International. The latest cyber threat report highlights increases in ransomware, opportunistic use of the COVID-19 pandemic, systemic weaknesses, and cybercriminals' growing reliance on Microsoft Office files, SonicWall Capture Labs reported.
SonicWall President and CEO Bill Conner said, "This latest cyber threat data shows that cybercriminals continue to transform their tactics to influence the odds in their favor in times of uncertainty. With everyone working more remotely and mobile than ever, businesses are heavily exposed and the cybercriminal industry is well aware of that. Therefore, it is imperative that organizations move away from improvised or traditional security strategies and realize that this new normal in business is no longer new."
Malware decreases globally, but Mexico and Brazil maintain a strong battle
During the first half of 2020, malware attacks globally fell from 4.8 to 3.2 billion (-24%) compared to the same period in 2019. This drop is the continuation of a downward trend that began last November.
There are regional differences in both the amount of malware and the percentage from year to year, which shows a change in the targets of cybercriminals. For example, countries such as the United States (-24%), the United Kingdom (-27%), Germany (-60%) and India (-64%), all experienced a reduction in the volume of malware.
In Latin America, Brazil experienced a reduction of -56%, while activity in Mexico contracted by -3%, figures that align with the trend of decline at the global level. However, this does not mean that cybercriminals stopped attacking, in the case of Brazil in the first half of 2020 they received 69,583,407 malware attacks reaching in June the highest peak with 16,008,648; while Mexico reached the figure of 9,903,771 malware attacks obtaining the most critical point during March with 3,944,488 attempts.
This makes it clear that less malware does not necessarily mean a safer world; in fact, ransomware has come to complicate the situation since during the same period of time there has been a considerable increase globally.
Ransomware attacks raise the stakes again
Despite the global decline in malware volume, ransomware remains the most worrisome threat to corporations and the tool of choice for cybercriminals, rising a staggering 20% (121.4 million) globally in the first half of 2020.
In the case of Latin America, Brazil registered 1,190,092 ransomware attacks, a figure high enough to be placed in sixth place in the Global Top10 of countries with the highest volume of attacks of this type, only surpassed by the US, the United Kingdom, Malaysia, Canada and the Netherlands.
Although this scenario has its variations, such is the case of the United States and the United Kingdom. Where researchers at SonicWall Capture Labs detected 79.9 million ransomware attacks in the U.S. This implies an increase of 109%, compared to the 5.9 million ransomware attacks suffered by the United Kingdom that represent a decrease of 6%. This means that trends by country move based on the behaviors of cybercriminal networks.
"The remote and mobile workforce is at a turning point in the security landscape," said Chad Sweet, Founder and CEO of The Chertoff Group. "It has never been more important for businesses and organizations to prioritize online safety, what could once be seen as a luxury is now a necessity."
Malware-loaded emails used 5 pandemic-related keywords
The combination of the global pandemic and social engineering cyberattacks have proven to be an effective mix for cybercriminals using phishing and other email scams. SonicWall researchers detected an increase in the wave of attacks, scams, and exploits based specifically on COVID-19 and noted a 7% increase in COVID-related phishing attempts during the first two quarters.
In this case, the most used keywords for phishing attacks were Virus with 42.33%, Corona with 32.92%, Quarantine with 9.72%, COVID with 8.77% and Mask with 6.26%.
Office lures remain basic
SonicWall threat researchers found a 176% increase in new malware attacks disguised as trusted Microsoft Office files.
Attacks using Non-Standard Ports are back
As of today, an average of 23% of attacks took place on non-standard ports, the highest mark since SonicWall began tracking this attack vector in 2018.
By sending malware over non-standard ports, assailants can bypass traditional firewall technologies, ensuring greater success for payloads. A "non-standard" port is leveraged by services running on a port other than their default allocation (for example, ports 80 and 443 are standard ports for web traffic).
In this modality, two new monthly records were set during the first two quarters of 2020. In February, attacks on non-standard ports reached 26% before rising to 30% in May. During that month, there was an increase in many specific attacks, such as VBA Trojan Downloader, that may have contributed to the peak.
IoT continues to deliver threats
Employees working from home or remote workforces can present many new risks, including Internet of Things (IoT) devices such as refrigerators, baby cameras, doorbells, or game consoles. IT departments are being besieged with countless devices infesting networks and endpoints as their companies' footprint expands beyond the traditional perimeter.
SonicWall researchers found a 50% increase in IoT malware attacks, a number that reflects the number of additional devices that are connected either as individuals or as home-based businesses. Uncontrolled IoT devices can provide cybercriminals with an open door, putting at risk what until now might have been considered a well-protected organization.
