SonicWall has published the mid-year update to its 2020 Cyber Threat Report, highlighting increases in ransomware, opportunistic use of the COVID-19 pandemic, systemic weaknesses and growing reliance on Microsoft Office files by cybercriminals.
The report analyzes threat intelligence data gathered from 1.1 million sensors in over 215 countries and territories.
The latest cyber threat data shows that cybercriminals continue to morph their tactics to sway the odds in their favor during uncertain times. With more employees remote and mobile than ever before, businesses are highly exposed and the cybercriminal industry is very aware of that.
Malware Volume Waning
During the first half of 2020, global malware attacks fell from 4.8 billion to 3.2 billion (-24%) over 2019’s mid-year total. This drop is the continuation of a downward trend that began last November.
There are regional differences in both the amount of malware and the percentage change year over year, highlighting shifting cybercriminal focus. For example, the United States (-24%), United Kingdom (-27%), Germany (-60%) and India (-64%) all experienced reduced malware volume. Less malware doesn’t necessarily mean a safer world; ransomware has seen a corresponding jump over the same time period.
Ransomware Attackers Raising the Stakes
Despite the global decline of malware volume, ransomware continues to be the most serious threat to corporations and the preferred tool for cybercriminals, increasing a staggering 20% (121.4 million) globally in the first half of 2020.
Comparatively, the U.S. and UK are facing different odds. SonicWall Capture Labs threat researchers logged 79.9 million ransomware attacks (+109%) in the U.S. and 5.9 million ransomware attacks (-6%) in the UK – trends that continue to ebb and flow based on the behaviors of agile cybercriminal networks.
Malware-Embedded COVID-19 Emails
The combination of the global pandemic and social-engineered cyberattacks has proven to be an effective mix for cybercriminals utilizing phishing and other email scams. Sinces February, SonicWall researchers detected a flurry of attacks, scams and exploits specifically based around COVID-19, noting a 7% increase in COVID-related phishing attempts during the first two quarters.
COVID-19 phishing began rising in March, and saw its most significant peaks on March 24, April 3 and June 19. This contrasts with phishing as a whole, which started strong in January and was down slightly globally (-15%) by the time the pandemic phishing attempts began to pick up steam.
Increasing Attacks Against Microsoft Office
Microsoft Office is a necessity with millions of remote employees now more dependent on the business productivity suite. Cybercriminals were quick to leverage this shift. SonicWall found a 176% increase in new malware attacks disguised as trusted Microsoft Office file types.
SonicWall discovered that 22% of Microsoft Office files and 11% of PDF files made up 33% of all newly identified malware in 2020. During that time, a record 120,910 ‘never-before-seen’ malware variants were identified – a 63% increase over the first six months of 2019.
Riskiest States for Malware
In the U.S., California, home to Silicon Valley, ranked the highest for total malware volume in 2020. However, it was not the riskiest state – or even in the top half of those ranked. Organizations in Kansas are more likely to experience a malware encounter, as nearly a third (31.3%) of sensors in the state detected a hit.
In contrast, just over a fifth of the sensors in North Dakota (21.9%) logged an attempted malware attack. The top five riskiest U.S. states, based on malware spread, are Kansas (31.3%), Montana (29.0%), Rhode Island (28.3%), Iowa (28.1% and Hawaii (27.7%).
This method of tracking malware spread is conducted by calculating the percentage of sensors that detected a malware attack, resulting in more useful and precise information about whether an organization is likely to see malware in an area. The greater the malware spread percentage, the more widespread malware is in a given region.
Attacks Via Non-standard Ports
Overall, an average of 23% of attacks took place over non-standard ports so far in 2020 – the highest mark since SonicWall began tracking the attack vector in 2018.
By sending malware across non-standard ports, assailants can bypass traditional firewall technologies, ensuring increased success for payloads. A ‘non-standard’ port is leveraged by services running on a port other than its default assignment (e.g., Ports 80 and 443 are standard ports for web traffic).
SonicWall reports that two new monthly records were set during the first two quarters of 2020. In February, non-standard port attacks reached 26% before climbing to an unprecedented 30% in May. During that month, there was a surge in many specific attacks, such as VBA Trojan Downloader, that may have contributed to the spike.
IoT Continues to Serve Threats
Work-from-home employees and remote workforces can introduce many new risks, including Internet of Things (IoT) devices like refrigerators, baby cameras, doorbells or gaming consoles. IT departments are besieged with countless devices swarming networks and endpoints as the footprint of their corporate expands beyond the traditional perimeter.
SonicWall found a 50% increase in IoT malware attacks, a number that mirrors the number of additional devices that are connected online as individuals and enterprise alike function from home. Unchecked IoT devices can provide cybercriminals an open door into what may otherwise be a well-secured organization.
The New Business Normal
From this threat data, SonicWall president and CEO Bill Conner concluded: “Cybercriminals can be resourceful, often setting traps to take advantage of people’s kindness during a natural disaster, panic throughout a crisis and trust in systems used in everyday life. Cybercriminals continue to morph their tactics to sway the odds in their favor during uncertain times.”
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.