Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022


Few of 2021’s trends escaped 2022 unscathed. Here’s a quick look at the accelerations and reversals detailed in the 2023 SonicWall Cyber Threat Report.

With the pandemic finally relenting in many areas, employees returning to the safety of the perimeter and supply chains beginning to show signs of normalizing, many felt that 2022 would offer cybersecurity a return to the sort of stability that’s been largely absent the past few years.

Instead, we’ve seen the opposite: Cybercriminals have attempted to maximize the number of potential victims while minimizing risk — and this shift in tactics and targets has brought about the demise of years-long trends and begun to give rise to new cybercrime epicenters.

SonicWall Capture Labs threat researchers spent 2022 tracking these changes in real time, and have compiled their findings in the 2023 SonicWall Cyber Threat Report. This exclusive threat intelligence is designed to arm organizations against today’s ever-changing threat environment.

“The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance,” said SonicWall President and CEO Bob VanKirk. “While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”


In 2022, SonicWall Capture Labs threat researchers recorded 493.3 million ransomware attempts globally, a decrease of 21% year over year. This was fueled by a massive drop in North America, which typically sees the lion’s share of ransomware: attacks there fell by nearly half.

But while ransomware was down year-over-year, it remains at historic highs — total attack volume in 2022 was higher than in 2017, 2018, 2019 and 2020. These attacks impacted governments, enterprises, hospitals, airlines and schools throughout the year, resulting in economic loss, widespread system downtime, reputational damage and more. Some of these industries saw a significant uptick in ransomware volume, particularly education and finance, which saw spikes of 275% and 41%, respectively.


After three straight years of decline, malware reversed course in 2022, rising 2% to 5.5 billion. While this is a fairly modest increase, it’s being fueled by double-digit, accelerating growth in cryptojacking and IoT malware, which showed year-over-year increases of 43% and 87%, respectively.

The areas being targeted by malware are also changing rapidly. In 2022, countries that typically see more malware, such as the U.S., the U.K. and Germany, showed year-over-year decreases in attack volume. But Europe as a whole, Latin America and Asia — which all typically see significantly less malware than North America — all recorded significant increases.

IoT Malware

In 2022, SonicWall threat researchers observed 112.3 million IoT malware attempts, representing an 87% year-over-year increase and a new yearly record. While all regions and industries showed an increase in attack volume over 2021, some were hit particularly hard: Triple-digit increases were observed in North America, as well as in the education, retail and finance industries.


Cryptojacking attacks breezed past the 100 million mark for the first time in 2022, reaching a new high of 139.3 million. This 43% increase was fueled by a number of new campaigns that surfaced late in the year, pushing December to 30.36 million hits — a new monthly record and a total exceeding most entire quarters. Despite skyrocketing rates, some were fortunate enough to see welcome decreases, such as government and healthcare customers.

Apache Log4j

Another milestone was observed in intrusion attempts against the Apache Log4j ‘Log4Shell’ vulnerability, which passed the 1 billion mark in 2022. Since its discovery in December 2021, this vulnerability has been actively exploited, and the pace of these attempts seems to be accelerating: Every month in 2022 had significantly more attempts than were seen in December 2021, and 15% more hits were observed in Q2 than were seen in Q1.

This post is also available in: Portuguese (Brazil) French German Spanish Italian

Amber Wolff
Senior Digital Copywriter | SonicWall
Amber Wolff is the Senior Digital Copywriter for SonicWall. Prior to joining the SonicWall team, Amber was a cybersecurity blogger and content creator, covering a wide variety of products and topics surrounding enterprise security. She spent the earlier part of her career in advertising, where she wrote and edited for a number of national clients.