- 2.8 billion malware attacks (+11%) recorded in the first half of 2022 — first escalation of global malware volume in more than three years
- While ransomware volume shrunk 23% worldwide, Europe saw 63% increase
- Even in decline, year-to-date ransomware volume exceeded full-year totals of 2017, 2018 and 2019
- Financial sector saw cyberattacks climb drastically: malware up 100%, a 243% spike in ransomware, and a 269% increase in cryptojacking attempts
- 45% increase in ‘never-before-seen’ malware variants, up 21x since SonicWall began tracking in 2018
- Encrypted threats, IoT malware increased 132% and 77% year-over-year, respectively
MILPITAS, Calif. — July 26, 2022 — SonicWall, publisher of the world’s most quoted ransomware threat intelligence, today released the mid-year update to the 2022 SonicWall Cyber Threat Report. The newest report, researched and compiled by SonicWall Capture Labs, unveils an 11% increase in global malware, a 77% spike in IoT malware, a 132% rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.
“In the cyber arms race, cybersecurity and geopolitics have always been inseparably linked, and in the last six months we have seen that play out across the cyber landscape,” said SonicWall President and CEO Bill Conner. “The cyber warfare battlefront has shifted, as our data indicates a 63% rise in ransomware in Europe and a concerted effort to target financial sector companies, while ransomware volume dropped in other regions. With major increases in encrypted threats, IoT malware, cryptojacking and new unknown variants, it’s critical that cybersecurity leaders have all the required tools and technology to proactively detect and remediate against increasingly sophisticated and targeted threats to their business.”
Ransomware Attacks in Europe Swell as Threat Landscape Shifts
After a record-breaking 2021, overall ransomware attacks have trended down in the first half of 2022, decreasing globally for the fourth consecutive quarter. Government sanctions, supply chain deficiencies, dropping cryptocurrency prices and limited availability of needed infrastructure are all making it more difficult for cybercriminals. Proprietary SonicWall threat intelligence reinforces that analysis, as June 2022 saw the lowest monthly ransomware volume in two years, which helped drive down overall global volume.
“As bad actors diversify their tactics, and look to expand their attack vectors, we expect global ransomware volume to climb — not only in the next six months, but in the years to come,” said Conner. “With so much turmoil in the geopolitical landscape, cybercrime is increasingly becoming more sophisticated and varying in the threats, tools, targets and locations.”
While global ransomware dipped to start the year, Europe saw significant increases in malware attacks (+29% year-over-year) and ransomware attempts (+63%). In terms of volume, seven of the top 11 countries targeted by ransomware were in Europe (United Kingdom, Italy, Germany, Netherlands, Norway, Poland and Ukraine), suggesting a cyber threat climate shift for the region.
Malware Rebounds with 11% Global Spike
In 2021, malware volume was slightly down, marking a third-straight year of decrease as well as a seven-year low. However, as predicted in the 2022 SonicWall Cyber Threat Report, a rebound was anticipated, due to a significant uptick in attacks during the second half of 2021. That rebound was felt as more than 2.8 billion malware attacks occurred within the first six months of 2022. In North America, encrypted threats were up an astounding 284% and IoT malware soared 228% within that same time frame.
Similar to shifting ransomware numbers, malware volume was level or dropped in typical hot spots like the United States (-1%), United Kingdom (-9%) and Germany (-13%), while rising collectively in Europe (29%) and Asia (32%).
“The international threat landscape is now seeing an active migration that is profoundly changing the challenges not only in Europe, but the United States as well,” said SonicWall expert on emerging threats Immanuel Chavoya. “Cybercriminals are working harder than ever to be ahead of the cybersecurity industry, and unlike many of the businesses they target, threat actors often have no shortage of skills, motivation, expertise and funding within their organizations.”
The financial sector combatted a 100% increase in malware attacks, a 243% hike in ransomware attempts and a staggering 269% in cryptojacking attempts.
Record Number of ‘Never-before-seen’ Malware Variants Discovered
SonicWall’s patented Real-Time Deep Memory InspectionTM (RTDMI) technology identified 270,228 never-before-seen malware variants during the first half of 2022 — a 45% increase year-to-date. The first quarter of 2022 marked a record-high in never-before-seen malware discoveries (147,851), with March 2022 being the most ever on record (59,259).
Since the introduction of RTDMI in early 2018, new variants discovered have skyrocketed 21x through June 2022. These are new and previously unknown cyberattacks that are going undetected by traditional sandbox approaches.
To explore the complete mid-year update to the 2022 SonicWall Cyber Threat Report, please visit sonicwall.com/ThreatReport.
About SonicWall Capture Labs
SonicWall Capture Labs threat researchers gather, analyze and vet cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 215 countries and territories. SonicWall Capture Labs, which pioneered the use of artificial intelligence for threat research and protection over a decade ago, performs rigorous testing and evaluation on this data, establishes reputation scores for email senders and content, and identifies new threats in real-time.
SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.