Cybersecurity and geopolitics have always been inseparably linked, and in the past six months we’ve seen this increasingly play out across the threat landscape. Based on data from the mid-year update to the 2022 SonicWall Cyber Threat Report, the United States, the U.K. and other cybercrime hotspots are seeing decreases in cybercriminal activity, while many less-affected regions are seeing an uptick in threats.
“The international threat landscape is now seeing an active migration that is profoundly changing the challenges not only in Europe, but the United States as well,” said SonicWall expert on emerging threats Immanuel Chavoya. “Cybercriminals are working harder than ever to be ahead of the cybersecurity industry, and unlike many of the businesses they target, threat actors often have no shortage of skills, motivation, expertise and funding within their organizations.”
But it isn’t only the targets that are changing in the first half of 2022 — it’s the trends as well. Malware and ransomware have both reversed course, and for the first time in years we’re seeing increases in malware and decreases in ransomware. The threat data also revealed accelerations in certain trends, such as the spikes we’re seeing in IoT malware and other threat types. Here are some of the highlights:
Malware Makes a Comeback
After trending downward for several quarters, malware rose 11% worldwide during the first half of 2022. While a drop in ransomware helped temper this increase, a rise in cryptojacking and skyrocketing rates of IoT malware were more than enough to propel a double-digit increase.
Very few cyberthreat trends apply uniformly across the board, and the rise in malware is no exception. But the fact that places that usually see a lot of malware — such as the U.S., the U.K. and Germany — all saw decreases suggest that these global hotspots may be beginning to shift.
Ransomware Falls by Nearly a Quarter
Ransomware has risen dramatically over the past two years, but in the first half of 2022, global attack volume fell 23%. This long-awaited reversal seems largely a result of geopolitical factors, as ransomware groups in Russia struggle to keep up their previous pace amid the ongoing conflict with Ukraine.
Unfortunately, based on larger ongoing global trends, this reprieve isn’t expected to last.
“As bad actors diversify their tactics, and look to expand their attack vectors, we expect global ransomware volume to climb — not only in the next six months, but in the years to come,” said SonicWall President and CEO Bill Conner. “With so much turmoil in the geopolitical landscape, cybercrime is increasingly becoming more sophisticated and varying in the threats, tools, targets and locations.”
Ransomware is also shifting, however, resulting in some areas recording significantly different outcomes than usual. North America, which typically sees the bulk of ransomware attacks, experienced a 42% decrease in attack volume, while Europe recorded a 63% increase.
RTDMI Detections Rise Dramatically
In the first six months of 2022, SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI) identified 270,228 never-before-seen malware variants — a 45% increase over the same period in 2021.
Included with the Capture Advanced Threat Protection sandbox service, this technology leverages machine learning to become highly effective at identifying new and advanced threats, and it continues to get better each year: Since it was introduced in early 2018, the number of new variants discovered by RTDMI has risen 2,079%.
IoT Malware Up 77%
With more IoT devices coming online than ever, it’s no surprise that opportunistic cybercriminals are increasingly flocking to IoT malware attacks. Since the beginning of the year, IoT malware volume has risen 77% to 57 million — more than at any point since SonicWall began tracking these attacks, and nearly as many as were recorded for the entire year of 2021.
Encrypted Threats Show Triple-Digit Increase
In the first half of 2022, encrypted threats spiked 132% over the same time period last year. This was based on an unusually high number of attacks in Q2 — attack volume rose so high in May that it became the second-highest month for encrypted threat volume SonicWall had ever seen.