Threat Intelligence, Threat Management, Threat Hunting, MSSP, MSP, Channel partners

SonicWall Report Channels MSSP/MSP Threat Defense Strategy

Share
Credit: Adobe Stock Images

One of the key focuses SonicWall's 2024 Mid-Year Cyber Threat Report is a deep look at supply chain attacks. It's part of a new focus as the company has pivoted its reports to serve as a resource of actionable insights that its channel partners — MSSPs and MSPs in particular — can use in their conversations with their end-customers.

For the first time, the report ties attacks to tangible business impact, including potential revenue risk, SonicWall said. The report has evolved in how it measures critical cyber threat data to include time as a factor.

“In previous years, we would have highlighted and dug deep on topics like malware, ransomware and IoT threats,” Douglas McKee, SonicWall executive director of Threat Research, told MSSP Alert. “This year, while those numbers are still included, we focused on actual threats we’re seeing and what MSPs/MSSPs can do to build solid defensive strategies to help prevent these types of attacks.”

For MSPs/MSSPs, leveraging timely trends and actionable intelligence from the report will help them offer more effective and proactive cybersecurity services to their clients, according to McKee.

“It helps in not only mitigating current risks but also in preparing for future threats, thereby enhancing overall security resilience and client satisfaction,” he said.

SonicWall’s Full Focus on the Channel

SonicWall operates as a “100% channel company” and is in the MSSP business itself.

“We are listening more and talking less and getting in front of pain points MSPs and MSSPs face,” McKee said. “We even acquired a master MSSP in Solutions Granted, and we continue to strengthen our market presence and extend our reach through strategic partnerships with MSSPs and MSPs.”

By offering comprehensive channel partner programs, including incentives, training and marketing support, SonicWall helps service providers to integrate and deliver its security products.

“These partnerships enhance SonicWall's ability to address diverse customer needs across SMBs (small and medium-sized businesses) and enterprises, leveraging MSSPs' and MSPs' expertise in managed security services,” McKee said. “Literally, our offerings and products are being designed in consultation with SonicWall partner MSPs/MSSPs.”

The Growing Threat of Supply Chain Attacks

Among the key findings, which may be of particular interest to MSSPs and MSPs, SonicWall found supply chain attacks are on the rise. These attacks exploit the interconnectedness of modern enterprises, targeting vulnerabilities in third-party software and services to compromise broader networks.

McKee emphasized that while supply chain security impacts every organization it's especially critical for MSPs and MSSPs.

“Unlike typical end-users, they are integral to the supply chain, managing both software and hardware for their clients,” McKee told MSSP Alert. “Therefore, it is crucial for them to thoroughly understand and assess the risks associated with each component they deploy. Staying informed about the latest tactics, techniques, and procedures used in supply chain attacks and being proactively prepared to defend against them is imperative for maintaining robust security.”

SonicWall reports that the first half of 2024 has seen numerous highly-publicized incidents, such as the JetBrains TeamCity authentication bypass — underscoring the widespread nature and severe consequences of these attack.

SonicWall’s analysis highlights that older vulnerabilities remain a significant risk, particularly for SMBs with limited resources. For example, SonicWall pointed to March 2024 when cybercriminals exploited vulnerabilities in JetBrains TeamCity, a popular CI/CD tool. It’s research determined that attackers could bypass authentication mechanisms by rendering a 404 response and manipulating the JSP query parameter, potentially gaining full control over the affected systems.

The Cybersecurity and Infrastructure Security Agency (CISA) added the JetBrains vulnerability (CVE-2024-27198) to its Known Exploited Vulnerabilities catalog. Meanwhile, SonicWall’s telemetry data revealed that threat actors exploiting the vulnerability targeted 16% of its customers, displaying the ease of exploitation and the value this vulnerability had to threat actors.

Of these attacks, 83% occurred in March, followed by a significant decline in subsequent months. This underscores the critical importance of prompt patching, as attackers frequently exploit the window of time organizations need to implement patches, SonicWall said. The report references industry data showing that on average it took organizations 55 days to patch even 50% of critical vulnerabilities.

Malware, Ransomware Trend Upward

The 2024 SonicWall Mid-Year Cyber Threat Report provides insight on a range of threats, including:

  • Malware. Total global malware volume rose 30% in the first half of 2024, seeing a massive 92% increase in May alone.
  • Ransomware. Ransomware is trending up with an increase of 15% in NOAM and a resounding +51% in LATAM, but EMEA is pulling the global numbers down, logging a 49% decrease.
  • Internet of Things (IoT) Malware. IoT attacks rose by 107%, with affected devices averaging 52.8 hours under attack. Additionally, 15% of all malware now uses software packing as its main MITRE TTP.
  • Cryptojacking. After a record-breaking year, cryptojacking dropped 60%. Most of the globe saw a decrease, with the exception of India, which saw a staggering 409% increase.

Additionally, SonicWall’s sensors detected 50 hours’ worth of critical attacks in a 40-hour work week. Yes, it’s average firewall was under attack 125% during a 40-hour work week.

At a minimum, 12.6% of all revenues are exposed to cyber threats without proper protection, and for a $10 million company that equates to $1.2 million, SonicWall reports.

Big Spike in IoT, Phishing Attacks

The landscape of IoT security continues to develop, marked by a measurable increase in attacks targeting Internet of Things (IoT) devices. SonicWall reveals a dramatic 107% increase in IoT attacks year-over-year for the first half of 2024.

SonicWall found attackers more frequently targeting IoT devices due to the fact that they tend to be easier targets and often lack robust security measures.

Phishing tactics are becoming more sophisticated and leveraging advanced technologies. SonicWall’s data shows more than 1,200 new threats a month on average from Q4 2023 through the first half of 2024. SonicWall has also noticed a trend with the rise of QR code phishing, or “quishing.” In quishing, attackers embed QR codes in phishing emails, encouraging recipients to scan them with their smartphones. Industry reports indicate a dramatic increase in quishing attacks, rising from 0.8% in 2021 to 10.8% of all phishing attacks in 2024, SonicWall said.

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.