Back to top

SonicWall 2019 Mid-Year Threat Report Shows Worldwide Malware Decrease of 20%.

Ransomware volume up 15% globally year to date

SonicWall 2019 Mid-Year Threat Report Shows Worldwide Malware Decrease of 20%

1st August 2019


SonicWall today announced the findings from its mid-year update of the 2019 SonicWall Cyber Threat Report, based on real-world data from more than 1 million international security sensors in over 200 countries. New data found an escalation in ransomware-as-a-service, open-source malware kits and cryptojacking used by cybercriminals.

“Organizations continue to struggle to track the evolving patterns of cyberattacks — the shift to malware cocktails and evolving threat vectors — which makes it extremely difficult for them to defend themselves,” said SonicWall President and CEO Bill Conner. “In the first half of 2019, SonicWall Real-Time Deep Memory Inspection (RTDMI) technology unveiled 74,360 ‘never-before-seen’ malware variants. To be effective, companies must harness innovative technology, such as machine learning, to be proactive against constantly-changing attack strategies.”

Ransomware-as-a-Service: The Exploit Kit of Choice

While global malware volume is down 20%, SonicWall Capture Labs threat researchers found a 15% increase in ransomware attacks globally and a 195% surge in ransomware within the United Kingdom. SonicWall threat researchers accredit this to criminals’ new preference of ransomware-as-a-service (RaaS) and open-source malware kits.

IoT Dispersing Malware at Record Pace

As businesses and consumers continue to connect devices to the internet without proper security measures, IoT devices have been increasingly leveraged by cybercriminals to dispense malware payloads. In the first half of 2019, SonicWall observed a 55% increase in IoT attacks, a number that outpaces the first two quarters of the previous year.

Bitcoin Run Keeping Cryptojacking in Play

Cryptojacking volume hit 52.7 million for the first six months of the year, a 9% increase over the last six months of 2018. This rise can be partially attributed to the rise in bitcoin and Monero prices, helping cryptojacking stay relevant as a lucrative option for cybercriminals. Coinhive remains the top cryptojacking signature despite the service closing in March 2019. One reason for the high detection is that compromised websites have not been cleaned since the infection, even though the Coinhive service is non-existent and the URL has been abandon.

Attacks Against Non-Standard Ports Still A Concern

Cybercriminals have their sights set on non-standard ports for web traffic as a manner to deliver their payloads undetected. Based on a sample size of more than 210 million malware attacks recorded through June 2019, Capture Labs monitored the largest spike on record since tracking the vector when one quarter of malware attacks came across non-standard ports in May 2019 alone.

Malicious PDFs, Office Files Remain Dangerous to Businesses

Traditional PDFs and Office files continue to be routinely leveraged to exploit users’ trust and experience to deliver malicious payloads. In February and March 2019, SonicWall Capture Labs threat researchers found that 51% and 47% of ‘never-before-seen’ attacks, respectively, came via PDFs or Office files.

To download the complete report, please visit For current cyberattack data, visit the SonicWall Security Center to see latest attack trends, types and volume across the world.

Categories: Articles, Tech

Discover Our Awards.

See Awards

You Might Also Like