SonicWall�s Mid-Year Cyber Threat Report Finds Malicious Microsoft Office Files On Rise, Ransomware Up in US, Globally

  • 20% jump
    in ransomware globally, 109% spike in United States
  • 24% drop
    in malware attacks worldwide
  • 7% of phishing
    attacks capitalized on COVID-19 pandemic
  • 176%
    increase in malicious Microsoft Office file types
  • 23% of
    malware attacks leveraged non-standards ports
  • 50%
    rise of IoT malware attacks
  • Report
    analyzes threat intelligence data gathered from 1.1 million sensors in over 215
    countries and territories

MILPITAS, CALIFORNIA - Media OutReach - 27 July 2020 -
The SonicWall Capture Labs threat research
team today published the mid-year update to the 2020 SonicWall Cyber Threat
Report, highlighting increases in ransomware, opportunistic use of COVID-19
pandemic, systemic weaknesses and growing reliance on Microsoft Office files by

"Cybercriminals can be resourceful,
often setting traps to take advantage of people's kindness during a natural
disaster, panic throughout a crisis and trust in systems used in everyday
life," said SonicWall President and CEO Bill Conner. "This latest cyber threat
data shows that cybercriminals continue to morph their tactics to sway the odds
in their favor during uncertain times. With everyone more remote and mobile
than ever before, businesses are highly exposed and the cybercriminal industry
is very aware of that. It's imperative that organizations move away from
makeshift or traditional security strategies and realize this new business normal
is no longer new."

Changing Landscape Leads to Waning
Malware Volume

During the first half of 2020, global malware attacks fell from
4.8 billion to 3.2 billion (-24%) over 2019's mid-year total. This drop is the
continuation of a downward trend that began last November.

There are regional differences in both the amount of malware and
the percentage change year over year, highlighting shifting cybercriminal
focus. For example, the United States (-24%), United Kingdom (-27%), Germany
(-60%) and India (-64%) all experienced reduced malware volume. Less malware
doesn't necessarily mean a safer world; ransomware has seen a corresponding
jump over the same time period.

Ransomware Attackers Raise Stakes Again

the global decline of malware volume, ransomware continues to be the most
concerning threat to corporations and the preferred tool for cybercriminals,
increasing a staggering 20% (121.4 million) globally in the first half of 2020.

and mobile workforces are at a turning point on the subject of security," said
Chad Sweet, Founder and CEO The Chertoff Group. "It has never been more
prevalent for enterprises and organizations to prioritize online security and
make what used to be a luxury, a secured and protected necessity."

Comparatively, the U.S. and U.K. are facing different odds. SonicWall Capture
Labs threat researchers logged 79.9 million ransomware attacks (+109%) in the
U.S. and 5.9 million ransomware attacks (-6%) in the U.K. -- trends that
continue to ebb and flow based on the behaviors of agile cybercriminal

Malware-laden COVID-19 Emails

The combination of the global pandemic and social-engineered cyberattacks has
proven to be an effective mix for cybercriminals utilizing phishing and other email
scams. Dating as far back as Feb. 4, SonicWall researchers detected a flurry of
increased attacks, scams and exploits specifically based around COVID-19 and
noted a 7% increase in COVID-related phishing attempts during the first two

As expected, COVID-19 phishing began rising
in March, and saw its most significant peaks on March 24, April 3 and June 19.
This contrasts with phishing as a whole, which started strong in January and
was down slightly globally (-15%) by the time the pandemic phishing attempts
began to pick up steam.

Office Lures Remain a Staple

Office is a necessity with millions of employees now more remote and dependent
on the business productivity suite of applications. Cybercriminals were quick
to leverage this shift, as SonicWall threat researchers found a 176% increase
in new malware attacks disguised as trusted Microsoft Office file types.

SonicWall Capture Advanced Threat Protection (ATP) with Real-Time Deep Memory
Inspection™ (RTDMI) technology, SonicWall discovered that 22% of Microsoft
Office files and 11% of PDF files made up 33% of all newly identified malware
in 2020. The patent-pending RTDMI™ technology identified a record 120,910 'never-before-seen'
malware variants during that time -- a 63% increase over the first six
months of 2019.  

are too sophisticated to use known malware variants, so they're re-imagining
and re-writing malware to defeat security controls like traditional sandboxing
techniques -- and it's working," said Conner. 

What are the Riskiest U.S. States for Malware?

With over 1.1 million sensors
worldwide collecting threat intelligence around the clock, SonicWall's new
'malware spread' data highlights the riskiest U.S. states for malware attacks.

the U.S., California, home to Silicon Valley, ranked the highest for total malware
volume in 2020. However, it was not the riskiest state -- or even in the top
half of those ranked. Rounding out the top five riskiest U.S. states, based on
malware spread, is Virginia (26.6%), Florida (26.6%), Michigan (26.3%), New
Jersey (26.3%) and Ohio (25.3%).

organizations in Kansas are more likely to experience a malware encounter, as
nearly a third (31.3%) of sensors in the state detected a hit. In contrast,
just over a fifth of the sensors in North Dakota (21.9%) logged an attempted
malware attack.

method of tracking malware spread is conducted by calculating the percentage of
sensors that detected a malware attack, resulting in more useful and precise
information about whether an organization is likely to see malware in an area.
The greater the malware spread percentage, the more widespread malware is in a
given region.

Attacks Using Non-standard Ports Make Comeback
Overall, an average of 23% of attacks took
place over non-standard ports so far in 2020 -- the highest mark since SonicWall
began tracking the attack vector in 2018.

By sending malware across non-standard ports, assailants can bypass
traditional firewall technologies, ensuring increased success for payloads. A
'non-standard' port is leveraged by services running on a port other than its
default assignment (e.g., Ports 80 and 443 are standard ports for web traffic).

Two new monthly records were set during the
first two quarters of 2020. In February, non-standard port attacks reached 26%
before climbing to an unprecedented 30% in May. During that month, there was a
surge in many specific attacks, such as VBA Trojan Downloader, that may have
contributed to the spike.

IoT Continues to Serve Threats

Work-from-home (WFH) employees or remote
workforces can introduce many new risks, including Internet of Things (IoT)
devices like refrigerators, baby cameras, doorbells or gaming consoles. IT
departments are besieged with countless devices swarming networks and endpoints
as the footprint of their corporate expands beyond the traditional perimeter.

at SonicWall found a 50% increase in IoT malware attacks, a number that mirrors
the number of additional devices that are connected online as individuals and
enterprise alike function from home. Unchecked IoT devices can provide
cybercriminals an open door into what may otherwise be a well-secured

on the cyber threat landscape, Debasish Mukherjee, SonicWall Vice President of
Regional Sales, APAC, said, "With more people working from home during the
COVID-19 pandemic, the abrupt shift to remote working has sparked an
unprecedented increase in cyber threats as opportunistic hackers take advantage
of the boundary-less ecosystem. Exploiting the new raft of vulnerabilities in
less secure situations and preying on fear, cyberspace has seen a jump in phishing
during global shelter-in-place orders and ransomware in the first half of 2020,
including a 50% spike in IoT attacks.

are also increasingly using non-standard ports to evade detection and deploy
malware, despite a continuation of a downward trend in malware volume since
November 2019 and a 32% decline in encrypted threats."

instituting widespread work-from-home policies help to reduce the risk of
contracting the coronavirus, the pandemic has proven lucrative for cyber attackers.
Recognising the heightened cyber risks is thus important for companies working
remotely, to ensure the security of their company data and systems when
accessing crucial networks without the full protection of corporate firewalls
and other security measures. In this hyper-distributed IT reality, businesses
should adopt a fundamentally new approach to mitigate cyber threats and have a
comprehensive cybersecurity model to do so."

To download the full mid-year update, please visit

To Top