2022 SonicWall Cyber Threat Report

As cybercrime continues evolving, we need as much intel as possible. SonicWall is on the front-lines watching every threat and cyberattack. Capture Labs threat researchers collect first-hand data from more than a million global sensors in 215 countries and regions. We provide our valuable cyber threat intelligence in real time.

The world’s most quoted ransomware threat intelligence, SonicWall’s biannual threat reports are cited by major news outlets worldwide, applied by businesses for cybersecurity planning and trusted by governments. Download the report. Know the threats.

2022 SonicWall Threat Report

Report: Cyberattacks Climb Due to Seismic Shift in Geopolitical Landscape

The mid-year update to the 2022 SonicWall Cyber Threat Report is our analysis of the changing threat landscape. Here’s some of what we learned:

  • 2.8 billion malware attacks (+11%) recorded in the first half of 2022 — first escalation of global malware volume in more than three years
  • While ransomware volume shrunk 23% worldwide, Europe saw 63% increase
  • Even in decline, year-to-date ransomware volume exceeded full-year totals of 2017, 2018 and 2019
  • There was a sharp 77% rise in IoT malware and 132% leap in encrypted threats sent via HTTPS.

Learn the reasons and gain a strategy to keep your organization and assets safe. Download our report today.

Get the Free Report


Key Findings

  • Malware

    Malware volume up 11% from 2021, to more than 2.8 billion total attacks.

    Read More

    Malware Makes a Comeback

    Despite reaching a seven-year low in 2021, malware volume was already beginning to rise in the second half — a trend that has continued into the first half of 2022. Buoyed by increases in IoT malware and cryptojacking, malware volume reached 2.8 billion this year, representing an average of 8,240 attempts per customer.

  • Ransomware

    Down 23%, but still very high attack volume of 236.1 million for the first half of 2022.

    Read More

    Course Shift for Ransomware Activity

    Ransomware volume fell 23% year-to-date, fueled by lower volume in Q2. But ransomware may not just be falling; it may be shifting course due to government sanctions, supply-chain deficiencies, limited availability of needed infrastructure, and increased attention from law enforcement and governing bodies.

  • ‘Never-Before-Seen’ Malware

    ‘Never-before-seen’ malware variants discovered by SonicWall up 45%.

    Read More

    RTDMI™ Detections Rise Dramatically

    In the first half of 2022, SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI) technology discovered 270,228 never-before-seen malware variants — representing a 45% increase over the first half of 2021 and an average of 1,501 new variants per day. Since its introduction in early 2018, the number of new variants uncovered by RTDMI has risen by 2,079%.

  • IoT Malware

    Volume up 77% from 2021, resulting in more than 57 million hits.

    Read More

    IoT Malware Up 77%

    In the first half of 2022, IoT malware volume rose 77% to 57 million — the highest since SonicWall began tracking these attacks and just short of the 60.1 million hits recorded in all of 2021. While the United States already saw more IoT malware than any other country, attacks there rose a staggering 228% through June. Triple-digit increases were also seen in the UK, where attacks spiked 134% across all industries.

  • Cryptojacking

    Rose to 66.7 million in the first half of 2022 — up 30% over the first half of 2021.

    Read More

    Cryptojacking Reaches Record High

    Despite a sharp drop in cryptocurrency value, global cryptojacking volume rose to 66.7 million in the first half of 2022 — up 30% over the first half of 2021. Q1 saw more cryptojacking than any quarter since SonicWall began tracking, and January set a new monthly record at 18.4 million. While volume increases were widespread, some business sectors were hit harder than others, such as the finance industry, which saw a rise of 269%.

  • Encrypted Threats

    Malware sent via HTTPs increased 132%, avoiding traditional signature detection.

    Read More

    Encrypted Threats Triple-Digit Increase

    Encrypted threats jumped 132% year-to-date, with Q2 showing particularly strong increases: May 2022 was the second-highest month SonicWall has ever recorded for malware over HTTPS. If this trend holds, 2022 could become the third year in a row to see triple-digit increases in encrypted threats. However, there were a few bright spots, such as the retail industry, which saw a 79% drop.


How we source our data

We sourced intelligence for the mid-year update to the 2022 SonicWall Cyber Threat Report from real-world data collected by the SonicWall Capture Threat Network, which securely monitors and collects cyber threat activity worldwide.

  • 1.1m+

    Global Sensors
  • 215+

    Countries & Territories
  • 28m+

    Malware Attacks
    Blocked Per Day
  • 24x7x365

  • <24hrs

    Threat Response
  • 140k+

    Malware Samples
    Collected Daily

2022 in Review

  • JANUARY 15

    Major cyberattacks by Russia on Ukraine resulted in government websites replaced with threatening messages

  • JANUARY 20

    Chinese hackers breach News Corp, access emails used by journalists from Wall Street Journal, New York Post and others

  • JANUARY 27

    U.S. Government expands the Industrial Control Systems Cybersecurity Initiative to include water supply


    DDoS attack on Ukraine takes down government and banking websites


    Hacker group Anonymous declares a cyberwar on Russia in retaliation for the war on Ukraine

  • MARCH 2

    Nine high-profile breaches of U.S. healthcare orgs since Jan 2022 affect +2.2 million people

  • MARCH 16

    Anonymous begins a hacking campaign that affects Russian gov sites, TV broadcasts and retailers

  • MARCH 22

    Lapsus$ ends a 3-month ransomware spree that included Nvidia, Samsung, Ubisoft, Microsoft and Okta

  • APRIL 17

    Conti hacker group cripples the country of Costa Rica with disruptive HIVE ransomware attacks

  • APRIL 29

    Salusive Health, owner of MyNurse health app, closes doors after data breach

  • MAY 10

    157-year-old Lincoln College closes doors after data breach shuts down first post pandemic registration

  • MAY 23

    Massive Eye Care Leaders EMR data breach affects more than 2 million patients and employees

  • JUNE 7

    Shields Health Care Group suffers data breach that affects 2 million patients and employees

  • JUNE 10

    CISA warns Chinese government-backed hackers breached major telecommunications companies