SonicWall: Malicious Hackers Attack Security Flaws Within 2 DaysSonicWall: Malicious Hackers Attack Security Flaws Within 2 Days

Malicious hackers are quickly taking advantage of newly discovered cybersecurity flaws, accessing data within days – or even hours – of their discovery, according to new data from SonicWall.

The security management company released its 2025 SonicWall Annual Cyber Threat Report, which details the varying types of cyberattacks that threat actors used on small and midsize businesses. It found that most cybersecurity flaws and vulnerabilities (61%) were used and exploited within two days of their reveal. Most organizations patch these vulnerabilities much more slowly, often taking four or five months to apply an appropriate patch.

Vulnerabilities and related malware variants have grown exponentially in recent years, with SonicWall detecting more than 210,000 variants in the past 12 months. That's an average of 637 malware variants developed per day. Malware use grew 8% in 2024, including a 92% spike in malware attacks in May 2024.

SonicWall's Bob Vankirk

This creates a big opportunity for channel partners.

“Threat actors are moving at an unprecedented pace, exploiting new vulnerabilities within days, while we’re observing that it takes some organizations 120-150 days to apply a critical patch,” said SonicWall president and CEO Bob VanKirk. “Now more than ever, businesses need the expertise of an MSP/MSSP backed by with real-time threat monitoring and SOC capabilities. Legacy security solutions are no longer enough, businesses must adopt a new mindset to stay ahead of modern cyber threats.”

Other Threats Besides Security Flaws

Ransomware saw equivalent surges in 2024. It grew about 8% in North America, but it exploded by 259% in Latin American markets. Internet-of-things-focused attacks also grew 124% globally, while encrypted threats grew 93% during that same period.

The surge is likely connected to malicious actors using more AI automation tools, which have lowered the barrier for entry while also allowing attackers to increase the complexity of their assaults. Server-side request forgery (SSRF) attacks have become a significant threat to companies, as the technology's use has surged 452% year-over-year.

Bad actors are also focusing more on business email compromise (BEC) attacks. This accounted for nearly one-third (33%) of all reported cyber events.

SonicWall partnered with CrowdStrike in December to provide a new set of MDR solutions for SMBs that combine SonicWall's managed security services with CrowdStrike's Falcon cybersecurity platform.