SonicWall 2025 Threat Reports Raises Alarms, Advises Partners

Security vendor SonicWall recently released its 2025 SonicWall Annual Cyber Threat Report findings. Among the various details include sharp increases in the amount of ransomware in regional areas, new malware variants, and alarming gaps between the time of exploitation and the time it takes companies to respond.

The report also signifies new opportunities for channel partners, like MSPs and MSSPs, to act as the trusted advisors that businesses worldwide rely on remain vigilant in this threat landscape.

Report finds drastic increases, new complexities in various threat types

The report is produced annually by the SonicWall research team and follows the 2024 mid-year report, which captured findings from the first half of last year. The latest research points to increasingly complicated landscape spurred by AI automation lowering the barrier to entry for threat actors across ransomware, malware, email attacks, and more. The overall amount of attacks increased globally throughout the year as well.

The 2025 SonicWall Mid-Year Cyber Threat Report provides insight on a range of threats, including: 

• AI Automation Tools Lower Barrier for Entry While Increasing Attack Complexity – Server-Side Request Forgery (SSRF) attacks became a critical cybersecurity concern in 2024, marked by a dramatic 452% increase compared to 2023.
• Spike in Business Email Compromise (BEC) Attacks – Nearly one-third of all reported cyber events were BEC attacks, up dramatically from only 9% in 2023.
• Escalation of Ransomware Attacks in 2024 – Ransomware was far and away the biggest threat to the healthcare industry, utilized in 95% of all breaches in this sector. 
• Living Off the Land Binaries (LOLBins) – LOLBins are integral to fileless malware campaigns, where attackers utilize native system tools to avoid leaving traditional artifacts, thus evading detection by conventional signature-based solutions.

In addition to the above, the team also shared the following data points, which show that while attacks increase, the time it takes a business to respond remains far too high in comparison.

The following data points were provided by SonicWall:

• 61% of the time, hackers exploit new vulnerabilities within 2 days – compared to what can take the average organization 120-150* days to apply a patch
• SonicWall detected 210,258 ‘never-before-seen’ malware variants – 637 each day
• Ransomware intensifies in North America (+8%) and explodes in LATAM (+259%)
• Malware trended up 8% YoY, including a massive 92% spike in May alone
• IoT attacks (+124%) and encrypted threats (+93%) continue to climb globally
• Identity, cloud, and credential compromise account for 85% actionable alerts 

“The data in this year’s threat report underscores a disturbing reality: threat actors are exploiting vulnerabilities at lightning speed, while organizations take far too long to respond,” said SonicWall Executive Director of Threat Research Douglas McKee. “Our findings indicate that organizations struggle to keep their businesses safe from the ever-present cyber threats, and the data that we gather paints a clear picture of the growing challenges they face. From ransomware surges to the rapid rise in IoT and encrypted threats, businesses are increasingly at risk.”

Why this might be good news for MSPs and MSSPs

SonicWall’s announcement of the report focuses on how the company enables SMBs, who find themselves at risk but often unable to equip themselves, through its global partner network. As threats continue to rise in both frequency and intensity, businesses increasingly turn to channel partners for expertise and support.

“With the increasing speed and sophistication of cyber threats, we needed a partner that could provide real-time threat intelligence and proactive security,” said Nick Sabatini, the vice president of managed services at Ubeo. “Ubeo is focused on best-in-class partners that bring innovation and flexibility to meet our customers’ needs, and SonicWall’s SOC services allow us to deliver 24/7 monitoring and rapid threat response, ensuring our customers stay protected without the burden of managing security alone. Their expertise and advanced security solutions empower us to protect businesses against today’s relentless cyberattacks. We’ve seen firsthand how SonicWall’s expanded portfolio and global security reach have helped us better protect our clients and respond to the increasingly sophisticated threat landscape.”

While this demand for MSP and MSSP services is a great opportunity for those partners able to capitalize on it, the landscape also requires the right tooling and technology to best support those new clients. SonicWall says it has the solution MSPs, MSSPs, and SMBs are looking for.

“Threat actors are moving at an unprecedented pace, exploiting new vulnerabilities within days, while we’re observing that it takes organizations 120 to 150 days to apply a critical patch,” said SonicWall President and CEO Bob VanKirk. “Now more than ever, businesses need the expertise of an MSP/MSSP backed by with real-time threat monitoring and SOC capabilities. Legacy security solutions are no longer enough, businesses must adopt a new mindset to stay ahead of modern cyber threats.”

The report is available now for download on SonicWall’s website.

SonicWall recently announced a partnership with security vendor CrowdStrike. Learn more about how the relationship will benefit MSPs serving SMB customers.