MID-YEAR UPDATE | JULY 2019 2019 SONICWALL CYBER THREAT REPORT Arm Your Business with the Latest Threat Intelligence from the First Half of 2019 SONICWALL CAPTURE LABS 1 MILLION + THREAT NETWORK Sensors 215 + Countries & Territories
24 x 7 x 365 Monitoring
< 24 HOURS Threat Response
140K + Malware Samples Collected Daily
28M + Attacks Blocked Daily 2019 GLOBAL CYBER ARMS RACE 2018 1H 2019 1H
SonicWall recorded more than 4.78 billion malware attacks for the first half of 2019 — a 20% year-to-date 5.99 Billion decrease. 4.78 Billion Global malware volume dips to start 2019, but other attack types rebound. MALWARE INTRUSION WEB APP RANSOMWARE IOT ENCRYPTED CYBERATTACK TRENDS ATTACKS ATTEMPTS ATTACKS ATTACKS MALWARE THREATS � � � 76% � � 55% As global malware 11% 15% volume declines, 4% other attack types
increase during -20% the first half of 2019. �
� � � �
4.8 BILLION 2.0 TRILLION 19.2 MILLION 110.9 MILLION 13.5 MILLION 2.5 MILLION 2019 MALWARE VOLUME: TOP GLOBAL COUNTRIES
2019 Malware Attacks Top Countries Malware attacks � 52.0 are largely down in France -53% 2019 with a few Netherlands � 56.5 +3% exceptions. Germany � 66.5 -63% Switzerland � 75.9 +72%
India (25%), Switzerland Brazil � -4% 121.2
(72%) and the China � -61% 138.3 Netherlands (3%) were � the top countries that Canada -11% 155.4 suffered increased India � +25% 226.9
malware activity. United Kingdom � -9% 313.6
United States � -17% 2,494.5
- 500 1,000 1,500 2.000 2,500 3,000 MILLIONS RANSOMWARE STILL RISING
Ransomware Volume YTD 110.9 Million Ransomware Attacks 1H 2018 1H 2019 Change
U.K. 2.2M 6.4M +195% Ransomware continues to pay dividends for cybercriminals. Global 96.6M 110.9M +15% All told, global ransomware volume U.S. 52.5M 41.7M -21% reached 110.9 million for the first half of 2019, a 15% year-to-date increase. India 1.0M 382K -62%
Germany 5.4M 1.6M -71% RaaS THE EXPLOIT KIT OF CHOICE IN 2019
Globally, cybercriminals are pivoting toward new attack types. Exclusive SonicWall data highlights an escalation in ransomware-as-a-service (RaaS) and open-source malware kits in the first half of 2019.
2018 1H 2019 FAMILY VOLUME TYPE FAMILY VOLUME TYPE Cerber 101.6 Million RaaS Cerber 39.5 Million RaaS BadRabbit 7.8 Million Custom Gandcrab 4.0 Million RaaS Dharma 7.34 Million Custom HiddenTear 4.0 Million Open Source LockyCrypt 6.1 Million Custom CryptoJoker 2.4 Million Open Source CryptoJoker 5.6 Million Open Source Locky 1.8 Million Custom Locky 2.4 Million Custom Dharma 1.5 Million Custom Petya 1.9 Million Custom ATTACKS AGAINST NON-STANDARD PORTS STILL A CONCERN
2018-19 Malware Attacks
Standard Ports Non-Standard Ports An average of 13% of malware attacks came across non-standard ports for the first half of 2019. 80% 80% 83% 82% 85% 89%
Traditional proxy-based firewalls 2018 2019 can’t mitigate attacks over non- standard ports (for both encrypted and non-encrypted traffic). 17% 18% 20% 20% 15% 11%
Q1 Q2 Q3 Q4 Q1 Q2 ENCRYPTED THREATS INTENSIFYING
Encrypted Malware Attacks
600,000
76% 500,000
2.4 Million 400,000 Encrypted Attacks 300,000
Through the first six months of 200,000 2019, SonicWall has logged
2.4 million encrypted attacks, 100,000 almost eclipsing the 2018 full-year total in half the time. 0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2018 2019 MACHINE LEARNING, MULTI-ENGINE SANDBOXES ARE ‘MUST-HAVES’ IN 2019
‘Never-Before-Seen’ Malware Variants Found by RTDMITM SonicWall Capture ATP 45 sandbox and RTDMITM technology have been Thousands 40 39.1 35.0 35.3 dynamically self-learning 35 since early 2018. 30 26.9
25 In 2019, Capture ATP discovered and blocked 194,171 new attack variants, 20 2018 2019 a 45% year-to-date increase over 2018. 15 Of that, RTDMITM identified 74,360 ‘never-before-seen’ malware variants 10 8.9 in 2019. 5 3.5
0 Q1 Q2 Q3 Q4 Q1 Q2 MALICIOUS PDFs, OFFICE FILES REMAIN DANGEROUS THREAT TO BUSINESSES
PDF & Office Threats Found by Capture ATP
45%
39% 40%
SonicWall ATP found new 34% 35% malware variants hidden in 31%
33,616 PDFs and Office files in 30% the first half of 2019. 25% 21% 21% 19% After malicious PDF and Office 20% file attacks peaked at 39% in Q1, volume dropped in Q2. 15% 2018 2019
10%
5%
0 Q1 Q2 Q3 Q4 Q1 Q2 BITCOIN RUN KEEPING CRYPTOJACKING IN PLAY
Crytojacking Volume vs. BTC Price
14 $14,000 52.7 Million 13.11 SonicWall’s patent-pending
Millions Real-Time Deep11.82 Memory Cryptojacking 12 TM $12,000 10.98 Inspection (RTDMI) Attacks mitigates dangerous side- 10 9.56channel attacks utilizing $10,000 9.14 patent-pending technology.8.52 8.23 Halfway through 2019, bitcoin is 8 7.62 $8,000 surging again and is helping Side-channels are the fundamental vehicle used to cryptojacking stay relevant as a 6�16 6 exploit and exfiltrate data $6,000 5.34 5.25 5.43 lucrative option for cybercriminals. from processor vulnerabilities,
4 such as Foreshadow, $4,000 Volume passed 52.7 million for PortSmash, Meltdown, the first six months of the year, Spectre and Spoiler. a 9% increase over the last six 2 $2,000 months of 2018. 0 $- Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun
Cryptojacking Hits Bitcoin Price IOT ATTACKS ESCALATING
Global IoT Malware
In the first half of 9 8.1 2019, SonicWall Millions 8 has already logged 7
13.5 million IoT 6 5.8 attacks, which 5 outpaces the first 4 two quarters 3.5 3.5 2.8 3 of 2018 by 54.6%. 3.1 2.8 2.0 1.9 1.9 2 1.3 1.9 1.8 1.6 1 1.2 1.1 1.1 0.8 - Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2018 2019 GLOBAL PHISHING TRENDING DOWN
Global Phishing Volume
4.5 So far in 2019,
Millions 4.0 SonicWall
3.5 recorded 8.3
3.0 million phishing
2.5 attacks
2.0 worldwide, a 19% dip year 1.5 to date. 1.0
0.5
0.0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2018 2019 This is our mission. To promote global awareness and facilitate important dialogues, SonicWall remains steadfast in its commitment to research, analyze and share threat intelligence. Get the 2019 mid-year update.
Exclusive cyber threat intelligence and analysis. Only from SonicWall Capture Labs. SonicWall.com/ThreatReport