2020 SonicWall Cyber Threat Report: Threat Actors Pivot Toward More Targeted Attacks, Evasive Exploits


● Malware, ransomware attack volume down 6% and 9%, due to more targeted attacks
● Connected-device dependence leads to 5% increase in IoT attacks, over 34 million exposed
● Over 40 million web app attacks detected, 52% year-over-year increase
● Encrypted threats up 27%, almost 4 million identified

MILPITAS, Calif. — February 4, 2020 — SonicWall, the trusted security partner protecting more than 1 million networks worldwide, today announced its annual threat report findings, which highlight the evasive tactics cybercriminals leverage to target businesses and consumers.

“Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner. “Now more than ever, it’s imperative that organizations detect and respond quickly, or run the risk of having to negotiate what’s being held at ransom from criminals so embolden they’re now negotiating the terms.”

Rapid response has proven to be invaluable when stopping the damage caused by cyber threats to systems, hardware, daily operations and brand reputation. The SonicWall Capture Advanced Threat Protection (ATP) cloud sandbox service discovered nearly 440,000 malware variants in 2019 (1,200 per day), with findings reported to malware repositories two days ahead of public submissions.

With its patent-pending Real-Time Deep Memory Inspection™ technology, SonicWall identified more than 153,000 never-before-seen malware variants (145% year-over-year increase) — attacks that traditional sandboxes are subject to miss. SonicWall immediately deploys new malware signatures across all active customer solutions, instantly shielding them from attacks.

The 2020 SonicWall Cyber Threat Report provides in-depth information and analysis of the cyber threat landscape. Major findings of the report include:

● Cybercriminals change approach to malware: ‘Spray-and-pray’ tactics that once had malware attack numbers soaring have since been abandoned for more targeted and evasive methods aimed at weaker victims. SonicWall recorded 9.9 billion malware attacks, a slight 6% year-over-year decrease.

● Targeted ransomware attacks cripple victims: While total ransomware volume (187.9 million) dipped 9% for the year, highly targeted attacks left many state, provincial and local governments paralyzed and took down email communications, websites, telephone lines and even dispatch services.

● The Internet of Things (IoT) is a treasure trove for cybercriminals: Bad actors continue to deploy ransomware on ordinary devices, such as smart TVs, electric scooters and smart speakers, to daily necessities like toothbrushes, refrigerators and doorbells. SonicWall Capture Labs threat researchers discovered a moderate 5% increase in IoT malware, with a total volume of 34.3 million attacks in 2019.

● Cryptojacking continues to crumble: The volatile shifts and swings of the cryptocurrency market had a direct impact on threat actors’ interest to author cryptojacking malware. The dissolution of Coinhive in March 2019 played a major role in the threat vector’s decline, plunging the volume of cryptojacking hits to 78% in the second half of the year.

● Fileless malware targets Microsoft Office/Office 365, PDF documents: Cybercriminals used new code obfuscation, sandbox detection and bypass techniques, resulting in a multitude of variants and the development of newer and more sophisticated exploit kits using fileless attacks instead of traditional payloads to a disk. While malware decreased 6% globally, SonicWall observed that most new threats masked their exploits within today’s most trusted files. In fact, Office (20.3%) and PDFs (17.4%) represent 38% of new threats detected by Capture ATP.

● Encrypted threats are still everywhere: Cybercriminals have become reliant upon encrypted threats that evade traditional security control standards, such as firewall appliances that do not have the capability or processing power to detect, inspect and mitigate attacks sent via HTTPs traffic. SonicWall Capture Labs threat researchers recorded 3.7 million malware attacks sent over TLS/SSL traffic, a 27% year-over-year increase that is trending up and expected to climb through the year.

● Side-channel attacks are evolving: These vulnerabilities could impact unpatched devices in the future, including everything from security appliances to end-user laptops. Threat actors could potentially issue digital signatures to bypass authentication or digitally sign malicious software. The recent introduction of TPM-FAIL, the next variation of Meltdown/Spectre, Foreshadow, PortSmash, MDS and more, signals criminals’ intent to weaponize this method of attack.

● Attacks over non-standard ports cannot be ignored: This year’s research indicated that more than 19% of malware attacks leveraged non-standard ports, but found the volume dropping to 15% by year’s end with a total of 64 million detected threats. This type of tactic is utilized to deliver payloads undetected against targeted businesses.

The 2020 SonicWall Cyber Threat Report is the result of threat intelligence collected over the course of 2019 by over 1.1 million sensors strategically placed in over 215 countries and territories. SonicWall Capture Labs threat researchers collected and analyzed over 140,000 daily malware samples, blocked over 20 million daily malware attacks and recorded 9.9 billion malware attacks. SonicWall Capture Labs spotlights attack trends to help organizations and users stay ahead of cyber threats as attackers become more targeted and move into business-critical systems.

To download the complete report, please visit http://www.sonicwall.com/ThreatReport. For current cyberattack data, visit the SonicWall Security Center to see the latest attack trends, types and volume across the world.

SonicWall will be showcasing its latest security solutions at RSA 2020 in San Francisco, Booth 5559, Moscone Center, North Expo Hall.

About SonicWall
SonicWall has been fighting the cybercriminal industry for over 28 years defending small and medium businesses, enterprises and government agencies worldwide. Backed by research from SonicWall Capture Labs, our award-winning, real-time breach detection and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and territories. These organizations run more effectively and fear less about security. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.