SonicWall
Newsroom Latest SonicWall Report Reveals Stealthier Threat Actor Behaviors: Cryptojacking Soars as Cyberattacks Increase, Intensify, Diversify

Latest SonicWall Report Reveals Stealthier Threat Actor Behaviors: Cryptojacking Soars as Cyberattacks Increase, Intensify, Diversify

Cover image of the Mid-Year Update 2023 SonicWall Cyber Threat Report.
  • Intrusion attempts climb (+21%), with a record surge in cryptojacking volume (+399%)
  • Cryptojacking volume in North America and Europe jumps (+345%) and (+788%) respectively
  • IoT malware (+37%) and encrypted threats (+22%) also on the rise
  • Opportunistic threat actors target education and government verticals with digital barrage
  • SonicWall discovered 172,146 ‘never-before-seen’ malware variants
  • Lowest first half totals on ransomware attempts (-41%) since 2020, despite big Q2 jump – suggesting a likely rebound over the next 6 months

MILPITAS, Calif. — July 26, 2023 — SonicWall, publisher of trusted cyberattack intelligence and leader of ransomware data, today released the 2023 SonicWall Mid-Year Cyber Threat Report. The bi-annual report uncovers evolving tactical behaviors from digital threat actors as they opt for different types of malicious attacks compared to years past.

Overall intrusion attempts were up, led by the highest year on record for global cryptojacking volume recorded by SonicWall, as threat actors shifted away from traditional ransomware attacks in favor of a stealthier means of malicious activities. The data suggests increased law enforcement activity, heavy sanctions and victims’ refusal to pay ransom demands have altered criminal conduct, and threat actors are targeting other means of revenue.

“The seemingly endless digital assault on enterprises, governments and global citizens is intensifying, and the threat landscape continues to expand,” said SonicWall President and CEO Bob VanKirk. “Threat actors are relentless, and our data indicates they are more opportunistic than ever, targeting schools, state and local governments, and retail organizations at unprecedented rates. The 2023 SonicWall Mid-Year Cyber Threat Report helps us better understand the mindset and criminal behavior that will in turn help SonicWall create the right countermeasures, and help organizations protect themselves by being better prepared and build stronger defenses against malicious activities.”

Rise of Cryptojacking; Evolution of Ransomware

Cybercriminals are diversifying and expanding their skill sets to attack critical infrastructure, making the threat landscape even more complex and forcing organizations to reconsider their security needs. Despite the decline in global ransomware attempts (-41%), a variety of other attacks have trended up globally, including cryptojacking (+399%), IoT malware (+37%) and encrypted threats (+22%).

“SonicWall intelligence suggests that bad actors are pivoting to lower-cost, less risky attack methods with potentially high returns, like cryptojacking,” said SonicWall Vice President of Product Security Bobby Cornwell. “It also explains the reason we’re seeing higher levels of cybercrime in regions like Latin America and Asia. Hackers search for the weakest points of entry, with the lightest possible repercussions, limiting their risk and maximizing their potential profits.”

Financially motivated threat actors continue to be successful despite challenges. They have pivoted to crimes with greater certainty of success but they will not abandon proven tactics like ransomware; they are simply shifting strategy by target rather than exiting altogether.

Prominent attacks continued to plague enterprises, cities, airlines, and even K-12 schools, causing widespread system downtime, economic loss and reputational damage. While several industries followed the global trend of ransomware volume decline, they saw a huge growth in cryptojacking attacks: education (+320X), government (+89X) and healthcare (+69X).

Threat Actors Diversify Cyberattack Strategies

Cybercriminals are using increasingly advanced tools and tactics to exploit and extort victims. While ransomware continues to be a threat, SonicWall Capture Labs threat researchers expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.

The 2023 Mid-Year SonicWall Cyber Threat Report provides insight on a range of cyber threats, including:

  • Malware – Total global malware volume dipped slightly (-2%), in the first half of 2023, with the U.S. and U.K. logging the biggest dips – (-14%) and (-7%) respectively. Surprisingly, malware numbers climbed in every other tracked region. Europe saw an (+11%) increase, while Latin America malware jumped (+19%) – suggesting a geo-migration of threat actor behavior as they move from targeting traditional hotspots to more opportunistic locations.
  • Ransomware – Although overall ransomware numbers saw a -41% decline globally, Q2 suggests a potential rebound, as it spiked 73.7% when compared to Q1. Some countries still felt the sting of ransomware attacks as Germany increased (+52%) and India spiked a whopping (+133%).
  • IoT Malware Global volume rose 37%, totaling almost 78 million hits by the end of June. As connected devices continue to rapidly multiply, bad actors are targeting weak points of entry as potential attack vectors into organizations.
  • Encrypted Threats – Yet another quieter approach embraced by bad actors in the last six months was encrypted threats, which climbed (+22%) globally.

“Every year we see cybercrime increase at a staggering and unprecedented rate, and our customers depend on us protect their most valuable digital assets,” said President and CEO of LAN Infotech Michael Goldstein. “That is why we have partnered with SonicWall for the past 15 years, knowing that they will always deliver cutting-edge products and timely research to provide us with the support we need to keep our customers safe. Reports like the 2023 SonicWall Mid-Year Cyber Threat Report arm the channel with the latest cyber trends and help us become trusted advisors to provide sound security measures to our customers.”

Patented RTDMI Discovered more than 172,000 ‘Never-Before-Seen’ Malware Variants

SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI™) technology identified a total of 172,146 never-before-seen malware variants in the first half of 2023, which is down (-36%) year-over-year, suggesting bad actors are spending less time on research and development, and more time on volume-based attacks – utilizing open-source tools that may be less likely to be intercepted. In addition, threat actors appear to be leverage existing tools – leaning on tools they know will help them be successful.

Despite the dip in never-before-seen malware variants, the threat landscape remains complex, with almost 1,000 strains of new variants discovered each day.

To learn more about SonicWall and get the complete 2023 SonicWall Mid-Year Cyber Threat Report, please visit www.sonicwall.com/threatreport.

About SonicWall Capture Labs

SonicWall Capture Labs threat researchers gather, analyze and vet cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 215 countries and territories. SonicWall Capture Labs, which pioneered the use of artificial intelligence for threat research and protection over a decade ago, performs rigorous testing and evaluation on this data, establishes reputation scores for email senders and content, and identifies new threats in real-time.

About SonicWall

SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on TwitterLinkedInFacebook and Instagram.

Latest Stories

" alt="" />
May 2, 2024

SonicWall Data Reveals the Top Five Most Widespread Network Attacks Used Against Small Businesses

The last two years of firewall telemetry data, paints a clear picture of what attacks are most widespread amongst SMBs – demanding the need for prioritization MILPITAS, Calif. — May 2, 2024 — A review of SonicWall telemetry data suggests that the most widespread network attacks to small businesses (SMBs) are older vulnerabilities with a large amount of publicly available information and affecting major vendors. In light of this data, prioritization is a critically important factor for today’s CISOs who are asked to manage and prioritize risk. “In order to properly prioritize threats, we must first understand what attacks, vulnerabilities, and tactics are being used by our enemies,” said SonicWall Executive Director of Threat Research Doug McKee. “Relying too heavily on one factor (e.g., CVSS scores) can lead to an incomplete view of the risk associated with a vulnerability. Consider all factors together to develop a comprehensive understanding of the risk landscape and prioritize vulnerabilities accordingly.” From January 2022 to March 2024, using SonicWall IPS data, SonicWall determined the most widespread attacks against small businesses. Here are the top five ranked: Log4j (CVE-2021-44228) - 43% of organizations were under attack Fortinet SSL VPN Path Traversal (CVE-2018-13379) - 35% of organizations were under attack Heartbleed (CVE-2014-0160) - 35% of organizations were under attack Atlassian Pre-Auth Arbitrary File Read (CVE-2021-26085) - 32% of organizations were under attack VMware SSRF (CVE-2021-21975) - 28% of organizations were under attack The “newest” vulnerability on this list is almost three years old, and the oldest goes back almost a decade.  This suggests the biggest “win” for small businesses is to ensure they have a solid methodology in place for dealing with well-known vulnerabilities, regardless of the age of the threat. “It is still very relevant to spend time and resources tracking down items like heart bleed and log4j, which is arguably more valuable than worrying about the latest AI threat or zero days in Microsoft with no publicly available exploit,” said McKee. Prioritization is Key Prioritization is a critical factor for today’s CISOs who are asked to manage and prioritize risk.  The largest challenge with supply chain issues like Log4j, is understanding simply – is it used and where?  Product security testing or other forms of deep technical analysis of the product used on your network is vital to ensure a business is protected from threats being used by attackers and therefore should take priority in terms of funding. For more information visit www.sonicwall.com. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
April 25, 2024

Riding a Wave of Momentum, SonicWall Debuts New Cybersecurity Management Platform at RSA Conference 2024

After securing three acquisitions, adding MSP-tailored managed services and cloud security to build out its platform, SonicWall is delivering on partner commitments MILPITAS, Calif. — April 25, 2024 — In recent months, SonicWall reinforced its ongoing commitment to its valued partners and extended its cybersecurity portfolio to include managed security services and cloud edge security solutions that are tailor-made for MSPs (Managed Service Providers) and MSSPs (Managed Security Service Providers). Now, SonicWall and its new solutions, together with its new cybersecurity management platform will be showcased at the RSA Conference 2024 in San Francisco, Calif., May 6-9, at Booth N-5353, North Expo Hall, at the Moscone Center. “An unwavering commitment to SonicWall partners and customers around the globe is, and will continue to be, SonicWall’s priority,” said SonicWall CEO and President Bob VanKirk. “It’s encouraging to experience the remarkable momentum sweeping across our business – It starts with taking an outside in approach and executing on that insight. As a result, SonicWall is proud to demonstrate its updated capabilities and introduce the SonicPlatform, all of which are a direct result of feedback from our partners.” SonicWall returns to RSA Conference in 2024 after introducing its revamped executive leadership team last year. It will provide insightful sessions, new technology demos and one-on-one conversations with SonicWall cybersecurity and MSP experts, and an after-hours networking event. "As a SonicWall partner, it’s invaluable to learn the latest in cybersecurity trends and technologies,” said Logically CEO and SonicWall Partner Joshua Skeens. “This past year we've seen SonicWall transform, becoming even more partner friendly and focused on ensuring we have the security solutions and business tools we need to protect our customers as they do business. With the introduction of the SonicPlatform, SonicWall is ensuring that we are positioned to provide world-class security across multiple solutions in a more cohesive and efficient way." SonicWall Partner Momentum SonicWall’s business momentum is fueled by growth in its partner community – with key new partner wins over the last three quarters as part of a growing trend. SonicWall’s commitment to providing meaningful initiatives to its partners is paying dividends. Within the last 6-months SonicWall has offered: New Customer Deal Registration: Partners can receive additional discounts ranging from 10% for any qualified approved opportunity to up to 50% discount for a qualified new customer. Tier Match +1: For a limited time, SonicWall will beat the loyalty status partners currently hold with a competing firewall manufacturer. Eligible partners can have their SonicWall partner account matched to the closest equivalent tier, plus one for 180 days. Exclusive Partner Support: In addition to flexible subscription pricing, SonicWall offers exclusive technical support in addition to its Service Provider Plan. This offering allows partners priority access to tier two subject matter experts (SMEs) across the SonicWall portfolio – all with an exceptional response time. These and other partner initiatives have led to a 42% increase in partner growth year-over-year, with 63% of new partners transacting within the same quarter they onboarded. Additionally, partners in the Service Provider Program increased 91% year-over-year. SonicPlatform SonicWall is proud to introduce SonicPlatform, an innovative management platform designed to unify SonicWall products into a single integrated interface. SonicPlatform is not only focused on streamlining management tasks; it also delivers deep product integration that enables the sharing of contextual information across all enforcement points. SonicPlatform is built to deliver on a vision of a comprehensive, intuitive, and unified management that greatly simplifies the oversight of both cloud-based and on-premises infrastructures. SonicWall has added numerous security and networking solutions, including endpoint security, wireless access, cloud email security and threat intelligence, along with its recent additions of security service edge (SSE), zero trust network access (ZTNA) and managed security services, such as managed detection and response (MDR). With the platform’s unified backend for threat visibility and simplified workflows, partners will have a highly coherent end-to-end solution. This platform is especially beneficial for MSPs and MSSPs, enabling them to efficiently manage multiple client environments, automate key tasks, reduce operational costs, enhance service delivery, and garner valuable insights—all through a single, user-friendly interface. SonicPlatform serves as a centralized hub for managing all client resources, with key features such as: Unified Console: A single, intuitive interface for managing all clients and their resources. Unified System Health Visibility: Comprehensive insights into the health and performance of clients' products – including maintenance needs. Enhanced Security Management: Advanced capabilities for detecting and mitigating threats. Expanded Inventory Management: Efficient management of clients' resources, including appliances, subscriptions, and licenses, across on-premises and cloud environments. SonicPlatform represents a significant stride towards a more integrated, efficient, and secure management ecosystem for SonicWall's increasingly diverse suite of security solutions. More Information SonicWall leaders and experts will be available during the company’s exhibition hours to demo and answer any questions regarding its recent acquisitions and SonicPlatform. SonicWall | Booth 5353, North Hall | Moscone Center Tues., May 7: 10 a.m. - 6 p.m. PT Wed., May 8: 10 a.m. - 6 p.m. PT Thurs., May 9: 10 a.m. - 2 p.m. PT For more information, or to request a 1-on-1 meeting with a SonicWall cybersecurity expert, please visit SonicWall.com/RSA. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
February 21, 2024

SonicWall Threat Data Exposes Depths of Cyberattacks; Propels the Need for Managed Service Providers (MSPs)

Overall intrusion attempts climb (+20%), as threat actors diversify tactics - increase in attacks around the globe Ransomware intensifies through the year (+27% in 2H) peaking during the summer months (+37%) Total cryptojacking volume – spikes +659% globally IoT exploit (+15%) and encrypted threats (+117%) also on the rise SonicWall discovered 293,989 ‘never-before-seen’ malware variants – 805 a day MILPITAS, Calif. — February 21, 2024 — SonicWall today released the 2024 SonicWall Annual Cyber Threat Report, which exposes all types of cyber behaviors and trends from digital adversaries to help partners build data-driven solutions to keep customers safe. 2023 proved to be a year of volatile, adaptive and creative digital threats, as threat actors continue to be relentless in their assault, leaving organizations looking for another layer of defense. Organizations are increasingly turning to Managed Service Providers (MSPs) to alleviate pressure on IT departments. Managed services have emerged as a game-changing solution, providing organizations with an additional human-layer of defense, addressing alert fatigue, and freeing up valuable resources and time for core business functions. “The SonicWall 2024 Threat Report reveals that the threat landscape continues to grow in complexity and depth as threat actors adopt new tactics and platforms,” said SonicWall President and CEO Bob VanKirk. “It has become clear that conventional network security isn’t enough. Security professionals need assistance to cope with the overwhelming volume of cyberattacks and protect from the endpoint to the cloud. Especially as the cloud becomes an indispensable reality for businesses, the role of MSPs is shifting from technical maintenance to raising the bar on their cutomers security posture.” Overall intrusions numbers climbed, totaling almost 1 billion more attempts compared to the same time as last year. Global cryptojacking volume rose 659% and encrypted threat jumped 117%, as threat actors opted for a stealthier, less risky means of malicious activities. The data illustrates the tenacious and evolving state of cyber threats, underscoring the need for businesses to continually adapt their security strategies, and serves as a call for organizations to lean on MSPs to help identify and remediate threats quickly. Evolved, Diversified Attack Vector “When it comes to protecting your most valuable assets, organizations must remain alert, and deploy proactive cybersecurity measures, and focus on the threats that actually matter,” said SonicWall Executive Vice President of Managed Security Services Michael Crean. “Today’s organizations demand an integrated approach for end-to-end managed threat protection enabling MSPs to help customers navigate the cybersecurity landscape with confidence and resilience – giving them a distinct competitive edge.” Cybercriminals and nation states are adapting their abilities to gain access to critical infrastructure, making the threat landscape even more complex and forcing organizations to reconsider their security needs. The second half of the 2023 saw a barrage of ransomware activity (+27%) and a variety of other attacks have trended up globally annually, including IoT exploit (+15%), intrusion attempts (+20%) and encrypted threats (+117%). "In an era where cyber threats are increasingly sophisticated, MSPs are the frontline defense protecting their customers and helping them spend more of their time managing their business’ needs,” said CTO of Compass MSP and longtime SonicWall partner Alex Tsukanov. “New threats are emerging every day, and MSPs use threat insights to build an actual plan with the necessary capabilities to keep our customers safe, like that found in the SonicWall’s threat report.” SMB to the Enterprise – The Surge Continues While ransomware continues to be a threat, SonicWall Capture Labs threat researchers expect a broader set of actions in 2024, specifically targeting SMBs, governments and the enterprise. SonicWall sensors identify and prevent more than 19,000 threats per day. The 2024 SonicWall Cyber Threat Report provides insight on a range of threats, including: Malware – Total global malware volume rose 11% in 2023, with Latin America and the U.S. logging the biggest jumps – (+30%) and (+15%) respectively. Surprisingly, Europe saw a (-2%) decrease, with the UK seeing the steepest decline of -28%. Ransomware – Overall ransomware numbers saw a -36% decline annually, the summer months and second half of the year suggests a strong rebound, as it spiked +37% during the summer months when compared to the same time last year. IoT Exploit – Global volume rose 15%, as connected devices continue to rapidly multiply, bad actors are targeting weak points of entry as potential attack vectors into organizations. Encrypted Threats – Yet another quieter approach embraced by bad actors in the last year was encrypted threats, which spiked (+117%) globally. Patented RTDMI Discovered more than 294,000 ‘Never-Before-Seen’ Malware Variants SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI™) technology identified a total of 293,989 never-before-seen malware variants in 2023. The threat landscape remains complex, with almost 800 strains of new variants discovered each day. To learn more about SonicWall and get the complete 2024 SonicWall Cyber Threat Report, please visit www.sonicwall.com/threatreport. About SonicWall Capture Labs SonicWall Capture Labs threat researchers gather, analyze and vet cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 215 countries and territories. SonicWall Capture Labs, which pioneered the use of artificial intelligence for threat research and protection over a decade ago, performs rigorous testing and evaluation on this data, establishes reputation scores for email senders and content, and identifies new threats in real-time. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
" alt="" />
February 9, 2024

SonicWall Honors Treasured Partners, Distributors with Annual SonicWall Partner Awards

Select global SonicWall partners and distributors honored for cybersecurity excellence Milpitas, CA – February 9, 2024 — SonicWall acknowledged distinguished partners and distributors for their sustained excellence in protecting customers in an ever-evolving, complex threat landscape with its annual SonicWall Partner Awards. The awards recognize SonicWall partner organizations worldwide that have displayed uncommon excellence on delivering cybersecurity solutions to their customers. “For the past three decades, SonicWall successes have been connected to the achievements of its esteemed partners and distributors,” said SonicWall CEO and President Bob VanKirk. “We’re extraordinarily grateful for our growing community of 17,000 partners and distributors, and we’re thankful for the opportunity to honor those SonicWall SecureFirst partners who have exemplified our values and dedicated themselves to delivering world-class SonicWall security to organizations across the globe.” Partners were nominated in various categories in each region for outstanding performance throughout the past year. For each category of the Partner Awards, SonicWall selected from a large pool of nominees one partner per region who demonstrated consistent excellence over the past year. These partners have delivered tremendous performance, comprehensive expertise and unsurpassed service. SonicWall is pleased to announce the following North American Region winners: Distributor of the Year Ingram Micro Platinum Partner of the Year HOCS Consulting Gold Partner of the Year Black Belt Secure Silver Partner of the Year Strikeworks Solutions DMR Partner of the Year Firewalls.com NSP Partner of the Year Insight MSP Partner of the Year Epicor Enterprise Partner of the Year Logically Public Sector Partner of the Year LANRover Network Services Newcomer of the Year Attronica Sales Hero of the Year Jason Gilmore (BlueAlly) Technical Hero of the Year James Crifasi (RedZone Technologies) Marketing Hero of the Year Edith Liao (BlueAlly) MSP Growth Partner of the Year Exigent Technologies To see all the winners, please visit: https://www.sonicwall.com/partnerawards. SonicWall takes great pride in honoring partners and distributors every year for their special contributions in protecting customers from cyber threats. For more information on the Partner Awards, please visit: https://www.sonicwall.com/partnerawards. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

Read More
Company
Popular resources

Stay In Touch

  • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.

© 2024 SonicWall. All Rights Reserved.