. Being a channel-first organisation, we value Infinigate’s specialist focus and their technical and market knowledge.” Protecting your business from escalating cyber-attacks has become a priority, as illustrated in Sonic Wall’s 2024 Mid-Year Cyber-Threat Report. Ransomware is on the rise in the Americas, while EMEA is pulling the global numbers down, suggesting improved cybersecurity measures and law enforcement interventions are having a positive impact. “We are delighted to build on our long-standing success with SonicWall and leverage the full potential of this growing region, where cybersecurity is high on the agenda, as illustrated by the NIS2 readiness statistics,” said Denis Ferrand Ajchenbaum, Chief Growth Officer at Infinigate Group and Managing Director of Infinigate Cloud. “As a leading Managed Security Services Distributor, we value SonicWall’s range of managed security services that considerably strengthen our offering in the region,” he added. Doru Manea, RVP East at Infinigate commented: Doru Manea, RVP East at Infinigate, commented: “Bringing SonicWall into our regional portfolio strengthens our ability to support our channel partners across Eastern Europe. With SonicWall’s expertise in cybersecurity, we can better equip our partners to meet the security needs of businesses in this market. Our channel reach and the strong cybersecurity culture in the region are a solid basis for our shared success” About Infinigate The Infinigate Group, the leading technology platform and trusted advisor in Cybersecurity, Cloud & Network Infrastructure covers over 100 countries across EMEA, Australia and New Zealand. In the 2023-2024 financial year the Infinigate Group revenue reached 2.3B€. Our focus and deep technical expertise on cybersecurity, secure networks and secure cloud for SMB and enterprise set us apart. Our 1,250 employees provide locally tailored services complementing a robust central supply chain, sparking growth for our partners, MSSPs and vendors. In 2022, Starlink, Vuzion (now Infinigate Cloud) and Nuvias became part of the Infinigate Group. In 2024, Wavelink became an Infinigate Group company, adding coverage for the Australian and New Zealand (ANZ) market. For additional information please visit www.infinigate.com About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
October 31, 2024

Government Organizations Face Surge in Malware and DDoS Attacks, Raising Alarms Over Potential Election Disruption

Newest report highlights some escalating risks to critical infrastructure as election day approaches MILPITAS, Calif. — October 31, 2024 — SonicWall released its latest threat brief focused exclusively on governments, reporting a staggering 236% year-over-year increase in malware-related attacks against government organizations globally during the first quarter of 2024. This alarming trend coincides with a notable 27% rise in attacks in the month leading up to the upcoming election, underscoring the urgent need for enhanced security measures. SonicWall's comprehensive threat intelligence reveals a 33% increase in attacks related to the software supply chain since the start of the year. Additionally, DDoS (Distributed Denial of Service) attacks are on track to surpass last year's figures by 32% - underscoring the escalating risks to critical infrastructure as election day approaches. “As attackers continue to attack critical government services and election-related systems, the importance of multi-layered cybersecurity measures cannot be overstated,” said Executive Director of Threat Research Doug McKee. "In a rapidly evolving threat landscape, the stakes have never been higher. We must  embrace cross-industry collaboration and threat intelligence information sharing  to ensure the integrity of our electoral processes and protect our vital infrastructure from those seeking to exploit  these systems. "  Rising Threats to Election Security The recent Hezbollah pager supply chain attack serves as a stark reminder of how easily everyday devices can be exploited to launch significant cyberattacks. As attackers target seemingly innocuous devices lacking stringent security protocols, the risk extends to critical election infrastructure. For instance, compromised IP cameras, frequently utilized at polling locales, could be weaponized or compromised to disrupt essential operations. SonicWall data highlights the pressing need for vigilance, as the company has successfully thwarted over 12.9 million attacks targeting IP cameras this year alone. These devices, often overlooked in cybersecurity strategies, present an enticing entry point for cybercriminals aiming to undermine public trust in the electoral process.  The Vulnerability of IoT Devices The growing reliance on Internet of Things (IoT) devices within government operations raises significant concerns. Many of these devices, including security systems and smart sensors, lack robust defenses, making them attractive targets for malicious actors. SonicWall emphasizes the urgent need for organizations to implement rigorous security measures to protect against the exploitation of vulnerable devices. The potential consequences of these vulnerabilities extend far beyond traditional cybersecurity threats, threatening the integrity of national infrastructure and electoral security. Call to Action As the election approaches, SonicWall urges government organizations to prioritize cybersecurity by strengthening their defenses against malware and DDoS attacks. By implementing advanced security solutions and enhancing awareness of IoT vulnerabilities, organizations can better safeguard their operations against these escalating threats. For more information about SonicWall and see the Government Threat Brief, please visit https://www.sonicwall.com/resources/brief/2024-threat-brief-government. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
September 25, 2024

SonicWall Report Details 14 Million Victims of Malware Breaches in the U.S. Healthcare Sector

SonicWall discovers 91% of healthcare breaches involve ransomware in 2024 - underscoring the urgent need for improved cybersecurity and strong partnerships with MSPs/MSSPs MILPITAS, Calif. — September 26, 2024 — SonicWall today unveiled a 2024 SonicWall Threat Brief, focused exclusively on the healthcare industry and is based on extensive research from SonicWall Capture Labs. The report reveals that a minimum of 14 million patients in the U.S. have fallen victim to malware breaches in this sector. Despite SonicWall sensors successfully preventing over 26,000 attacks, the findings underscore that healthcare organizations, due to their essential operations and potential for financial gain, remain prime targets for ransomware. Many healthcare organizations operate with limited cybersecurity resources and often rely on outdated technology – making them susceptible to ransomware attacks. SonicWall also determined that an astounding 60% of vulnerabilities were leveraged against Microsoft Exchange. "Understanding the threat landscape is crucial for the healthcare industry to effectively defend against cyberattacks,” said Executive Director, Threat Research at SonicWall Doug McKee. “As ransomware evolves and targets sensitive patient data, organizations must stay informed about emerging threats and vulnerabilities. By equipping themselves with knowledge and robust security measures, healthcare providers can better protect their critical operations and ensure the safety of patient information." Disrupting access to patient data or medical systems can have life-threatening consequences. Because of this, healthcare organizations are more likely to pay ransoms to restore operations quickly. In 2024, ransomware was leveraged in 91% of malware-related data breaches in the healthcare sector, with Lockbit emerging as one of the most notorious ransomware groups targeting this industry. The increasing digitalization of health records and telehealth services further expands the attack surface, making it nearly impossible for healthcare organizations to go it alone. Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) should play a vital role in the healthcare industry by delivering specialized expertise and resources that many organizations lack. As cyber threats become increasingly sophisticated, MSPs/MSSPs can implement robust security measures, monitor systems in real-time, and ensure compliance with regulatory standards. Their proactive approach to cybersecurity helps healthcare providers defend sensitive patient data, minimize downtime, and focus on delivering quality care, ultimately enhancing the resilience of the entire healthcare ecosystem. To learn more about SonicWall’s finding in its 2024 SonicWall Threat Brief, please visit www.sonicwall.com/resources/brief/2024-threat-brief-healthcare. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram. About SonicWall Capture Labs SonicWall Capture Labs threat researchers gather, analyze and vet cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 215 countries and territories. SonicWall Capture Labs, which pioneered the use of artificial intelligence for threat research and protection over a decade ago, performs rigorous testing and evaluation on this data, establishes reputation scores for email senders and content, and identifies new threats in real-time.

Read More
Follow Us

© 2024 SonicWall. All Rights Reserved.

Company
Popular resources
Subscribe to newsletter

Stay In Touch

  • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.