International. SonicWall released its 2025 Annual Cyber Threat Report, revealing a growing wave of cyberattacks targeting small and medium-sized businesses (SMBs).
In 61% of cases, hackers exploit new vulnerabilities in just 2 days, while most organizations take between 120 and 150* days to apply a patch. Ransomware intensifies in North America (+8%) and skyrockets in Latin America (+259%). In addition, 76% of these attacks occur outside of working hours and on weekends, and the most common time of an attack is 4 AM.
According to the company, if cybercriminals used to only focus on large corporations, they now use more precise attacks powered by artificial intelligence, making it clear that SMEs and companies of all sizes cannot fight this battle alone. Having the support of a Managed Service Provider (MSP) has become essential to protect at-risk revenues and safeguard the integrity of brands and organizations.
SMBs are facing a whirlwind of cyber threats as attackers employ automation, artificial intelligence, and advanced evasion techniques to bypass traditional defenses. These ever-evolving tactics make self-protection virtually impossible without dedicated cybersecurity experts. As the attack surface expands and vulnerability exploitation time shrinks, SMBs must prioritize proactive security measures.
"Cybercriminals are operating at unprecedented speed, exploiting new vulnerabilities in a matter of days, while we see that some organizations are taking 120 to 150 days to apply a critical patch," said Bob VanKirk, president and CEO of SonicWall. "Now more than ever, enterprises need the support of an MSP or MSSP with real-time threat monitoring and SOC capabilities. Legacy security solutions are no longer enough; Enterprises must take a new approach to stay ahead of modern cyber threats."
The report underlines, especially for SMEs, why companies of all sizes should not tackle the fight against cybercrime alone. SonicWall is aggressively expanding its network of managed service providers to protect SMBs from ever-evolving cybercriminals.
Increase in cyber threats
SonicWall data also reveals that malware grew 8% year-over-year, while IoT attacks increased 124%. In Latin America, the increase in this type of attack was 119%, suggesting attacks aimed at more specific territories, as there is a greater penetration of connected devices and the frontiers of protection are expanded with the adoption of hybrid work and shared networks. Encrypted threats grew by 93%, while total intrusions decreased, but other areas increased in terms of threats, diversifying across the board.
"Ransomware attacks in Latin America increased by 259%, driven by cybercriminals who focus on more vulnerable markets, where the adoption of new cybersecurity technologies is lagging. This rapid increase highlights the growing threat in our region. The 2025 SonicWall Cyber Threat Report makes it clear: MSSPs and business partners must act now. Real-time threat intelligence, automation, and robust security strategies are critical to staying ahead of the curve. Enterprises need trusted cybersecurity partners that provide 24/7 monitoring and rapid response to stop attacks before they cause damage," said Oscar Chavez Arrieta, executive vice president for Latin America at SonicWall.
SonicWall's patented technologies managed to save the annual revenues of Latin American organizations by 19% on average, which could mean for a US$10 million company, a lifeline of US$1,900,000 million a year.
Key findings:
- AI-powered automation tools lower the barrier to entry while increasing the complexity of attacks: Server-Side Request Forgery (SSRF) attacks became a critical concern in 2024, with a 452% increase, compared to 2023.
- Dramatic increase in business email compromise (BEC) attacks: Nearly one-third of all reported cyber events were BEC attacks, a significant increase from the 9% recorded in 2023.
- Ransomware escalation in 2024: Ransomware was the biggest threat to the healthcare sector, used in 95% of all breaches in this industry.
- Living Off the Land Binaries (LOLBins), a silent threat: LOLBins are critical in fileless malware campaigns, where attackers use native system tools to avoid leaving traces detectable by traditional signature-based solutions.
"The data in this threat report reflects a troubling reality: cybercriminals exploit vulnerabilities at breakneck speed, while organizations are taking too long to respond," said Douglas McKee, executive director, Threat Research at SonicWall. "Our findings show that many businesses are struggling to protect themselves from cyber threats, and the data collected offers a clear view of the growing challenges. From the rise of ransomware to the rise of encrypted and IoT threats, businesses are increasingly at risk."
New malware variants never seen before discovered
SonicWall's patented Real-Time Deep Memory Inspection (RTDMI) technology identified a total of 210,258 never-before-seen malware variants. The threat landscape remains highly dynamic, with more than 630 new malware strains discovered every day. To learn more about SonicWall and access the full 2025 Annual Cyber Threat Report, visit www.sonicwall.com/threat-report.
