Industry News and Events

SonicWall Defends Businesses, Users from Memory-based Attacks and Zero-Day Malware, Including Malicious PDFs and Office Documents

PRESS RELEASE – April 10, 2018

SonicWall RTDMITM identified more than 3,500 never-before-seen attack variants since January 2018

MILPITAS, Calif. — SonicWall, the trusted security partner protecting more than 1 million networks worldwide, expands the capabilities of the patent-pending SonicWall Real-Time Deep Memory Inspection (RTDMITM) technology to enhance protection against malicious PDFs and Microsoft Office files. A key component of the SonicWall Capture Cloud Platform, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, using RTDMI technology, identified more than 3,500 never-before-seen attack variants since January 1, 2018.

“Cybercriminals are executing with extreme agility to exploit any and all vulnerabilities in both technology and user behavior,” said SonicWall President and CEO Bill Conner. “Memory regions are the next key battlegrounds where organizations will combat cybercriminals. If left unmitigated, they’ll leave a key attack vector vulnerable to new waves of modern cyberattacks.”

First announced in February 2018, RTDMI technology is used by the SonicWall Capture Cloud Platform to identify and mitigate even the most insidious cyber threats, including memory-based attacks. RTDMI proactively detects and blocks unknown mass-market malware — including malicious PDFs and attacks leveraging Microsoft Office documents — via deep memory inspection in real time.

“Attacks are leveraging sophisticated and proprietary encryption techniques to mask their attacks within memory,” said SonicWall CTO John Gmuender. “For this reason, organizations need to be proactive in identifying and mitigating attacks where weaponry only is exposed for up to 100 nanoseconds. More and more malware, ransomware and other advanced attacks will be delivered via this vector in the coming months and years.”

The 2018 SonicWall Cyber Threat Report advises that cybercriminals will continue to leverage users’ trust in PDFs and Microsoft Office applications (which represented five of the top 10 attacked applications of 2017). Because of obfuscation techniques, many legacy firewalls and anti-virus solutions are unable to effectively identify and mitigate PDFs or Microsoft Office file types that contain malicious content.

RTDMI is already operational for SonicWall customers with active subscriptions to SonicWall Capture ATP sandbox service and SonicWall Email Security solutions.

Capture ATP, RTDMI Stop Malicious PDFs, Office Documents

RTDMI is a core multi-technology detection capability included in the SonicWall Capture ATP sandbox service. RTDMI identifies and blocks malware that may not exhibit any detectable malicious behavior or hides its weaponry via encryption.

By forcing malware to reveal its weaponry into memory, RTDMI proactively stops mass-market, zero-day threats and unknown malware accurately utilizing real-time, memory-based inspection techniques. RTDMI also analyzes documents dynamically via proprietary exploit detection technology, along with static inspection, to detect many malicious document categories, including:

  • Malicious Flash-based Microsoft Office documents
  • Dynamic Data Exchange-based (DDE) exploits and malware inside Microsoft Office files
  • Microsoft Office and PDF files containing malware or other malicious executables
  • Malevolent shellcode-based and multi-layer files
  • Macro-based malicious files
  • PDF documents with “JavaScript infectors”
  • JavaScript-based exploits in PDF documents
  • Malicious, phishing-based PDF documents leading to both phishing and malware hosting websites

Earlier this year, SonicWall Capture Labs threat researchers validated that the SonicWall RTDMI technology — specifically the technology’s real-time analysis of instruction and memory usage patterns — is effective against future exploits built on the Meltdown vulnerability.

Meltdown, a processor vulnerability publically announced by Google’s Project Zero security team in January 2018, could allow an attacker to access sensitive information (e.g., passwords, emails, documents) inside protected memory regions on modern processors.

SonicWall Publishes Advanced Cyber Threat Data for SonicWall Customers and Partners

To further aid organizations’ pursuit of protecting their data, networks, customers and brand, SonicWall launched the SonicWall Security Center with all-new, real-time threat meters to provide actionable cyberattack data and threat intelligence

The threat meters display ongoing attacks, as they happen, in locations around the world and maps them by origin. It tracks malware, intrusions, ransomware, encrypted threats, spam, phishing and emerging zero-day threats.

Complementing the research in the 2018 SonicWall Cyber Threat Report, the SonicWall Security Center threat meters rank threat volumes and trends month-over-month and year-over-year, so organizations can make better-informed security decisions. The SonicWall Capture Cloud Platform identified 1,184 new attack variants per business day since the start of February 2018. In March 2018 alone, the average SonicWall customer faced:

  • 2,652 malware attacks, a year-over-year increase of 181 percent
  • 81 ransomware attacks, a year-over-year increase of 562 percent
  • 79 encrypted cyberattacks, a year-over-year increase of 690 percent
  • 11 phishing attacks per day
“Organizations are better prepared to protect their networks and data if they know the volume and specific cyberattack types they are up against,” said Conner. “SonicWall will continue to arm customers and partners with actionable, real-time threat intelligence to help mitigate advanced attacks in the fast-moving cyber arms race.”

The SonicWall Security Center gathers input from more than 1 million Capture Threat Network sensors worldwide, including active SonicWall firewalls, email security solutions, endpoint security devices, honeypots, content-filtering systems and multi‐engine Capture ATP sandbox environments.

To learn more about SonicWall Capture ATP, visit sonicwall.com/Capture.

For More Information

To learn more about SonicWall, or to partner with us, please visit:

About SonicWall

SonicWall has been fighting the cybercriminal industry for over 26 years defending small, medium-size businesses and enterprises worldwide. Backed by research from SonicWall Capture Labs and the formidable resources of over 23,000 loyal channel partners around the globe, our award-winning, real-time breach detection and prevention solutions secure more than a million business and mobile networks and their emails, applications and data. This combination of products and partners has enabled an automated real-time breach detection and prevention solution tuned to the specific needs of the more than 500,000 organizations in over 150 countries. These businesses can run more effectively and fear less about security. For more information, visit www.sonicwall.com.

latest stories

  • SonicWall 威脅資料揭示網路攻擊深度;促進對託管服務提供商 (MSP) 的需求
    隨著威脅行為者採取多樣化策略,總體入侵嘗試量攀升 (+20%) - 全球攻擊數量增加 勒索軟體全年加劇 (2 小時內增加 +27%),在夏季達到頂峰 (+37%) 騎劫挖礦總量 – 全球激增 +659% 物聯網漏洞利用 (+15%) 和加密威脅 (+117%) 也呈上升趨勢 SonicWall 發現了 293,989 種「前所未見」的惡意程式變體 – 每天 805 種 加利...
    Read More
  • SonicWall 履行承諾,透過託管式端點服務提供更大靈活性
    Sonicwall 透過 24/7 安全運營中心 (SOC) 擴展託管式偵測及回應 (MDR) 解決方案,透過託管式解決方案套件推動合作夥伴發展 加利福尼亞州米爾皮塔斯 — 2024 年 2 月 8 日 — 根據其重要的通路合作夥伴之意見反應,Sonicwall 今日宣布其首次提供多項專為 MSP 量身定製的託管服務。SonicWall 將端點供應商新增至其託管式偵測及回應 (MDR) 解決方案,...
    Read More
  • SonicWall 加快發展 SASE 產品;收購可靠的雲端安全提供商
    SonicWall 透過收購 Banyan Security 強化其針對現代遠端辦公員工的雲端安全平台 加利福尼亞州,米爾皮塔斯 — 2024 年 1 月 3 日 — 全球網路安全領導者 SonicWall 今日宣佈收購 Banyan Security,一家為現代員工提供安全服務邊緣 (SSE) 解決方案的領先提供商。此次收購強化了 SonicWall 的產品組合,為正在替換 SSE 解決方案(包...
    Read More