International. The 2021 SonicWall Cyber Threat Report highlights how Covid-19 provided threat actors with ample opportunity for more powerful, aggressive, and numerous attacks, thriving on the fear and uncertainty of remote and mobile workforces navigating corporate networks from home.
"2020 offered a perfect storm for cybercriminals and a critical turning point for the cyber arms race," said SonicWall President and CEO Bill Conner. "The pandemic, coupled with remote work, a hectic political climate, record cryptocurrency prices, and threat actors using cloud storage and tools as weapons, pushed the effectiveness and volume of cyberattacks to new highs. This latest threat intelligence offers a look at how cybercriminals changed and refined their tactics, painting a picture of what they are doing amid the uncertain future that awaits them."
The Report highlights the stories that spearheaded 2020 and takes a closer look at new and disruptive cyber threats to provide insights into the evolving cyber threat landscape. Key findings from SonicWall's new detailed report include:
Ransomware reaches new figures with increasingly targeted attacks: a 62% increase in ransomware globally and a 158% increase in North America, points to cybercriminals using more sophisticated tactics and more dangerous variants, such as Ryuk, to earn an easy payday.
In the case of Latin America, two countries ranked in the Top 10 most attacked countries, Mexico in 6th place with 4.2 million ransomware attacks and Brazil number 9 with 3.8 million attacks. The next Latin American country considered in the global list is Colombia, which ranks 18th with 490,000 attacks.
- The Ryuk ransomware emerges from obscurity, sees an astronomical increase: First identified in August 2018, Ryuk did not appear outside of North America, Europe or Asia until January 2020. The following month, Ryuk began climbing the charts, eventually surpassing Cerber-Data Hijacking. With 109.9 million cases detected worldwide, Ryuk was recorded almost every eight seconds in September alone.
More 'never-before-seen' malware variants identified: SonicWall's recently patented Real-Time Deep Memory Inspection™ (RTDMI), a component of the company's Capture Advanced Threat Protection (ATP) sandboxed service, discovered 268,362 'never-before-seen' malware variants in 2020, a 74% year-over-year increase. RTDMI™ has been shown to proactively detect and block unknown mass-market malware, including malicious Office and PDF file types.
- Malicious Office files outperform PDFs that were preferred last year: SonicWall research shows that the shift to full-time employees working from home could be directly related to the increased utilization of Office files and PDFs as malicious vehicles armed with phishing URLs, embedded malicious files and other dangerous vulnerabilities. New data from SonicWall indicates a 67% increase in malicious Office files in 2020, while malicious PDFs fell by 22%.
Cryptojacking returns when cryptocurrency breaks records: Once thought to be a dying attack vector after the industry's top mining operation tackled its online service, cryptojacking is back thanks to the rise in cryptocurrency values and their hidden payments appeal. Total cryptojacking for 2020 set records with 81.9 million views, a 28% increase from last year's total of 64.1 million.
IoT malware increases as the pandemic creates a potential network of disruption: In March 2020, a large number of employees packed up their personal belongings and office equipment to work from home for months, simultaneously creating an explosion of new attack vectors. In 2020, threat researchers at SonicWall Capture Labs recorded 56.9 million IoT malware attempts, a 66% increase that showed shifting tactics for cybercriminals on the prowl.
- Downward malware trend, except Mexico: During 2020, malware worldwide decreased by 43%, a trend shared by most countries, including Brazil, which presented a decrease of 46%. However, the exception to this behavior was Mexico, a country that increased its percentage of malware attacks by 73%, compared to the previous year.
- Intrusion attempts as attack patterns change: The distribution of intrusion attacks took on a completely new character as a result of the changes brought about by the pandemic. In 2020, Directory Traversal tactics (34%) took the top spot after a tie with remote code execution (21% for both) in 2019.
Retail, healthcare, and government face a growing volume of ransomware: Industry-specific ransomware data reflects the impact cybercriminals had on the retail (365%), healthcare (123%), and government (21%) sectors over the course of the pandemic.
Data for the report is collected from more than 1.1 million sensors strategically located in more than 215 countries and territories around the world, as well as cross-vector threat-related information shared between SonicWall's security systems, including firewalls, email security appliances, endpoint security solutions, honeypots, content filtering systems and the multi-engine sandbox of SonicWall Capture Advanced Threat Protection (ATP).
To download the full 2021 SonicWall Cyber Threat Report, visit: www.sonicwall.com/ThreatReport.
