Sponsored By

SonicWall Research: U.S. Outpaces Globe in Ransomware Attacks

While U.S. ransomware attacks jumped 109%, such attacks increased just 20% globally.

Edward Gately

July 23, 2020

5 Min Read
Ransomware skull and crossbones

New SonicWall research shows U.S. ransomware attacks spiked nearly 110% during the first half of 2020 due to remote workforce vulnerabilities.

That’s according to the midyear update to SonicWall’s 2020 Cyber Threat Report. It highlights increases in ransomware, opportunistic use of the COVID-19 pandemic, systemic weaknesses and cybercriminals’ growing reliance on Microsoft Office files.

The SonicWall research analyzes threat intelligence data gathered from 1.1 million sensors in over 215 countries and territories

While U.S. ransomware attacks jumped 109%, such attacks increased just 20% globally.

Dmitriy Ayrapetov is SonicWall‘s vice president of platform architecture.


SonicWall’s Dmitriy Ayrapetov

“The reason behind the significant jump in ransomware in the U.S. is that it’s effective,” he said. “Ransomware is where the money is, and it’s anonymous and safer to the attacker compared to other types of malware.”

Top Findings

Other findings from the SonicWall research include:

  • A 24% drop in malware attacks globally.

  • Seven percent of phishing attacks capitalized on the pandemic.

  • A 176% increase in malicious Microsoft Office file types.

  • Twenty-three percent of malware attacks leveraged non-standards ports.

  • A 50% rise in IoT malware attacks.

The United States, United Kingdom, Germany and India all saw less malware.

“Cybercriminals are increasingly choosing ransomware instead of malware because there is an additional step to monetization between general malware and ransomware,” Ayrapetov said. “With malware … the attacker then needs to take additional steps toward monetization, which are fraught with risks. They have to either sell or actively use the stolen information in order to monetize, which poses an inherent risk as the act of marketing and selling the data may expose the attacker and lead to law enforcement action.”

Also, there are additional risks if the attacker decides to act directly and access systems with stolen credentials or perform identity fraud with stolen personally identifiable information (PII). This also requires more work, he said.

“With ransomware, the victim is instructed to pay directly via cryptocurrency, and from the attacker’s perspective, the process is anonymous and safe,” Ayrapetov said. “With the increase in remote work setups, there are new opportunities to target people via work-related topics because their systems and networks may not be as protective as an office network.”

Phishing and Email Scams

The combination of the global pandemic and social-engineered cyberattacks has proven an effective mix for cybercriminals using phishing and other email scams. Dating back to early February, SonicWall researchers detected a flurry of increased attacks, scams and exploits specifically based around COVID-19.

With over 1.1 million sensors globally collecting threat intelligence around the clock, the SonicWall research highlights the riskiest U.S. states for malware attacks.

In the U.S., California ranks the highest for total malware in 2020. However, it was not the riskiest state, or even in the top half of those ranked. Rounding out the top five riskiest states based on malware spread: Virginia, followed by Florida, Michigan, New Jersey and Ohio.

Interestingly, organizations in Kansas are more likely to experience a malware encounter, as nearly a third of sensors in the state detected a hit. In contrast, just over a fifth of the sensors in North Dakota logged an attempted malware attack.

Attacks over non-standard ports were the highest since SonicWall began tracking the attack vector in 2018. By sending malware across non-standard ports, assailants can bypass traditional firewall technologies. That ensures increased success for payloads.

Two new monthly records were set during the first two half of 2020. In February, non-standard port attacks reached 26% before climbing to an unprecedented 30% in May.

The increase in IoT attacks mirrors the number of …

… additional devices that are connected online as individuals and enterprise alike function from home. Unchecked IoT devices can provide cybercriminals an open door into what may otherwise be a well-secured organization.

SonicWall Research Reveals Opportunities for MSSPs

“The report absolutely points to challenges/opportunities for MSSPs and other cybersecurity providers,” Ayrapetov said. “Attackers are relishing the opportunities that stem from the confusion/disruption to normal work routines and all the ad-hoc systems to enable remote work. While companies and organizations are now strengthening their security systems after the mad dash to work from home in March, not everyone is moving at the same pace.”

One of the new risks is that a home-based network can become an extension of corporate IT, whether physical networks or cloud infrastructure, he said. Additionally, computers shared or stored in a non-secure environment creates a new angle from which an attacker can get in.

MSSPs should take these aspects into consideration in order to secure home networks, especially since remote work appears to be here to stay. Ways to secure home networks can range across a spectrum:

  • Provide separate, hardened devices for work. That ensures there is no sharing of a machine for home schooling, gaming or work.

  • Isolate employees from their home network via Wi-Fi islands. Provide this with an IT/MSSP managed access point that brings corporate Wi-Fi home. Build necessary VPN tunnels to allow the employee to work as if they’re in the office so that no other device in the home can access that network.

  • Install/provision enterprise-grade security in a firewall form factor that is suitable for the home. Deploy segmentation of the work/home/IoT networks inside the house.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like