Q3 2022 Threat Intelligence Highlights Changing Threat Environment in 2022

Q3 brought less ransomware, more cryptojacking and IoT attacks, and a reminder that preparation is key when the only constant is change.


If there was one overriding theme of the mid-year update to the 2022 SonicWall Cyber Threat Report, it would be disruption, as we saw trends reverse, targets shift and new techniques come into widespread use throughout the first half of 2022.

Similarly, our Q3 threat intelligence presents a snapshot of a world in flux, as the shifts and reversals we noted in July continue to ebb and flow in our increasingly volatile threat environment.

“Being a security professional has never been more difficult,” said SonicWall President and CEO Bob VanKirk. “The cyber warfare battlefront continues to shift, posing dangerous threats to organizations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geo-political landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed. Armed with the latest cybersecurity tools, SonicWall partners can play a vital role in helping customers stay secure in even the most dynamic threat environments.”


While the first half of 2022 showed an 11% year-to-date increase in malware volume over 2021’s totals, we saw this growth slow in Q3. This resulted in a malware volume of roughly 4 billion, virtually unchanged from the malware volume recorded at this time in 2021.

This flat malware volume conceals a tremendous amount of movement, however. Traditional malware hotspots, such as the U.S. and the U.K., have continued to see their malware volumes drop, falling 5% and 25%, respectively.

But the rest of Europe saw a continued increase in malware volume, with totals up 3% over the same time period in 2021.

It was Asia, however, that saw the largest increase. While this region typically sees far less malware than North America and Europe, malware volume there rose to 603.4 million by the end of Q3, a 38% year-to-date increase. While this wasn’t a large enough increase to eclipse Europe’s totals, this is the closest it’s come to doing so in recent memory, and it represents a worrying trend as we move toward year’s end.


Global ransomware volume continued to drop throughout Q3 compared with 2021’s totals. The 338.4 million ransomware attacks logged in the first three quarters of 2022 represent a 31% decrease year-to-date, and an average of 1,014 ransomware attempts per customer.

This is presented with two major caveats, however: First, while ransomware is decreasing, it isn’t decreasing as aggressively as it was earlier this year, which could signal a reversal on the horizon.

Secondly, though ransomware has fallen off somewhat from 2021’s meteoric highs, the volume we’ve seen so far in 2022 still eclipses the full year totals we’ve seen in four of the last five years. With Ransomware-as-a-Service (RaaS) offerings become more readily available and ransomware groups continue to develop new ways of exploiting their targets, it’s likely we’ll see numbers begin to increase sooner rather than later.


Despite decreases in ransomware volume, 2022 is still on track to be the second-highest year for ransomware in recent memory


As with malware, we’ve seen a great deal of volatility in geographical ransomware trends. The U.S., typically ransomware’s epicenter, has seen a remarkable 51% drop in attacks in the first three quarters of 2022. Conversely, ransomware in the U.K. increased 20% and attacks in Europe as a whole jumped 38% year-to-date, a continuation of the geographical shift noted in the Mid-Year Update.

It was Asia that saw the biggest increase, however — compared with 2021 totals, ransomware volume there is up 56%. In August, Asia’s monthly ransomware count reached 2.61 million, more than 10 times the volume seen in January and the highest total in recent memory. In fact, Asia saw nearly as many attacks in the first three quarters of 2022 as it did in all of 2021, and roughly double the number of attacks recorded in 2019 and 2020 combined.

“Ransomware has evolved at an alarming rate, particularly in the past five years — not only in volume but in attack vectors,” said SonicWall Emerging Threat Expert Immanuel Chavoya. “The latest Q3 data shows how bad actors are getting smarter in the development of evolutionary strains and more targeted in their assaults.”


So far in 2022, SonicWall has recorded 94.6 million cryptojacking attacks, a 35% increase from the already record-high volume observed during the same period in 2021. With cryptojacking totals for the first three quarters of 2022 making up 97.5% of full-year totals for 2021, another yearly record seems imminent.

While a 31% increase in North America fueled some of this spike, triple-digit increases in Europe (up 377%) and Asia (up 160%) also contributed to the sky-high cryptojacking volumes seen so far this year.

The disparity in these trends points to a geographic shakeup similar to what’s been observed among other threat types. But there’s also been a shift in attack volume by industry: while government and education customers have typically seen the lion’s share of cryptojacking attempts, Q3 saw the crosshairs shift to the financial industry, as criminals increasingly targeted banks and trading houses to illegally mine cryptocurrency.

IoT Malware

But while other threat types showed geographical hotspots shifting, IoT attacks have, if anything, doubled down. The largest increase in attacks was seen in North America, which already saw the lion’s share of IoT malware: attacks there rose 200%. Asia recorded a (comparatively) smaller increase of 82%, while cryptojacking in Europe was relatively unchanged from the same time in 2021.

While the past couple years saw threats increase, at least they did so in a fairly predictable manner. However, years like 2022 — which see much of this predictability fly out the window — remind us that in cybersecurity, preparation is paramount.

This post is also available in: Portuguese (Brazil) French German Spanish Italian

Amber Wolff
Senior Digital Copywriter | SonicWall
Amber Wolff is the Senior Digital Copywriter for SonicWall. Prior to joining the SonicWall team, Amber was a cybersecurity blogger and content creator, covering a wide variety of products and topics surrounding enterprise security. She spent the earlier part of her career in advertising, where she wrote and edited for a number of national clients.