Latest Threat Intelligence Navigates the Relentless Surge in Cybercrime

If the theme of the 2023 SonicWall Cyber Threat Report was migration, 2024’s would definitely be acceleration. Cyberattacks increased two- to threefold across nearly every tracked metric last year, as threat actors continued to ramp up and diversify their attacks.

SonicWall noted several new developments in 2023, including the use of Microsoft OneNote files as an initial vector, sharp increases in the use of .NET, and huge campaigns targeting vulnerabilities in WinRAR and MOVEit. As previously reported, SonicWall also discovered a critical zero-day vulnerability affecting Apache OFBIZ, which saw widespread exploitation.

Researching and publishing these trends is part of our commitment to empowering our valued partners and the wider cybersecurity community. The data in the 2024 SonicWall Cyber Threat Report not only provides threat trends, it also drills down to show how these developments are affecting businesses like yours — and what you can do about it.

“With a rich 32-year history as our foundation, SonicWall continues to publish the Cyber Threat Report, providing threat intelligence to drive our roadmap and build products that help our partners,” SonicWall President and CEO Bob VanKirk said. “In addition to proven solutions, they need proactive strategies and actionable insights based on the most up-to-date threat intelligence to mount the strongest defense possible.”


On the heels of last year’s modest 2% increase, malware accelerated in 2023, rising 11% to 6.1 billion. This increase was fueled by triple-digit growth in cryptojacking and encrypted threats, which showed year-over-year increases of 659% and 117% respectively.

After seeking new shores in 2022, threat actors in 2023 showed a renewed focus on North America, where malware increased 15% to 3.2 billion — more than half of all global malware recorded for the year. Threats in Latin America, which have been increasing since 2021, grew even faster in 2023, spiking 30% to 475.2 million. Only Europe and Asia saw a decline — both experienced a 2% dip over 2022’s malware volumes.

Encrypted Threats

In 2023, SonicWall threat researchers observed 15.8 million encrypted threats, representing an 117% year-over-year increase and a new yearly record. While all regions and industries showed an increase in attack volume over 2021, some were hit particularly hard: Triple-digit increases were observed in Europe (+182%), Asia (+462%), Latin America (+527%), and across every single industry we studied.


Cryptojacking attacks breezed past the 100 million mark for the first time in 2022, but they were just getting started. 2023 brought an unprecedented 1.1 billion cryptojacking hits, a 659% increase year over year. Only two groups were spared triple-digit (or more…) increases: customers in Asia, where cryptojacking “only” increased 87%, and customers working in retail, where cryptojacking actually dropped 72%.


A 36% decrease in ransomware sounds great—but there are some major caveats here. The 317.6 million ransomware attempts recorded in 2023 were still enough to make it the third-highest year for ransomware on record, and the first year to see ransomware payments surpass the $1 billion mark. Huge campaigns were still regularly observed, including a supply chain attack on a vulnerability in MOVEit Transfer (CVE-2023-34362) that ultimately impacted more than 62 million people. Finally, it’s important to point out that SonicWall’s threat data only includes the SonicWall ecosystem, with its largely SMB install base — other vendors actually recorded increases based on their datasets.

But we may see an rise in ransomware attacks on SMBs in the near future. In mid-February, the U.S. government reported it had disrupted the LockBit ransomware gang. As SonicWall CEO Bob VanKirk told CRN, LockBit “has been at the core of a lot of the ransomware attacks” SonicWall has recorded —it was the most prolific ransomware observed in 2023. But as VanKirk noted, attacks on SMBs may rise as enforcement activities heat up.

Michael Crean, who leads SonicWall’s managed security services unit, agreed. “If I’m a bad guy, what am I going to do now? Well, I’m going to try to fly under the radar, but still get what I want. I’ll just do it in a way that doesn’t draw any attention to me.” Based on our cryptojacking data, some of these cybercriminals have shifted focus, but to be clear, we don’t expect the drop in ransomware to be a sustained one.


Another milestone was observed in intrusion attempts in 2023, which passed the 7 trillion mark for the first time. Unfortunately, this 20% increase in overall intrusions wasn’t just driven by the expanding attack surface: Malicious intrusions were also up, rising 6% to 11.3 billion. The good news? Attempts against last year’s widely exploited Log4Shell vulnerability seem to have dropped and stabilized, at least for now.

As Bob VanKirk remarked, “SMBs are right in the crosshairs” for hacker groups—a fact that comes across plainly in 2023’s threat data. As we continue moving through 2024, this increased risk makes the role of the MSP more critical than ever. “Based upon the sheer number of attacks, and their complexity, MSPs really provide a key security layer that end customers require, especially in the SMB space,” he said.