Global malware detections increased 2% year-on-year (YoY) in 2022 to hit 5.5 billion, with never-before-seen variants surging 5%, according to SonicWall.
The security vendor captured threat intelligence from its global SonicWall Capture Threat network, including one million security sensors, in order to compile its 2023 SonicWall Cyber Threat Report.
It revealed a total of 465,501 new malware samples – evidence of continued innovation on the cybercrime underground. SonicWall said these discoveries “often closely align with zero-day attack patterns.”
The vendor also recorded a 43% increase in cryptojacking malware to hit a record 139 million “low-and-slow” attacks and an 87% increase in IoT malware to reach 112 million.
These increases offset a 21% decline in ransomware volumes – although at 493 million, the total still amounted to the second highest year on record after 2021.
The education (275%), finance (41%) and healthcare (8%) sectors saw large increases in ransomware attacks, while YoY volumes surged in Europe (70%) and the UK (112%).
The European figures were driven in part by record malware (26 million) and ransomware (7 million) detections in Ukraine. It also makes the UK the second most attacked country globally after the US and ahead of Spain, SonicWall said.
That’s despite overall malware detections declining YoY in countries like the US (-9%), UK (-13%) and Germany (-28%).
However, globally, recorded malware volumes increased for the first time in four years, while intrusion attempts reached a staggering 6.3 trillion.
Elsewhere, Log4j remained a persistent challenge for network defenders, with SonicWall recording over one billion intrusion attempts using the Log4Shell exploit in 2022.
“It is crucial for organizations to understand attackers’ tactics, techniques and procedures (TTPs), and commit to threat-informed cybersecurity strategies to defend and recover successfully from business-disrupting events,” argued SonicWall threat detection and response strategist, Immanuel Chavoya.
“In addition to cyber-attacks becoming more sophisticated and covert, threat actors are showing clear preferences for certain techniques, with notable shifts toward weak IoT devices, cryptojacking and potentially soft targets like schools and hospitals.”