Content, Content

Ransomware Spikes in U.S., Global Malware Dips 1H 2020, Study

Ransomware attacks spiked dramatically in the U.S. in the first half of 2020 but malware incidents worldwide dropped noticeably, a new SonicWall threat report said.

The period also saw cyber crews opportunistically exploit the coronavirus (COVID-19) pandemic, systemic weaknesses and a growing reliance on Microsoft Office files by cyber criminals, SonicWall said in its newly released 2020 Cyber Threat Report. Global malware attacks fell from 4.8 billion to 3.2 billion (-24%) over 2019’s mid-year total and follows a downward trend that began last November, the security specialist said. While the tumbling number of malware attacks in the U.S. (-24%) is noteworthy, it is less of a dip than in the United Kingdom (-27%), Germany (-60%) and India (-64%), the report said.

As global malware assaults slowed, ransomware incidents worldwide climbed by 20 percent to 121.4 million events during the six-month period, according to SonicWall’s data.

Here are some additional findings:

  • Ransomware spiked by 109% in the U.S.
  • 7% of phishing attacks capitalized on COVID-19 pandemic.
  • 176% increase in malicious Microsoft Office file types.
  • 23% of malware attacks leveraged non-standards ports.
  • 50% rise in IoT malware attacks.

In these uncharted times, organizations must shift from “makeshift or traditional security strategies” to a new business model that is “no longer new,” said Bill Conner, SonicWall president and chief executive. “Cyber criminals can be resourceful, often setting traps to take advantage of people’s kindness during a natural disaster, panic throughout a crisis and trust in systems used in everyday life,” he said.

Cyber gangs capitalize in uncertain times by adapting their tactics to “sway the odds in their favor,“ Conner said. “With everyone more remote and mobile than ever before, businesses are highly exposed and the cyber criminal industry is very aware of that.”

Here are some additional details from the report:

On ransomware.

  • In terms of number of ransomware incidents, the U.S. and U.K. went in opposite directions during the period with the U.S. spiking to nearly 80 million while the U.K. dipped by 6 percent to just shy of 6 million events. SonicWall researchers attributed the trend to “ebb and flow based on the behaviors of agile cyber criminal networks.”

On COVID-19 malware.

  • The combination of the global pandemic and social-engineered cyber attacks proved to be an effective mix for cyber criminals utilizing phishing and other email scams.
  • COVID-19 phishing began rising in March, reaching peaks on March 24, April 3 and June 19.
  • Overall phishing attacks started strong in January but slipped by 15 percent as pandemic-related phishing attempts picked up steam.

On Microsoft Office.

  • New malware attacks disguised as trusted Microsoft Office file types increased by 176%.
  • 22% of Microsoft Office files and 11% of PDF files comprised 33% of all newly identified malware.

On malware spread.

  • California ranked the highest for total malware volume in 2020 but wasn’t in the top half of those ranked.
  • Based on malware spread, Virginia tops the rankings (26.6%), followed by Florida (26.6%), Michigan (26.3%), New Jersey (26.3%) and Ohio (25.3%).

On attack vectors.

  • Overall, an average of 23 percent of attacks occurred over non-standard ports in 1H 2020, the highest watermark since SonicWall began tracking the attack vector in 2018. (A ‘non-standard’ port is leveraged by services running on a port other than its default assignment, e.g., Ports 80 and 443 are standard ports for web traffic.)
  • In February, non-standard port attacks reached 26 percent and rose to an unprecedented 30 percent in May.

On IoT threats.

  • IoT malware attacks increased by 50 percent, reflecting the number of additional devices connected online as individuals and enterprises function from home.

“Cybercriminals are too sophisticated to use known malware variants, so they’re re-imagining and re-writing malware to defeat security controls like traditional sandboxing techniques — and it’s working,” said Conner.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.