IoT malware attacks, cryptojacking
© Daniil Peshkov

SonicWall today (24 July) released the updated 2019 SonicWall Cyber Threat Report, which found that IoT malware attacks and encrypted threats are increasing

• Ransomware volume up 15% globally year to date
• Encrypted threats spike 76%
• IoT malware attacks up 55%
• Malware attacks across non-standard ports dip 13%
• With bitcoin value spiking, cryptojacking volume up 9%

New data found an escalation in ransomware-as-a-service, open-source malware kits and cryptojacking used by cybercriminals.

“Organizations continue to struggle to track the evolving patterns of cyberattacks — the shift to malware cocktails and evolving threat vectors — which makes it extremely difficult for them to defend themselves,” said SonicWall President and CEO Bill Conner.

“In the first half of 2019, SonicWall Real-Time Deep Memory Inspection (RTDMI) technology unveiled 74,360 ‘never-before-seen’ malware variants. To be effective, companies must harness innovative technology, such as machine learning, to be proactive against constantly-changing attack strategies.”

Ransomware-as-a-Service: The exploit kit of choice

While global malware volume is down 20%, SonicWall Capture Labs threat researchers found a 15% increase in ransomware attacks globally and a 195% surge in ransomware within the United Kingdom. SonicWall threat researchers accredit this to criminals’ new preference of ransomware-as-a-service (RaaS) and open-source malware kits.

IoT dispersing Malware at record pace

As businesses and consumers continue to connect devices to the internet without proper
security measures, IoT devices have been increasingly leveraged by cybercriminals to dispense malware payloads. In the first half of 2019, SonicWall observed a 55% increase in IoT attacks, a number that outpaces the first two quarters of the previous year.

Bitcoin run keeping cryptojacking in play

Cryptojacking volume hit 52.7 million for the first six months of the year, a 9% increase over the last six months of 2018.This rise can be partially attributed to the rise in bitcoin and Monero prices, helping cryptojacking stay relevant as a lucrative option for cybercriminals. Coinhive remains the top cryptojacking signature despite the service closing in March 2019. One reason for the high detection is that compromised websites have not been cleaned since the infection, even though the Coinhive service is non-existent and the URL has been abandoned.

Attacks against non-standard ports still a concern

Cybercriminals have their sights set on non-standard ports for web traffic as a manner to deliver their payloads undetected. Based on a sample size of more than 210 million malware attacks recorded through June 2019, Capture Labs monitored the largest spike on record since tracking the vector when one-quarter of malware attacks came across non-standard ports in May 2019 alone.

Malicious PDFs, Office files remain dangerous to businesses

Traditional PDFs and Office files continue to be routinely leveraged to exploit users’ trust and experience to deliver malicious payloads. In February and March 2019, SonicWall Capture Labs threat researchers found that 51% and 47% of ‘never-before-seen’ attacks, respectively, came via PDFs or Office files.

To download the complete report, please visit For current cyberattack data, visit the SonicWall Security Center to see latest attack trends, types and volume across the world.


Please enter your comment!
Please enter your name here