New study sheds light on shifting cybersecurity threats

Threat actors have embraced slower and more stealthy approaches to achieve financially-motivated cyberattacks.

Global ransomware attempts, IoT malware, and crypto-jacking attacks have increased alarmingly over the last 1 year according to a recent study by Cybersecurity firm SonicWall. Acccording to the firm, global malware volume increased 2% year-over-year, but it was jumps in IoT malware (+87%) and cryptojacking (+43%) that offset the decline of overall global ransomware volume (-21%), signifying a strategic shift. It notes that threat actors have embraced slower and more stealthy approaches to achieve financially-motivated cyberattacks.

Prominent ransomware attacks impacted enterprises, governments, airlines, hospitals, hotels, and even individuals causing widespread system downtime, economic loss, and reputational damage. Following global trends, several industries faced large year-over-year increases in ransomware volume, including education (+275%), finance (+41%), and healthcare (+8%).

Key highlights:

  • Malware – Total volume was up 2% in 2022 after three straight years of decline — just as SonicWall predicted in the 2022 SonicWall Cyber Threat Report. Following that trend, Europe as a whole saw increased levels of malware (+10%) as did Ukraine, which had a record 25.6 million attempts, suggesting malware was used heavily in regions impacted by geopolitical strife. Interestingly, malware was down year-over-year in key countries like the U.S. (-9%), U.K. (-13%) and Germany (-28%)
  • Ransomware – Although overall ransomware numbers saw a 21% decline globally, the total volume in 2022 was higher than 2017, 2018, 2019 and 2020. In particular, total ransomware in Q4 (154.9 million) was the highest since Q3 2021.
  • IoT Malware Global volume rose 87% in 2022, totaling 112 million hits by year’s end. With no corresponding slowdown in the proliferation of connected devices, bad actors are likely probing soft targets to leverage as potential attack vectors into larger organizations
  • Apache Log4j – Intrusion attempts against the industry's Apache Log4j ‘Log4Shell’ vulnerability eclipsed 1 billion in 2022. The vulnerability was first discovered in December 2021 and has been actively exploited since
  • Cryptojacking – Use of cryptojacking as a ‘low and slow’ approach continued to surge, rising 43% globally, which is the most SonicWall Capture Labs threat researchers have recorded in a single year. The retail and financial industry felt the sting of cryptojacking attacks, seeing 2810% and 352% increases, respectively, year-over-year.

 

 


Add new comment