The SonicWall Capture Labs threat research team published the mid-year update to the 2020 SonicWall Cyber Threat Report, highlighting increases in ransomware, IoT malware attacks, opportunistic use of COVID-19 pandemic, systemic weaknesses and growing reliance on Microsoft Office files by cybercriminals.
The analysis shows India, along with a few other countries, have experienced a decrease in malware volume. Interestingly, India experienced 64% reduced malware volume. However, this does not imply that it is a safer world. India’s malware rates plummeted in April, but by June had nearly reached Q1 levels.
The report analyzes threat intelligence data gathered from 1.1 million sensors in over 215 countries and territories. Few salient features of the mid-year update to the 2020 SonicWall Cyber Threat Report are:
24% drop in malware attacks worldwide
50% rise of IoT malware attacks
7% of phishing attacks capitalized on COVID-19 pandemic
176% increase in malicious Microsoft Office file types
Commenting on the cyber threat landscape, Debasish Mukherjee, SonicWall Vice President of Regional Sales, APAC, said, “With more people working from home during the COVID-19 pandemic, the abrupt shift to remote working has sparked an unprecedented increase in cyber threats as opportunistic hackers take advantage of the boundary-less ecosystem.
“Exploiting the new raft of vulnerabilities in less secure situations and preying on fear, cyberspace has seen a significant jump in phishing during global shelter-in-place orders in March and ransomware through the first half of 2020. Cybercriminals are also increasingly using non-standard ports to evade detection and deploy malware, despite a continuation of a downward trend in malware volume since November 2019 and a 32% decline in encrypted threats.”
Changing Landscape Leads to Waning Malware Volume
During the first half of 2020, global malware attacks fell from 4.8 billion to 3.2 billion (-24%) over 2019’s mid-year total. This drop is the continuation of a downward trend that began last November. There are regional differences in both the amount of malware and the percentage change year over year, highlighting shifting cybercriminal focus. For example, the United States (-24%), United Kingdom (-27%), Germany (-60%) and India (-64%) all experienced reduced malware volume.
IoT Continues to Serve Threats
Work-from-home (WFH) employees or remote workforces can introduce many new risks, including Internet of Things (IoT) devices like refrigerators, baby cameras, doorbells or gaming consoles. IT departments are besieged with countless devices swarming networks and endpoints as the footprint of their corporate expands beyond the traditional perimeter.
Researchers at SonicWall found a 50% increase in IoT malware attacks, a number that mirrors the number of additional devices that are connected online as individuals and enterprise alike function from home. Unchecked IoT devices can provide cybercriminals an open door into what may otherwise be a well-secured organization.
“While instituting widespread work-from-home policies to help reduce the risk of contracting the coronavirus, the pandemic has proven lucrative for cyberattackers,” said Debasish. “Recognising the heightened cyber risks is important for companies working remotely, especially without the full protection of corporate firewalls and other security measures. In this hyper-distributed IT reality, businesses should adopt a fundamentally new approach to mitigate cyber threats and have a comprehensive cybersecurity model to do so.”
Malware-laden COVID-19 Emails
The combination of the global pandemic and social-engineered cyberattacks has proven to be an effective mix for cybercriminals utilizing phishing and other email scams. Dating as far back as Feb. 4, SonicWall researchers detected a flurry of increased attacks, scams and exploits specifically based around COVID-19 and noted a 7% increase in COVID-related phishing attempts during the first two quarters.
As expected, COVID-19 phishing began rising in March, and saw its most significant peaks on March 24, April 3 and June 19. This contrasts with phishing as a whole, which started strong in January and was down slightly globally (-15%) by the time the pandemic phishing attempts began to pick up steam.
Office Lures Remain a Staple
Microsoft Office is a necessity with millions of employees now more remote and dependent on the business productivity suite of applications. Cybercriminals were quick to leverage this shift, as SonicWall threat researchers found a 176% increase in new malware attacks disguised as trusted Microsoft Office file types.
Leveraging SonicWall Capture Advanced Threat Protection (ATP) with Real-Time Deep Memory Inspection (RTDMI) technology, SonicWall discovered that 22% of Microsoft Office files and 11% of PDF files made up 33% of all newly identified malware in 2020. The patent-pending RTDMI technology identified a record 120,910 ‘never-before-seen’ malware variants during that time — a 63% increase over the first six months of 2019.