Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report

SonicWall’s exclusive threat intelligence is an invaluable tool for cybersecurity professionals. But you don’t have to take our word for it.

The 2023 SonicWall Cyber Threat Report contains a wealth of exclusive threat data — including an accounting of 2022’s biggest trends and developments, as well as details of the year’s most important cybersecurity news.

Given that you won’t find much of this information anywhere else, its no wonder that the 2023 SonicWall Cyber Threat Report has become a go-to source of information for anyone looking to better understand the threat landscape.

Many of these people are journalists, and with each subsequent report, SonicWall’s threat data has found its way into an increasing number of articles, blog posts and papers around the globe. In some cases, in addition to citing SonicWall’s data, publications have sought the input of our leaders and researchers to discuss the report’s findings.

Here’s a small sampling of the global coverage surrounding the 2023 SonicWall Cyber Threat Report:


MSN – Ransomware threat surges as Brits suffer millions of attacks in 2022

Financial Times – Taking stock of the US crypto crackdown

AOL. – Ransomware threat surges as Brits suffer millions of attacks in 2022

The Times – Hackers hit WH Smith for the second time

Daily Mail – Cut tax on business to Irish levels, urges Boris

Computer Weekly – What can security teams learn from a year of cyber warfare?

Evening Standard – Ransomware threat surges as Brits suffer millions of attacks in 2022

TechRadarPro – 2023 could be the biggest ever year for cybercrime

Comms Express – 2023 SonicWall Cyber Threat Report

Evening Standard – Drones ‘blow up’ Russian spy plane in Belarus

CityAM – Malware attacks on UK government devices up by 75 per cent, report reveals

IT Pro – State-sponsored hackers are diversifying tactics, targeting small businesses

Charged Retail – JD Sports cyber attack: why online retail is vulnerable and what can be done?

Tech Monitor – LockBit claims ransomware attack on power electronics company Phihong

InfoSecurity – Experts Spot Half a Million Novel Malware Variants in 2022

U.S. and Canada:

Yahoo! – Ransomware threat surges as Brits suffer millions of attacks in 2022

CRN – Ransomware Attacks Plunged 48 Percent In US Last Year: SonicWall

Digital Trends – Cybercrime spiked in 2022 — and this year could be worse

Utah Pulse – Cybersecurity Predictions for 2023 – Things You Should Know

Investor Place – 7 Cybersecurity Stocks to Buy to Protect Your Portfolio

InfoSecurity – Trend Micro’s 55% surge in malware detections is significantly higher than that of SonicWall, which said last week that its overall detections increased by only 2% year-on-year in 2022

CRN – 5 Things To Know On The Big Drop In Ransomware Attacks

MSSP Alert – SonicWall: Spikes in IoT Malware, Cryptojacking Offset Decline in Ransomware in 2022

HIPAA Journal – Cybercriminals Adopt Corporate Tactics to Address Declining Revenues

Germany, Austria & Switzerland

TechradarPro – 2023 could be THE year for cybercriminals

It Daily Net – Education sector in the crosshairs of cybercriminals

Krypto News Deutschland – An inventory of the US crypto raid


Tech Ao Minuto – There was more cybercrime in 2022 and growth may continue this year

Canales Sectoriales – SonicWall discovers 465,501 malware variants never seen before

Byte – This is the state of cyberthreats in 2023 – IoT malware and cryptojacking attacks are growing to the detriment of ransomware


GQ Brasil – Global hacker attack may reach Brazil but risk is limited, says experts

Convergencia Digital – Malware focused on the internet of things grows 87% in 2022

TI Inside – Brazil is the fourth largest ransomware target in the world

InforChannel – SonicWall report shows change in strategy of threat agents


El Universal – From bullets to bits

Computerworld – Report sheds new light on the changing cybercrime panorama

SecuriTIC Latinoamérica – SonicWall cyber threat reports highlights changes in the behavior of cybercriminals

Lado Mx – SonicWall presents its new Cyber Threats Report 2023


Semana – Batteries: there was an 87% increase in the number of computer attacks in the world

Acis – Colombia among the ten countries most attacked by ransomware, according to SonicWall’s 2023 Cyber Threat Report


TechCircle – After three years of decline, overall malware attack up by 2% in 2022: Report

The Hindu Business Line – Ransomware attacks dip but don’t let your guard down

Enterprise IT World – 2023 SonicWall Cyber Threat Report Offers new Findings Around Threat Actor Behavior

Digital Terminal – SonicWall Reveals 53% Jump in Ransomware Attacks in India in 2022

Machine Maker – 2023 SonicWall Cyber Threat Report: Shifting Front Lines, Vigorous Threat Actors

CRN India – SonicWall cyber threat report focuses on shifting front lines, threat actor behavior

CXOToday – 2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior

Samachar Central – 2023 could be the biggest ever year for cybercrime


CNET Japan – The 2023 SonicWall Cyber Threat Report suggests the latest situation of cyber attacks and changes in criminal behavior

Nikkei Asia – Cyberattacks on Japan soar as hackers target vulnerabilities

ZDNet Japan – The 2023 SonicWall Cyber Threat Report suggests the latest situation of cyber attacks and changes in criminal behavior

Middle East, Turkey & Africa

The Gulf Time Newspaper – SonicWall reveals top tech trends, predictions for 2023

Entrepreneur Al Arabiya – Cybersecurity challenges are increasing in the education sector, retail and growing threats on Internet of Things

Al Bayan Newspaper – SonicWall: UAE Records 14% Drop in Cyberattacks in 2022

Awalan – Malware increased by 87% in 2022

Al Watan Newspaper – SonicWall released its 2023 Cyber Threat Report

Sahaffah – 2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior

SonicWall Data Shows Attacks on Schools Skyrocketing

Threat actors increasingly targeted K-12 districts in 2022, resulting in triple-digit spikes in malware, ransomware, encrypted threats and IoT attacks.

While K-12 schools had already been increasing their dependence on technology, the COVID-19 pandemic accelerated this growth tremendously. Due to funding constraints, however, schools’ adoption of new hardware and software has often outpaced their districts’ ability to secure this new infrastructure, resulting in an attack surface that has continued to grow — both in size and in appeal to attackers.

According to the GAO, roughly 1,847,000 students have been impacted by ransomware attacks in the United States alone since the beginning of 2020. Since the latest data currently available only goes through the end of 2021, this number, in reality, is much higher — but even these smaller figures, combined with data released by the U.S. Census Bureau, work out to 1 in 26 K-12 students in the U.S. affected in just a two-year period.

But the issue of cyberattacks targeting schools isn’t limited to the U.S. According to a recent audit by the National Cyber Security Centre (NCSC) and the National Grid for Learning, nearly 80% of schools in the United Kingdom have experienced at least one cyberattack. And in late 2022, Ontario, Canada, was shaken by the news of two widespread cyberattacks on educators within a two-week period.

Schools See Triple-Digit Growth Across Most Attack Types

This barrage of attacks on primary and secondary schools can also be seen in SonicWall’s exclusive threat data. In the recently released 2023 SonicWall Cyber Threat Report, we reported massive year-over-year volume increases in attacks on K-12 districts as threat actors continued to shift away from government, healthcare and other industries to zero in on education targets.

In 2022, SonicWall observed a 275% increase in ransomware attacks on education customers overall, including a 827% spike in attacks on K-12 schools. This growth echoed trends observed in the overall malware attack volume: Out of a 157% increase in attacks on education customers overall, the subset of K-12 customers experienced a 323% increase in overall malware attacks.

Huge increases in attacks targeting education were also seen elsewhere in SonicWall’s data. Encrypted attacks spiked 411% over 2021’s totals, and the number of IoT malware attacks rose 146%. And while cryptojacking attempts on education customers increased more slowly in comparison, 2022 marked the second-straight year of significant growth. Taken together with a sustained increase in overall cryptojacking, this suggests we’re likely to see attacks continue to rise as 2023 goes on.

Attacks on Schools: What’s at Stake

The GAO study also revealed the average impact of a successful cyberattack: Lost learning time ranging from roughly three days to three weeks, with actual recovery lasting from two to nine months. This was in addition to any financial losses from things like third-party remediation, replacing equipment and more.

Unfortunately, these attacks aren’t just costly to the schools. After the Los Angeles Unified School District refused to pay a ransom demand, attackers published 500 GB of stolen data consisting of Social Security numbers, student health info, assessment results and W-9 forms to the dark web.

As more schools refuse to pay ransom demands, threat actors are increasingly turning to this method of double extortion to ensure their efforts bear fruit. Because students generally have unblemished credit records, and because their credit typically isn’t being monitored due to their age, cybercriminals can use the personally identifiable information collected in these attacks to open credit cards and commit other financial fraud — with students and their parents oftentimes being none the wiser.

School districts can offer credit monitoring and identity protection services to students whose sensitive information has been stolen. But this is cold comfort to students whose mental health records, bullying reports, disciplinary records and more are now publicly available. In one particularly egregious case, the Medusa ransomware gang released the details of a student’s sexual assault report, reportedly as a means of getting the individual’s parents to pressure the Minneapolis Public School System to pay the $1 million ransom demand.

A New Strategy to Help Schools?

In early March, the U.S. National Cybersecurity Strategy was released, outlining a plan to shift greater responsibility for cybersecurity onto the country’s tech companies. With third-party vendors providing a means of entry in 55% of K-12 data breaches, the report’s goals could provide some much-needed relief to the education industry.

Even so, attacks on schools are likely to continue for the foreseeable future. The goals outlined in the strategy will require a paradigm shift in how the country views cybersecurity, so its benefits are unlikely to be realized in the short term. In the meantime, threat actors specializing in attacks on K-12 schools, such as the Vice Society ransomware group, have already proven as active as ever in 2023.

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022

Few of 2021’s trends escaped 2022 unscathed. Here’s a quick look at the accelerations and reversals detailed in the 2023 SonicWall Cyber Threat Report.

With the pandemic finally relenting in many areas, employees returning to the safety of the perimeter and supply chains beginning to show signs of normalizing, many felt that 2022 would offer cybersecurity a return to the sort of stability that’s been largely absent the past few years.

Instead, we’ve seen the opposite: Cybercriminals have attempted to maximize the number of potential victims while minimizing risk — and this shift in tactics and targets has brought about the demise of years-long trends and begun to give rise to new cybercrime epicenters.

SonicWall Capture Labs threat researchers spent 2022 tracking these changes in real time, and have compiled their findings in the 2023 SonicWall Cyber Threat Report. This exclusive threat intelligence is designed to arm organizations against today’s ever-changing threat environment.

“The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance,” said SonicWall President and CEO Bob VanKirk. “While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”


In 2022, SonicWall Capture Labs threat researchers recorded 493.3 million ransomware attempts globally, a decrease of 21% year over year. This was fueled by a massive drop in North America, which typically sees the lion’s share of ransomware: attacks there fell by nearly half.

But while ransomware was down year-over-year, it remains at historic highs — total attack volume in 2022 was higher than in 2017, 2018, 2019 and 2020. These attacks impacted governments, enterprises, hospitals, airlines and schools throughout the year, resulting in economic loss, widespread system downtime, reputational damage and more. Some of these industries saw a significant uptick in ransomware volume, particularly education and finance, which saw spikes of 275% and 41%, respectively.


After three straight years of decline, malware reversed course in 2022, rising 2% to 5.5 billion. While this is a fairly modest increase, it’s being fueled by double-digit, accelerating growth in cryptojacking and IoT malware, which showed year-over-year increases of 43% and 87%, respectively.

The areas being targeted by malware are also changing rapidly. In 2022, countries that typically see more malware, such as the U.S., the U.K. and Germany, showed year-over-year decreases in attack volume. But Europe as a whole, Latin America and Asia — which all typically see significantly less malware than North America — all recorded significant increases.

IoT Malware

In 2022, SonicWall threat researchers observed 112.3 million IoT malware attempts, representing an 87% year-over-year increase and a new yearly record. While all regions and industries showed an increase in attack volume over 2021, some were hit particularly hard: Triple-digit increases were observed in North America, as well as in the education, retail and finance industries.


Cryptojacking attacks breezed past the 100 million mark for the first time in 2022, reaching a new high of 139.3 million. This 43% increase was fueled by a number of new campaigns that surfaced late in the year, pushing December to 30.36 million hits — a new monthly record and a total exceeding most entire quarters. Despite skyrocketing rates, some were fortunate enough to see welcome decreases, such as government and healthcare customers.

Apache Log4j

Another milestone was observed in intrusion attempts against the Apache Log4j ‘Log4Shell’ vulnerability, which passed the 1 billion mark in 2022. Since its discovery in December 2021, this vulnerability has been actively exploited, and the pace of these attempts seems to be accelerating: Every month in 2022 had significantly more attempts than were seen in December 2021, and 15% more hits were observed in Q2 than were seen in Q1.