SonicWall Research: U.S. Outpaces Globe in Ransomware Attacks

By | Managed Services News

Jul 23

While U.S. ransomware attacks jumped 109%, such attacks increased just 20% globally.

New SonicWall research shows U.S. ransomware attacks spiked nearly 110% during the first half of 2020 due to remote workforce vulnerabilities.

That’s according to the midyear update to SonicWall’s 2020 Cyber Threat Report. It highlights increases in ransomware, opportunistic use of the COVID-19 pandemic, systemic weaknesses and cybercriminals’ growing reliance on Microsoft Office files.

The SonicWall research analyzes threat intelligence data gathered from 1.1 million sensors in over 215 countries and territories

While U.S. ransomware attacks jumped 109%, such attacks increased just 20% globally.

Dmitriy Ayrapetov is SonicWall‘s vice president of platform architecture.

SonicWall's Dmitriy Ayrapetov

SonicWall’s Dmitriy Ayrapetov

“The reason behind the significant jump in ransomware in the U.S. is that it’s effective,” he said. “Ransomware is where the money is, and it’s anonymous and safer to the attacker compared to other types of malware.”

Top Findings

Other findings from the SonicWall research include:

  • A 24% drop in malware attacks globally.
  • Seven percent of phishing attacks capitalized on the pandemic.
  • A 176% increase in malicious Microsoft Office file types.
  • Twenty-three percent of malware attacks leveraged non-standards ports.
  • A 50% rise in IoT malware attacks.

The United States, United Kingdom, Germany and India all saw less malware.

“Cybercriminals are increasingly choosing ransomware instead of malware because there is an additional step to monetization between general malware and ransomware,” Ayrapetov said. “With malware … the attacker then needs to take additional steps toward monetization, which are fraught with risks. They have to either sell or actively use the stolen information in order to monetize, which poses an inherent risk as the act of marketing and selling the data may expose the attacker and lead to law enforcement action.”

Also, there are additional risks if the attacker decides to act directly and access systems with stolen credentials or perform identity fraud with stolen personally identifiable information (PII). This also requires more work, he said.

“With ransomware, the victim is instructed to pay directly via cryptocurrency, and from the attacker’s perspective, the process is anonymous and safe,” Ayrapetov said. “With the increase in remote work setups, there are new opportunities to target people via work-related topics because their systems and networks may not be as protective as an office network.”

Phishing and Email Scams

The combination of the global pandemic and social-engineered cyberattacks has proven an effective mix for cybercriminals using phishing and other email scams. Dating back to early February, SonicWall researchers detected a flurry of increased attacks, scams and exploits specifically based around COVID-19.

With over 1.1 million sensors globally collecting threat intelligence around the clock, the SonicWall research highlights the riskiest U.S. states for malware attacks.

In the U.S., California ranks the highest for total malware in 2020. However, it was not the riskiest state, or even in the top half of those ranked. Rounding out the top five riskiest states based on malware spread: Virginia, followed by Florida, Michigan, New Jersey and Ohio.

Interestingly, organizations in Kansas are more likely to experience a malware encounter, as nearly a third of sensors in the state detected a hit. In contrast, just over a fifth of the sensors in North Dakota logged an attempted malware attack.

Attacks over non-standard ports were the highest since SonicWall began tracking the attack vector in 2018. By sending malware across non-standard ports, assailants can bypass traditional firewall technologies. That ensures increased success for payloads.

Two new monthly records were set during the first two half of 2020. In February, non-standard port attacks reached 26% before climbing to an unprecedented 30% in May.

The increase in IoT attacks mirrors the number of …

About the Author

>