Threat Actors Are Moving Faster Than Ever: SonicWall Warns SMBs and Highlights the Importance of Not Fighting Alone

• 61% of the time hackers exploit new vulnerabilities within 2 days – compared to what can take the average organization 120-150* days to apply a patch
• SonicWall detected 210,258 ‘never-before-seen’ malware variants – 637 each day
• In APAC, Malware (-6%), intrusion attempts (-4%), and cryptojacking (-39%) are down, while IoT attacks have surged by 109%
• Ransomware intensifies in North America (+8%) and explodes in LATAM (+259%)
• Malware trended up 8% YoY, including a massive 92% spike in May alone
• IoT attacks (+124%) and encrypted threats (+93%) continue to climb globally
• Identity, cloud, and credential compromise account for 85% actionable alerts

SINGAPORE – Media OutReach Newswire – 26 February 2025 – SonicWall today released the 2025 SonicWall Annual Cyber Threat Report, revealing a continued onslaught of cyberattacks on small and mid-sized businesses (SMBs). Once exclusively targeting large enterprises, threat actors now use more efficient targeting and AI-driven attacks making it clear that SMBs and organizations of all sizes can’t fight this battle alone — relying on the expertise of a trusted Managed Service Provider (MSP) to defend at-risk revenue and protect the integrity of brands and organizations.

SMBs are facing a storm of cyber threats, as attackers leverage automation, AI, and advanced evasion techniques to evade traditional defenses. These evolving tactics make it nearly impossible for businesses to defend themselves without dedicated cybersecurity expertise. As attack surfaces expand and the time to exploit vulnerabilities shrinks, SMBs must prioritize proactive security measures.

“Threat actors are moving at an unprecedented pace, exploiting new vulnerabilities within days, while we’re observing that it takes some organizations 120 to 150 days to apply a critical patch,” said President and CEO Bob VanKirk. “Now more than ever, businesses need the expertise of an MSP/MSSP backed by with real-time threat monitoring and SOC capabilities. Legacy security solutions are no longer enough, businesses must adopt a new mindset to stay ahead of modern cyber threats.”

The report provides insight, in particular for SMBs, and highlights why businesses of all sizes shouldn’t go it alone in the fight against cybercrime. SonicWall is aggressively growing our network of managed service providers to defend SMBs against the ever-evolving threat actors.

“With the increasing speed and sophistication of cyber threats, we needed a partner that could provide real-time threat intelligence and proactive security,” said Nick Sabatini, Vice President of Managed Services at Ubeo. “Ubeo is focused on best-in-class partners that bring innovation and flexibility to meet our customers’ needs, and SonicWall’s SOC services allow us to deliver 24/7 monitoring and rapid threat response, ensuring our customers stay protected without the burden of managing security alone. Their expertise and advanced security solutions empower us to protect businesses against today’s relentless cyberattacks. We’ve seen firsthand how SonicWall’s expanded portfolio and global security reach have helped us better protect our clients and respond to the increasingly sophisticated threat landscape.”

Cyber Threats Surge, Businesses at Risk

SonicWall intelligence found that on average, companies were under critical attack – the type of attack most likely to deplete business resources – for 68 days. Ransomware continues to rise, increasing 8% in North America and surging 259% in Latin America. Malware spiked 8% year-over-year, while IoT attacks jumped 124% and encrypted threats climbed 93%.

The 2025 SonicWall Mid-Year Cyber Threat Report provides insight on a range of threats, including:

• AI Automation Tools Lower Barrier for Entry While Increasing Attack Complexity – Server-Side Request Forgery (SSRF) attacks became a critical cybersecurity concern in 2024, marked by a dramatic 452% increase compared to 2023.
• Staggering Spike in Business Email Compromise (BEC) Attacks – Nearly one-third of all reported cyber events were BEC attacks, up dramatically from only 9% in 2023.
• The Escalation of Ransomware Attacks in 2024 – Ransomware was far and away the biggest threat to the healthcare industry, utilized in 95% of all breaches in this sector.
• Living Off the Land Binaries (LOLBins): No Laughing Matter – LOLBins are integral to fileless malware campaigns, where attackers utilize native system tools to avoid leaving traditional artifacts, thus evading detection by conventional signature-based solutions.
• Cyber threats in APAC are shifting: Malware (-6%), intrusion attempts (-4%), and cryptojacking (-39%) are down, while IoT attacks have surged by 109%.Malware remains a major concern, with APAC accounting for nearly 20% of global malware attacks.

“The data in this year’s threat report underscores a disturbing reality: threat actors are exploiting vulnerabilities at lightning speed, while organizations take far too long to respond,” said SonicWall Executive Director of Threat Research Douglas McKee. “Our findings indicate that organizations struggle to keep their businesses safe from the ever-present cyber threats, and the data that we gather paints a clear picture of the growing challenges they face. From ransomware surges to the rapid rise in IoT and encrypted threats, businesses are increasingly at risk.”

“Threat actors are moving faster than ever, exploiting vulnerabilities with unprecedented speed. As outlined in the 2025 SonicWall Cyber Threat Report, to stay ahead, cybersecurity professionals must not only match but surpass this pace, and they will need help to do it. Leveraging real-time threat intelligence, automation, and proactive defense strategies will help counteract emerging threats before they escalate,” said SonicWall Vice President of Sales, APJ Debasish Mukherjee.

Patented RTDMI Discovered ‘Never-Before-Seen’ Malware Variants

SonicWall’s patented Real-Time Deep Memory Inspection^TM (RTDMI^TM) technology identified a total of 210,258 ‘never-before-seen’ malware variants. The threat landscape remains complex, with over 630 strains of new variants discovered each day.

To learn more about SonicWall and get the complete 2025 SonicWall Mid-Year Cyber Threat Report, please visit www.sonicwall.com/threat-report.

*As cited in Security Intelligence: How Do You Measure the Success of Your Patch Management Efforts?Hashtag: #SonicWall

The issuer is solely responsible for the content of this announcement.

About SonicWall

SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as the leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.