SonicWall Report Finds Misconfigurations Driving Surging Cyberattacks in 2025

Simple errors like default passwords and exposed admin panels fueled widespread attacks in 2025

MILPITAS, Calif. — September 16, 2025 — SonicWall today released a new threat brief, revealing that misconfigurations have fueled more than 9.5 million cyberattacks in the first half of the year. The report highlights how basic errors such as directory access misconfigurations, accidental data exposure and authentication failures continue to drive breaches despite the widespread availability of security tools.

According to the report, nearly 70% of organizations faced at least one authentication bypass attempt between January and June. Many incidents were linked to long-standing vulnerabilities like Fortra GoAnywhere MFT, which attackers continue to exploit years after its initial discovery. Consulting services firms were disproportionately impacted, accounting for 46% of all misconfiguration-related detections.

“While the cybersecurity industry often focuses on zero-day exploits and advanced persistent threats, attackers are still finding success through simple missteps,” said Doug McKee, Executive Director of Threat Research at SonicWall. “The fact that misconfigurations remain one of the leading causes of breaches shows that organizations need better visibility, consistent processes and operational support to avoid repeating the same mistakes.”

The threat brief notes that approximately 88% of misconfigurations fall into three categories:

• Directory access misconfigurations (45%)
• Accidental data exposure (24%)
• Authentication failures (19%)

Gartner projects that 99% of cloud security failures will be customer-side misconfigurations by year-end, further underscoring the urgency for organizations to address configuration drift and operational discipline.

SonicWall solutions, such as its Managed Protection Security Suite (MPSS) and SonicSentry MXDR, provide 24/7 monitoring, configuration management, and rapid response for organizations that lack internal bandwidth. Combined with tools like Network Security Manager (NSM), SonicWall AI Monitoring and Insights (SAMI), and Cloud Secure Edge (CSE), customers gain unified control and Zero Trust capabilities across endpoints, networks and identity systems.

“Misconfigurations are not obscure technical flaws; they are operational challenges that persist because they are difficult to manage at scale,” continued McKee. “SonicWall is committed to helping organizations overcome these challenges with a combination of technology, people and processes that reduce complexity and strengthen protection.”

The full September 2025 Threat Brief is available here: https://www.sonicwall.com/resources/brief/sonicwall-threat-brief-2025-the-misconfiguration-epidemic

About SonicWall
SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.