During the first half of 2020, 1 in 12 SonicWall customers with
DPI-SSL turned on (8.46% average) saw malware on encrypted
traffic. While the total number of encrypted malware attacks is
down 32% over this time last year, a closer look shows some
disturbing trends.
In some places ransomware is getting better. But in others, it’s
getting much worse. In terms of total ransomware, the United
States had far more than any other country, with nearly 80
million ransomware attacks.
This is more than 13 times the number of ransomware attacks in
the next-highest country, U.K.
Like the country-level data, the state-level data shows
one region far outpacing the rest when it comes to total
ransomware attacks.
Due to its low barrier of entry, ease of use and anonymous
payouts, ransomware continues to grow — and is growing at an
increasing clip. By mid-year 2019, global ransomware was up
15%.
This year, it’s up 20%.
Within this 20% lies a great deal of variation, however.
SonicWall recorded 1.8 billion
malware hits in the United
States through June 2020
— more than four times
the next-highest ranked
(U.K., with 231.9 million). So
why aren’t these countries
the riskiest?
Malware totals are useful
in calculating trends, but
they’re of limited usefulness
when determining relative
risk: They ignore factors such
as size, population, number
of sensors and more.
In the U.S., California had by far the
largest number of malware hits,
with 304.1 million total. But it isn’t
the riskiest state — or even in the
top half.
You’re most likely to encounter
malware in Kansas, where nearly
a third, or 31.3%, of sensors saw
a hit.
Depends on where you are.
After a spike in March, malware took a dive in April. Over
the last few months, however, it’s begun to rise again. This
shows some connection with the rate at which COVID-19
cases are being diagnosed. As protective measures began
to be lifted in May and June, cases began rising again, as did
malware attacks.
Instituting widespread work-from-home policies in response
to the COVID-19 pandemic was the right thing to do, both
from a business continuity standpoint and from an employee
safety standpoint.2-2
The downside is that organizations are more distributed
than ever before — and this is having an impact on how
cybercriminals approach the targeting and deployment
of malware.
In the first half of 2020, Office files and PDFs made up a third
of all new malicious files identified by Capture ATP. For the
first half of 2019, PDFs showed an edge over Office 365 files,
outpacing them 36,488 to 25,461.
So far in 2020, we’ve seen a major reversal: While 8% fewer
PDF files were uncovered, the number of Office files identified
has exploded, climbing to 70,184 — a 176% increase.
The number of new malware variants found by SonicWall
Capture Advanced Threat Protection (ATP) with Real-Time
Deep Memory InspectionTM continues to rise: During the
first six months of 2020, the pair discovered 315,395 new
malware variants.
Each year has brought significant advancements, and the first
half of 2020 is no exception.
This list is often leveraged by the greater
security industry as a framework to protect
against common web app attacks.
Unfortunately, this dynamic also provides
cybercriminals with a better blueprint from
designing attacks.
Currently, the top known web attacks include
SQL injection, directory traversal, cross-site
scripting (XSS), broken authentication and
session management, cross-site request
forgery (CSRF) security misconfigurations,
sensitive data exposure and more.