In the first half of
2021, ransomware attacks skyrocketed, eclipsing the entire volume for 2020 in
only six months, according to the mid-year update to the 2021 SonicWall Cyber Threat Report
published today. In a new paradigm for cybercrime, SonicWall is analyzing how
threat actors are using any means possible to further their malicious intents.
With high-profile attacks against established technology and infrastructure,
ransomware is now more prevalent than ever. Through the first half of 2021,
SonicWall recorded global ransomware volume of 304.7 million, surpassing 2020's
full-year total (304.6 million) - a 151% year-to-date increase.
"In a year driven by anxiety and uncertainty, cybercriminals have continued to
accelerate attacks against innocent people and vulnerable institutions," said
SonicWall President and CEO Bill Conner. "This latest data shows that
sophisticated threat actors are tirelessly adapting their tactics and embracing
ransomware to reap financial gain and sow discord. With remote working still
widespread, businesses continue to be highly exposed to risk, and criminals are
acutely aware of uncertainty across the cyber landscape. It's crucial that
organizations move toward a modern Boundless Cybersecurity approach to protect
against both known and unknown threats, particularly when everyone is more
remote, more mobile and less secure than ever."
Ransomware running rampant
After posting record highs in both April and May, SonicWall recorded another
new high of 78.4 million ransomware attacks in June 2021 alone. Ransomware
volume showed massive year-to-date spikes in the U.S. (185%) and the U.K.
(144%). Accounting for 64% of all recorded ransomware attacks, Ryuk, Cerber and
SamSam were the top three ransomware families in the first half of the year, as
recorded by SonicWall Capture Labs.
The top five regions most impacted by ransomware in the first half of 2021 were
the United States, United Kingdom, Germany, South Africa and Brazil. Across the
U.S., the five hardest-hit states were Florida (111.1 million), New York (26.4
million), Idaho (20.5 million), Louisiana (8.8 million) and Rhode Island (8.8
million).
"The continued rise of ransomware, cryptojacking and other unique forms of
malware targeted at monetization, along with their evolution of tactics, are
evidence that cybercriminal activity always follows the money and rapidly
adapts to new opportunities and changing environments," said SonicWall Vice
President of Platform Architecture Dmitriy Ayrapetov.
In line with spikes in global data, SonicWall Capture Labs threat researchers
also recorded alarming ransomware spikes across key verticals, including
government (917%), education (615%), healthcare (594%) and retail (264%)
organizations.
Patented RTDMI finding, blocking more never-seen-before variants than ever
In the fight against known and unknown threats, SonicWall's patented Real-Time
Deep Memory InspectionTM (RTDMI) identified record numbers of never-before-seen
malware, posting a 54% year-to-date increase over the first half of 2020.
RTDMI technology blocks more advanced and unknown malware compared to
traditional behavior-based sandboxing methods, and with a lower false-positive
rate. This can be seen in the latest ICSA Labs Advanced Threat Defense (ATD) Q2 test results,
where the SonicWall Capture Advanced Threat Protection (ATP) service with RTDMI
detected 100% of previously unknown threats with zero false positives across 33
consecutive days of testing.
In its most recent test administered in the second quarter of 2021, ICSA
conducted a total of 1,144 tests against Capture ATP, with a mixture of 544 new
and little-known malicious samples and 600 innocuous applications. Capture ATP
correctly identified 100% of malicious samples while allowing all clean samples
through. It was the sixth consecutive ICSA ATD certification for Capture ATP,
and second ‘perfect score' in as many quarters.
"Third-party validation is hard earned, particularly in today's
fast-moving threat landscape," said SonicWall Vice President of Software
Engineering & Threat Research Alex Dubrovsky. "Consecutive perfect
certifications is a testament to the SonicWall team and our continued quest to
arm organizations with intelligence and technology that help protect them from
the most dangerous cyber threats."
Malware continues to fall, non-standard port attacks down
Last year, SonicWall recorded a drop in global malware attacks, a trend that
continued in the first half of 2021 with a 24% drop in malware volume
worldwide. As threat actors become more sophisticated - using ransomware,
cryptojacking and other types of cyberattacks to launch surgical strikes - the
need for "spray-and-pray" malware attempts has lessened, decreasing overall
volume.
Malware attacks via non-standard ports also fell in 2021 after hitting record
highs in 2020. These attacks, which aim to increase payloads by bypassing
traditional firewall technologies, represent 14% of all malware attempts in the
first half of 2021, down from 24% year to date.
Cryptojacking malware remains a concern
After having made an unexpected revival in 2020, cryptojacking malware
continued to climb through the first half of 2021 as cryptocurrency prices
remain high. From January to June, SonicWall threat researchers recorded 51.1
million cryptojacking attempts, representing a 23% increase over the same
six-month period last year.
Europe was particularly ravaged, recording a 248% year-to-date rise in
cryptojacking malware. This increase highlights the volatile shifts of a market
cybercriminals have come to leverage due to their high desire for online
anonymity when it comes to lucrative payouts.
IoT vector continues to serve threats
Last year, employees packed their belongings and went home in droves,
introducing millions of new devices to the network and millions of openings for
cybercrime. This year, Internet of Things (IoT) malware attacks have continued
to increase, rising 59% year-to-date globally, a trend stemming back to 2018.
While the U.S. saw a slightly smaller 15% year-to-date increase in IoT malware,
Europe and Asia also saw alarming rises of 113% and 190%, respectively, in IoT
malware volume.
SonicWall Capture Labs threat researchers collect and analyze threat
intelligence data from 1.1 million sensors in over 215 countries and
territories. This includes cross-vector, threat-related information shared
among SonicWall security systems, including firewalls, email security devices,
endpoint security solutions, honeypots, content filtering systems and the
SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox;
SonicWall internal malware analysis automation framework; malware and IP reputation
data from tens of thousands of
firewalls and email security devices around the globe; and shared threat
intelligence from more than 50 industry collaboration groups and research
organizations.
To download the full mid-year update of the 2021 SonicWall Cyber Threat Report,
please visit www.sonicwall.com/threatreport.