SonicWall's Mid-Year Cyber Threat Report Finds Malicious Microsoft Office Files On Rise, Ransomware Up in US, Globally
MILPITAS, Calif., July 23, 2020 /PRNewswire/ -- The SonicWall Capture Labs threat research team today published the mid-year update to the 2020 SonicWall Cyber Threat Report, highlighting increases in ransomware, opportunistic use of COVID-19 pandemic, systemic weaknesses and growing reliance on Microsoft Office files by cybercriminals.
"Cybercriminals can be resourceful, often setting traps to take advantage of people's kindness during a natural disaster, panic throughout a crisis and trust in systems used in everyday life," said SonicWall President and CEO Bill Conner. "This latest cyber threat data shows that cybercriminals continue to morph their tactics to sway the odds in their favor during uncertain times. With everyone more remote and mobile than ever before, businesses are highly exposed and the cybercriminal industry is very aware of that. It's imperative that organizations move away from makeshift or traditional security strategies and realize this new business normal is no longer new."
Changing Landscape Leads to Waning Malware Volume
There are regional differences in both the amount of malware and the percentage change year over year, highlighting shifting cybercriminal focus. For example, the United States (-24%), United Kingdom (-27%), Germany (-60%) and India (-64%) all experienced reduced malware volume. Less malware doesn't necessarily mean a safer world; ransomware has seen a corresponding jump over the same time period.
Ransomware Attackers Raise Stakes Again
"Remote and mobile workforces are at a turning point on the subject of security," said Chad Sweet, Founder and CEO The Chertoff Group. "It has never been more prevalent for enterprises and organizations to prioritize online security and make what used to be a luxury, a secured and protected necessity."
Comparatively, the U.S. and U.K. are facing different odds. SonicWall Capture Labs threat researchers logged 79.9 million ransomware attacks (+109%) in the U.S. and 5.9 million ransomware attacks (-6%) in the U.K. — trends that continue to ebb and flow based on the behaviors of agile cybercriminal networks.
Malware-laden COVID-19 Emails
As expected, COVI-19 phishing began rising in March, and saw its most significant peaks on March 24, April 3 and June 19. This contrasts with phishing as a whole, which started strong in January and was down slightly globally (-15%) by the time the pandemic phishing attempts began to pick up steam.
Office Lures Remain a Staple
Leveraging SonicWall Capture Advanced Threat Protection (ATP) with Real-Time Deep Memory Inspection™ (RTDMI) technology, SonicWall discovered that 22% of Microsoft Office files and 11% of PDF files made up 33% of all newly identified malware in 2020. The patent-pending RTDMI™ technology identified a record 120,910 'never-before-seen' malware variants during that time — a 63% increase over the first six months of 2019.
"Cybercriminals are too sophisticated to use known malware variants, so they're re-imagining and re-writing malware to defeat security controls like traditional sandboxing techniques — and it's working," said Conner.
What are the Riskiest U.S. States for Malware?
In the U.S., California, home to Silicon Valley, ranked the highest for total malware volume in 2020. However, it was not the riskiest state — or even in the top half of those ranked. Rounding out the top five riskiest U.S. states, based on malware spread, is Virginia (26.6%), Florida (26.6%), Michigan (26.3%), New Jersey (26.3%) and Ohio (25.3%).
Interestingly, organizations in Kansas are more likely to experience a malware encounter, as nearly a third (31.3%) of sensors in the state detected a hit. In contrast, just over a fifth of the sensors in North Dakota (21.9%) logged an attempted malware attack.
This method of tracking malware spread is conducted by calculating the percentage of sensors that detected a malware attack, resulting in more useful and precise information about whether an organization is likely to see malware in an area. The greater the malware spread percentage, the more widespread malware is in a given region.
Attacks Using Non-standard Ports Make Comeback
By sending malware across non-standard ports, assailants can bypass traditional firewall technologies, ensuring increased success for payloads. A 'non-standard' port is leveraged by services running on a port other than its default assignment (e.g., Ports 80 and 443 are standard ports for web traffic).
Two new monthly records were set during the first two quarters of 2020. In February, non-standard port attacks reached 26% before climbing to an unprecedented 30% in May. During that month, there was a surge in many specific attacks, such as VBA Trojan Downloader, that may have contributed to the spike.
IoT Continues to Serve Threats
Researchers at SonicWall found a 50% increase in IoT malware attacks, a number that mirrors the number of additional devices that are connected online as individuals and enterprise alike function from home. Unchecked IoT devices can provide cybercriminals an open door into what may otherwise be a well-secured organization.
To download the full mid-year update, please visit www.sonicwall.com/ThreatReport.
View original content to download multimedia:http://www.prnewswire.com/news-releases/sonicwalls-mid-year-cyber-threat-report-finds-malicious-microsoft-office-files-on-rise-ransomware-up-in-us-globally-301098560.html
The Why and How of Edge Intelligence Tools
Competitive Advantages of Edge Analytics