New Cyber Threat Intelligence Finds Malicious Office Files Spiking, Ransomware Up during COVID-19 Pandemic


Explore the Mid-Year Update to the 2020 SonicWall Cyber Threat Report

With the arrival of the COVID-19 pandemic in the first half of 2020, cybersecurity entered uncharted territory. As organizations worked to connect and secure millions of new remote workers, opportunistic attackers began seizing on the distraction, confusion and lack of preparedness surrounding the pandemic.

We may know how we plan to respond to the “new business normal,” but how are cybercriminals responding? To find out, SonicWall Capture Labs threat researchers have been investigating, analyzing and exploring new threat trends, tactics, strategies and attacks.

“This latest cyber threat data shows that cybercriminals continue to morph their tactics to sway the odds in their favor during uncertain times,” said SonicWall President and CEO Bill Conner. “With everyone more remote and mobile than ever before, businesses are highly exposed and the cybercriminal industry is very aware of that.”

To shed some light on what cybercrime’s new business normal looks like, SonicWall Capture Labs threat researchers are sharing exclusive threat intelligence in the mid-year update to the 2020 SonicWall Cyber Threat Report.

Download the exclusive mid-year report to explore the stories, behaviors and trends that are helping shape our new IT reality from the ground up.

COVID-19 the perfect backdrop for chaos.

SonicWall Capture Labs threat researchers found no shortage of cybercriminals leveraging the fear and uncertainty around the COVID-19 pandemic to get the upper hand. COVID-19 sparked malware across all continents in March, pushing the chance an organization would see a malware attack above 35%. SonicWall began seeing attacks, scams and exploits specifically based around COVID-19 on Feb. 4, and since then have detailed at least 20 different types of attacks across just about every category.

Malware volume dips again.

In 2019, fresh off the previous year’s all-time record high of 10.52 billion attacks, malware dropped 20%, to 4.8 billion malware attacks. Fortunately, during the first six months of 2020, that trend accelerated. SonicWall recorded 3.2 billion malware attacks in the first half of 2020, a 33% drop compared to the same time period last year.

Ransomware continues to climb.

As malware falls, ransomware appears to be taking up the slack. By comparing the first halves of 2019 and 2020 ransomware data, we see that not only is ransomware rising, it’s also rising faster.

Attacks against non-standard ports reach new highs.

For the first half of 2020, both Q1 and Q2 set records for number of attacks going through non-standard ports. In February, non-standard port attacks reached a record of 26% before climbing to an unprecedented 30% in May. The updated report explains why this is a critical issue for organizations.

Office files leveraged for malicious agenda.

In the first half of 2020, Office files and PDFs made up a third of all new malicious files identified by SonicWall Capture Advanced Threat Protection (ATP). What’s more concerning? Malicious Office files are up a staggering 176% this year.

Cryptojacking is alive and well.

After Coinhive closed in March 2019 and attacks plummeted in the second half of the year, the death of cryptojacking seemed imminent. But readily available alternatives and an increase in the value of cryptocurrencies have pushed cryptojacking in North America far above the levels recorded in the second half of 2019.

IoT attacks spike.

With a massive increase in the number of people working from home, criminals now have a potential back door to corporate networks through employees’ (often poorly secured) home IoT devices. Combined with an increase in the number of IoT devices in use and other factors, this has led to a huge increase in the number of IoT attacks.

SonicWall Staff