SonicWall
Newsroom SonicWall Defends Businesses, Users from Memory-based Attacks and Zero-Day Malware, Including Malicious PDFs and Office Documents

SonicWall Defends Businesses, Users from Memory-based Attacks and Zero-Day Malware, Including Malicious PDFs and Office Documents

PRESS RELEASE – April 10, 2018

SonicWall RTDMITM identified more than 3,500 never-before-seen attack variants since January 2018

MILPITAS, Calif. — SonicWall, the trusted security partner protecting more than 1 million networks worldwide, expands the capabilities of the patent-pending SonicWall Real-Time Deep Memory Inspection (RTDMITM) technology to enhance protection against malicious PDFs and Microsoft Office files. A key component of the SonicWall Capture Cloud Platform, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, using RTDMI technology, identified more than 3,500 never-before-seen attack variants since January 1, 2018.

“Cybercriminals are executing with extreme agility to exploit any and all vulnerabilities in both technology and user behavior,” said SonicWall President and CEO Bill Conner. “Memory regions are the next key battlegrounds where organizations will combat cybercriminals. If left unmitigated, they’ll leave a key attack vector vulnerable to new waves of modern cyberattacks.”

First announced in February 2018, RTDMI technology is used by the SonicWall Capture Cloud Platform to identify and mitigate even the most insidious cyber threats, including memory-based attacks. RTDMI proactively detects and blocks unknown mass-market malware — including malicious PDFs and attacks leveraging Microsoft Office documents — via deep memory inspection in real time.

“Attacks are leveraging sophisticated and proprietary encryption techniques to mask their attacks within memory,” said SonicWall CTO John Gmuender. “For this reason, organizations need to be proactive in identifying and mitigating attacks where weaponry only is exposed for up to 100 nanoseconds. More and more malware, ransomware and other advanced attacks will be delivered via this vector in the coming months and years.”

The 2018 SonicWall Cyber Threat Report advises that cybercriminals will continue to leverage users’ trust in PDFs and Microsoft Office applications (which represented five of the top 10 attacked applications of 2017). Because of obfuscation techniques, many legacy firewalls and anti-virus solutions are unable to effectively identify and mitigate PDFs or Microsoft Office file types that contain malicious content.

RTDMI is already operational for SonicWall customers with active subscriptions to SonicWall Capture ATP sandbox service and SonicWall Email Security solutions.

Capture ATP, RTDMI Stop Malicious PDFs, Office Documents

RTDMI is a core multi-technology detection capability included in the SonicWall Capture ATP sandbox service. RTDMI identifies and blocks malware that may not exhibit any detectable malicious behavior or hides its weaponry via encryption.

By forcing malware to reveal its weaponry into memory, RTDMI proactively stops mass-market, zero-day threats and unknown malware accurately utilizing real-time, memory-based inspection techniques. RTDMI also analyzes documents dynamically via proprietary exploit detection technology, along with static inspection, to detect many malicious document categories, including:

  • Malicious Flash-based Microsoft Office documents
  • Dynamic Data Exchange-based (DDE) exploits and malware inside Microsoft Office files
  • Microsoft Office and PDF files containing malware or other malicious executables
  • Malevolent shellcode-based and multi-layer files
  • Macro-based malicious files
  • PDF documents with “JavaScript infectors”
  • JavaScript-based exploits in PDF documents
  • Malicious, phishing-based PDF documents leading to both phishing and malware hosting websites

Earlier this year, SonicWall Capture Labs threat researchers validated that the SonicWall RTDMI technology — specifically the technology’s real-time analysis of instruction and memory usage patterns — is effective against future exploits built on the Meltdown vulnerability.

Meltdown, a processor vulnerability publically announced by Google’s Project Zero security team in January 2018, could allow an attacker to access sensitive information (e.g., passwords, emails, documents) inside protected memory regions on modern processors.

SonicWall Publishes Advanced Cyber Threat Data for SonicWall Customers and Partners

To further aid organizations’ pursuit of protecting their data, networks, customers and brand, SonicWall launched the SonicWall Security Center with all-new, real-time threat meters to provide actionable cyberattack data and threat intelligence

The threat meters display ongoing attacks, as they happen, in locations around the world and maps them by origin. It tracks malware, intrusions, ransomware, encrypted threats, spam, phishing and emerging zero-day threats.

Complementing the research in the 2018 SonicWall Cyber Threat Report, the SonicWall Security Center threat meters rank threat volumes and trends month-over-month and year-over-year, so organizations can make better-informed security decisions. The SonicWall Capture Cloud Platform identified 1,184 new attack variants per business day since the start of February 2018. In March 2018 alone, the average SonicWall customer faced:

  • 2,652 malware attacks, a year-over-year increase of 181 percent
  • 81 ransomware attacks, a year-over-year increase of 562 percent
  • 79 encrypted cyberattacks, a year-over-year increase of 690 percent
  • 11 phishing attacks per day

“Organizations are better prepared to protect their networks and data if they know the volume and specific cyberattack types they are up against,” said Conner. “SonicWall will continue to arm customers and partners with actionable, real-time threat intelligence to help mitigate advanced attacks in the fast-moving cyber arms race.”

The SonicWall Security Center gathers input from more than 1 million Capture Threat Network sensors worldwide, including active SonicWall firewalls, email security solutions, endpoint security devices, honeypots, content-filtering systems and multi‐engine Capture ATP sandbox environments.

To learn more about SonicWall Capture ATP, visit sonicwall.com/Capture.

For More Information

To learn more about SonicWall, or to partner with us, please visit:

About SonicWall

SonicWall has been fighting the cybercriminal industry for over 26 years defending small, medium-size businesses and enterprises worldwide. Backed by research from SonicWall Capture Labs and the formidable resources of over 23,000 loyal channel partners around the globe, our award-winning, real-time breach detection and prevention solutions secure more than a million business and mobile networks and their emails, applications and data. This combination of products and partners has enabled an automated real-time breach detection and prevention solution tuned to the specific needs of the more than 500,000 organizations in over 150 countries. These businesses can run more effectively and fear less about security. For more information, visit www.sonicwall.com.

Latest Stories

" alt="" />
November 6, 2024

SonicWall Unveils TZ80: Empowering Service Providers to Deliver Comprehensive Security, Remote Access and Networking Solutions for Branch Offices and SOHO

More Than a Firewall: SonicWall Introduces Integrated Cybersecurity Platform with the TZ80 at the Core of the Market’s Next-Gen SOHO Solution, Featuring: Industry-First Warranties, Cloud Native VPN, Firewall Management and Flexible Pricing MILPITAS, Calif. — November 7, 2024 — SonicWall announced today the launch of the TZ80, a groundbreaking security solution designed specifically for branch offices and small office/home office (SOHO) environments. With its comprehensive, cost-effective package of networking, access, and security solutions, the TZ80 is a subscription-based device designed for service providers and value-added resellers (VARs) – and is set to revolutionize the way they deliver cybersecurity. The SonicWall TZ80 combines performance and price and provides industry leading networking and security capabilities, with advanced threat protection at a low total cost of ownership (TCO), making the TZ80 ideal for branch offices with remote workers, SOHO, IoT, and businesses with small form-factor requirements. This best-in-class firewall platform features built-in integration with cloud-native zero trust network access (ZTNA) and VPN as a service (VPNaaS) for hybrid environments and is backed by world-class technical support, available firewall management and network monitoring, and an industry-first cyber threat warranty. “The TZ80 is more than a firewall; it embodies the future of cybersecurity for managed service providers and their customers,” said SonicWall President and CEO Bob VanKirk. “With this launch, we’re transforming network security by integrating on-premise, hybrid, and cloud technologies into a cohesive solution. Our unified approach enhances security and performance while protecting customer data with modern cloud management and backed by expert services to keep our partners secure in today’s evolving threat landscape.” MSPs can complement their existing firewall monitoring and network operations center (NOC) to enhance their services with SonicWall’s managed security services, who work behind the scenes as a force multiplier for SonicWall partners. The Managed Protection Services Suite (MPSS) bundle provides management for TZ80 devices, with remote implementation, firmware and vulnerability management, and system health monitoring to help MSPs ensure that their customers employ best practices and stay up-to-date for the highest level of protection in today’s threat landscape. “We’ve been looking for a solution like the TZ80, and it’s exciting to see SonicWall deliver precisely what we need,” said President/CEO and SonicWall partner Brian A. Reed of Firewalls.com. “This opens up significant opportunities in the SOHO market for us, and the bundled cloud native VPN adds tremendous value, while the pay-as-you-go model makes it even more accessible. Additionally, the MPSS bundle enhances our offering and helps us stay focused on the core of our business, ensuring our clients stay secure.” To further enhance the value proposition, SonicWall will offer industry-first cybersecurity warranties for the TZ80 and other SonicWall front-line defense products certified by Cysurance. These warranties will help supplement insurance coverage by providing cash for covering deductibles or other out of pocket expenses before insurance kicks in. SonicWall will offer warranties for the TZ80 and other certified products as follows: $100K for a qualifying firewall $200K for a qualifying managed firewall Additionally, SonicWall is excited to introduce its latest and new "3 & Free" promotion. This promotion includes cloud native VPN licenses along with a free next-gen firewall. When purchasing a 3-year Advanced Protection Services Suite (APSS) or Essential Protection Services Suite (EPSS) customers get more than just free firewalls - they also gain comprehensive protection from latest cyber threats. SonicWall remains dedicated to equipping its partners with the tools they need to deliver security outcomes in a rapidly evolving cybersecurity landscape. The TZ80 represents a significant leap forward in delivering scalable, and integrated security solutions via our MSPs for branch offices and SOHO environments. To learn more about SonicWall’s TZ80, the full offering, new warranties and promotions please visit https://www.sonicwall.com/products/firewalls/soho. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />

Infinigate and SonicWall Expand Partnership Across Eastern Europe

SonicWall and Infinigate extend their successful collaboration to cover the Eastern European region, including Balkan countries.   Rotkreuz, Switzerland – November 6, 2024: The Infinigate Group, the leading technology platform and trusted advisor in cybersecurity, cloud and network infrastructure, and SonicWall, a leading cybersecurity innovator and partner-first company, are extending their partnership across Eastern Europe. Infinigate will distribute SonicWall’s entire advanced portfolio of network and endpoint security, Cloud Secure Edge (CSE) and Managed Security Services (MSS) offering channel partners effective solutions to meet the ever-evolving requirements of a broad customer base – from SMB through to enterprise organisations. Spencer Starkey, Executive Vice President at SonicWall said: “The Eastern European market presents a strong opportunity for growth and Infinigate, in view of our long-standing successful collaboration and their reach and experience in this geographical area, is absolutely the right distribution partner for us. Being a channel-first organisation, we value Infinigate’s specialist focus and their technical and market knowledge.” Protecting your business from escalating cyber-attacks has become a priority, as illustrated in Sonic Wall’s 2024 Mid-Year Cyber-Threat Report. Ransomware is on the rise in the Americas, while EMEA is pulling the global numbers down, suggesting improved cybersecurity measures and law enforcement interventions are having a positive impact. “We are delighted to build on our long-standing success with SonicWall and leverage the full potential of this growing region, where cybersecurity is high on the agenda, as illustrated by the NIS2 readiness statistics,” said Denis Ferrand Ajchenbaum, Chief Growth Officer at Infinigate Group and Managing Director of Infinigate Cloud. “As a leading Managed Security Services Distributor, we value SonicWall’s range of managed security services that considerably strengthen our offering in the region,” he added. Doru Manea, RVP East at Infinigate commented: Doru Manea, RVP East at Infinigate, commented: “Bringing SonicWall into our regional portfolio strengthens our ability to support our channel partners across Eastern Europe. With SonicWall’s expertise in cybersecurity, we can better equip our partners to meet the security needs of businesses in this market. Our channel reach and the strong cybersecurity culture in the region are a solid basis for our shared success” About Infinigate The Infinigate Group, the leading technology platform and trusted advisor in Cybersecurity, Cloud & Network Infrastructure covers over 100 countries across EMEA, Australia and New Zealand. In the 2023-2024 financial year the Infinigate Group revenue reached 2.3B€. Our focus and deep technical expertise on cybersecurity, secure networks and secure cloud for SMB and enterprise set us apart. Our 1,250 employees provide locally tailored services complementing a robust central supply chain, sparking growth for our partners, MSSPs and vendors. In 2022, Starlink, Vuzion (now Infinigate Cloud) and Nuvias became part of the Infinigate Group. In 2024, Wavelink became an Infinigate Group company, adding coverage for the Australian and New Zealand (ANZ) market. For additional information please visit www.infinigate.com About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
October 31, 2024

Government Organizations Face Surge in Malware and DDoS Attacks, Raising Alarms Over Potential Election Disruption

Newest report highlights some escalating risks to critical infrastructure as election day approaches MILPITAS, Calif. — October 31, 2024 — SonicWall released its latest threat brief focused exclusively on governments, reporting a staggering 236% year-over-year increase in malware-related attacks against government organizations globally during the first quarter of 2024. This alarming trend coincides with a notable 27% rise in attacks in the month leading up to the upcoming election, underscoring the urgent need for enhanced security measures. SonicWall's comprehensive threat intelligence reveals a 33% increase in attacks related to the software supply chain since the start of the year. Additionally, DDoS (Distributed Denial of Service) attacks are on track to surpass last year's figures by 32% - underscoring the escalating risks to critical infrastructure as election day approaches. “As attackers continue to attack critical government services and election-related systems, the importance of multi-layered cybersecurity measures cannot be overstated,” said Executive Director of Threat Research Doug McKee. "In a rapidly evolving threat landscape, the stakes have never been higher. We must  embrace cross-industry collaboration and threat intelligence information sharing  to ensure the integrity of our electoral processes and protect our vital infrastructure from those seeking to exploit  these systems. "  Rising Threats to Election Security The recent Hezbollah pager supply chain attack serves as a stark reminder of how easily everyday devices can be exploited to launch significant cyberattacks. As attackers target seemingly innocuous devices lacking stringent security protocols, the risk extends to critical election infrastructure. For instance, compromised IP cameras, frequently utilized at polling locales, could be weaponized or compromised to disrupt essential operations. SonicWall data highlights the pressing need for vigilance, as the company has successfully thwarted over 12.9 million attacks targeting IP cameras this year alone. These devices, often overlooked in cybersecurity strategies, present an enticing entry point for cybercriminals aiming to undermine public trust in the electoral process.  The Vulnerability of IoT Devices The growing reliance on Internet of Things (IoT) devices within government operations raises significant concerns. Many of these devices, including security systems and smart sensors, lack robust defenses, making them attractive targets for malicious actors. SonicWall emphasizes the urgent need for organizations to implement rigorous security measures to protect against the exploitation of vulnerable devices. The potential consequences of these vulnerabilities extend far beyond traditional cybersecurity threats, threatening the integrity of national infrastructure and electoral security. Call to Action As the election approaches, SonicWall urges government organizations to prioritize cybersecurity by strengthening their defenses against malware and DDoS attacks. By implementing advanced security solutions and enhancing awareness of IoT vulnerabilities, organizations can better safeguard their operations against these escalating threats. For more information about SonicWall and see the Government Threat Brief, please visit https://www.sonicwall.com/resources/brief/2024-threat-brief-government. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
September 25, 2024

SonicWall Report Details 14 Million Victims of Malware Breaches in the U.S. Healthcare Sector

SonicWall discovers 91% of healthcare breaches involve ransomware in 2024 - underscoring the urgent need for improved cybersecurity and strong partnerships with MSPs/MSSPs MILPITAS, Calif. — September 26, 2024 — SonicWall today unveiled a 2024 SonicWall Threat Brief, focused exclusively on the healthcare industry and is based on extensive research from SonicWall Capture Labs. The report reveals that a minimum of 14 million patients in the U.S. have fallen victim to malware breaches in this sector. Despite SonicWall sensors successfully preventing over 26,000 attacks, the findings underscore that healthcare organizations, due to their essential operations and potential for financial gain, remain prime targets for ransomware. Many healthcare organizations operate with limited cybersecurity resources and often rely on outdated technology – making them susceptible to ransomware attacks. SonicWall also determined that an astounding 60% of vulnerabilities were leveraged against Microsoft Exchange. "Understanding the threat landscape is crucial for the healthcare industry to effectively defend against cyberattacks,” said Executive Director, Threat Research at SonicWall Doug McKee. “As ransomware evolves and targets sensitive patient data, organizations must stay informed about emerging threats and vulnerabilities. By equipping themselves with knowledge and robust security measures, healthcare providers can better protect their critical operations and ensure the safety of patient information." Disrupting access to patient data or medical systems can have life-threatening consequences. Because of this, healthcare organizations are more likely to pay ransoms to restore operations quickly. In 2024, ransomware was leveraged in 91% of malware-related data breaches in the healthcare sector, with Lockbit emerging as one of the most notorious ransomware groups targeting this industry. The increasing digitalization of health records and telehealth services further expands the attack surface, making it nearly impossible for healthcare organizations to go it alone. Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) should play a vital role in the healthcare industry by delivering specialized expertise and resources that many organizations lack. As cyber threats become increasingly sophisticated, MSPs/MSSPs can implement robust security measures, monitor systems in real-time, and ensure compliance with regulatory standards. Their proactive approach to cybersecurity helps healthcare providers defend sensitive patient data, minimize downtime, and focus on delivering quality care, ultimately enhancing the resilience of the entire healthcare ecosystem. To learn more about SonicWall’s finding in its 2024 SonicWall Threat Brief, please visit www.sonicwall.com/resources/brief/2024-threat-brief-healthcare. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram. About SonicWall Capture Labs SonicWall Capture Labs threat researchers gather, analyze and vet cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 215 countries and territories. SonicWall Capture Labs, which pioneered the use of artificial intelligence for threat research and protection over a decade ago, performs rigorous testing and evaluation on this data, establishes reputation scores for email senders and content, and identifies new threats in real-time.

Read More
Follow Us

© 2024 SonicWall. All Rights Reserved.

Company
Popular resources
Subscribe to newsletter

Stay In Touch

  • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.