SonicWall finds 176% increase in malicious Microsoft Office file types

The trend of increase in ransomware attacks continues as the SonicWall Capture Labs (SonicWall) threat research team finds that despite the global decline of malware volume this year, ransomware attacks increased a staggering 20% (121.4 million) globally in the first half of 2020.

“Remote and mobile workforces are at a turning point on the subject of security,” said Chad Sweet, founder and CEO, The Chertoff Group. “It has never been more prevalent for enterprises and organizations to prioritize online security and make what used to be a luxury, a secured and protected necessity.”

Research of ransomware attacks in the United States and the United Kingdom yielded opposing results. Attacks in the US is up by 109% or 79.9 million ransomware attacks, while the UK is seeing a decreasing trend of 5.9 million or down by 6%.

Report says 37% of millennials believe cybercriminals find them ‘too boring’ to be hacked

Sophos discovers Emotet malware back in action after brief hiatus

The results are part of the SonicWall’s midyear “2020 SonicWall Cyber Threat Report,” which also saw the cybercriminals’ opportunistic use of COVID-19 pandemic.

“Cybercriminals can be resourceful, often setting traps to take advantage of people’s kindness during a natural disaster, panic throughout a crisis and trust in systems used in everyday life,” said SonicWall President and CEO Bill Conner.

Microsoft Office

Cybercriminals also saw a huge opportunity if attacking Microsoft Office because its use may have significantly increased and many companies are relying on it now more than before. SonicWall said cybercriminals were quick to leverage this shift, as threat researchers found a 176% increase in new malware attacks disguised as trusted Microsoft Office file types.

Leveraging SonicWall Capture Advanced Threat Protection (ATP) with Real-Time Deep Memory Inspection (RTDMI) technology, SonicWall discovered that 22% of Microsoft Office files and 11% of PDF files made up 33% of all newly identified malware in 2020. The patent-pending RTDMI™ technology identified a record 120,910 ‘never-before-seen’ malware variants during that time — a 63% increase over the first six months of 2019.


With companies adopting the work-from-home setup up, new risks have emerged since employees use devices outside of the corporate protected network. Smart homes are also opening up opportunities for cybercriminals because owners now use IoT devices extensively.

SonicWall said IT departments are besieged with countless devices swarming networks and endpoints as the footprint of their corporate expands beyond the traditional perimeter.

Researchers at SonicWall found a 50% increase in IoT malware attacks, a number that mirrors the number of additional devices that are connected online as individuals and enterprise alike function from home. Unchecked IoT devices can provide cybercriminals an open door into what may otherwise be a well-secured organization.


During the first half of 2020, global malware attacks fell from 4.8 billion to 3.2 billion (-24%) over 2019’s mid-year total. This drop is the continuation of a downward trend that began last November.

There are regional differences in both the amount of malware and the percentage change year over year, highlighting shifting cybercriminal focus. Attacks in the US are down by 24%, UK decreased by 27%, Germany showed a significant decrease of 60%, and India has the most dramatic reduction at 64%.

SonicWall warns though that “Less malware doesn’t necessarily mean a safer world; ransomware has seen a corresponding jump over the same time period.”