2023 SonicWall Cyber Threat Report: Shifting Front Lines, Vigorous Threat Actors


SonicWall, publisher of the world’s most quoted ransomware data and trusted cyberattack intelligence, today released the 2023 SonicWall Cyber Threat Report. The bi-annual report details an increasingly diversified cyberattack landscape amid shifting threat actor strategies. SonicWall recorded the second-highest year on record for global ransomware attempts, as well as an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) in 2022.

“The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance,” said SonicWall President and CEO Bob VanKirk. “While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”

SonicWall’s President and CEO Bob VanKirk tells that in past year high cybersecurity was needed as threat actors attacked anything and everything

While there was a 2% year-over-year increase in global malware volume, the rise in IoT malware (up by 87%) and cryptojacking (up by 43%) overshadowed the decrease in overall global ransomware volume (down by 21%). This shift indicates a strategic change in the tactics used by threat actors, who have adopted slower and more covert methods to execute financially-motivated cyberattacks.

Immanuel Chavoya, the Threat Detection and Response Strategist at SonicWall, has stated that companies of all sizes face a constant threat from cyberattacks, which can have serious consequences for their operations and reputation. To protect themselves, organizations must be aware of how attackers operate and adopt cybersecurity strategies based on this knowledge. This involves not only preventing complex ransomware attacks but also safeguarding against new threats such as IoT and cryptojacking.

Major ransomware attacks have had a significant impact on a variety of entities, including businesses, government agencies, airlines, hospitals, hotels, and even individuals. These attacks have caused significant disruptions in system functionality, resulting in economic losses and reputational harm. In line with global patterns, certain industries have experienced significant increases in ransomware volume compared to the previous year. For instance, the education sector saw a 275% increase, while the finance sector saw a 41% increase, and the healthcare sector saw an 8% increase.

“Organizations today face an evolving threat landscape where threat actors are finding new and creative ways to stay ahead of the enterprise,” said Debasish Mukherjee, Vice President, Regional Sales, Asia Pacific Japan at SonicWall. “Cyber risks and their impacts on organizations globally continue to dominate headlines and boardrooms. The 2023 SonicWall Cyber Threat Report helps elevate us as a credible source and strengthens our ability to provide sound security measures to our customers.”

Debasish Mukherjee, Vice President, Regional Sales, Asia Pacific Japan at SonicWall on threat actors trying to stay ahead of the enterprises

Cybercriminals are using increasingly advanced tools and tactics to exploit and extort victims, with state-sponsored activity growing as a concern. While ransomware continues to be a threat, SonicWall Capture Labs threat researchers expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs and enterprises.

The 2023 SonicWall Cyber Threat Report provides insight on a range of cyber threats, including:

Malware- As predicted in the 2022 SonicWall Cyber Threat Report, after three consecutive years of decline, the total volume of cyber threats increased by 2% in 2022. This trend was reflected in Europe, where the level of malware increased by 10%, particularly in regions affected by geopolitical conflict such as Ukraine, which experienced a record of 25.6 million attempted attacks. In the Asia-Pacific region, all tracked metrics showed an escalation in severity, including a significant rise in malware by 38%. However, some key countries such as the US, UK, and Germany experienced a year-over-year decrease in malware incidents of 9%, 13%, and 28% respectively, which is noteworthy.

Ransomware– Despite a 25% decrease in ransomware attacks worldwide, the total number of ransomware incidents in 2022 was still higher than in the years 2017, 2018, 2019, and 2020. Notably, the overall volume of ransomware in Q4 2022 reached 154.9 million, which was the highest it had been since Q3 2021.

IoT Malware- Global volume rose 87% in 2022, totaling 112 million hits by year’s end. With no corresponding slowdown in the proliferation of connected devices, bad actors are likely probing soft targets to leverage as potential attack vectors into larger organizations.

Apache Log4j – In 2022, the number of attempted intrusions targeting the Apache Log4j vulnerability, also known as “Log4Shell,” exceeded 1 billion. This vulnerability was first identified in December 2021 and has been subject to active exploitation ever since.

Keith Johnson, Logically, Chief Operating Officer on cyberattacks hindering organizations worldwide

The use of cryptojacking, which is a “low and slow” approach to cyberattacks, continued to rise globally, increasing by 43%. This is the highest percentage increase recorded in a single year by SonicWall Capture Labs threat researchers. In the Asia-Pacific region, there was a significant spike of 129% in cryptojacking incidents, indicating an accelerated reconfiguration of the international cyber landscape. The retail and financial industries were particularly affected by cryptojacking attacks, with year-over-year increases of 2810% and 352%, respectively.

“Cyberattacks of all varieties continue to hinder organizations worldwide,” said Logically Chief Operating Officer Keith Johnson. “SonicWall’s annual intelligence report gives us a deeper understanding of the current threat landscape and helps breakdown why cyberattacks continue to be successful, as well as the drivers and trends behind them. By making this report available to partners, SonicWall helps elevate us as trusted advisors and strengthens our ability to provide sound security measures to our customers.”

SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI) technology identified a total of 465,501 never-before-seen malware variants in 2022, a 5% year-over-year increase and an average of 1,279 per day. Dating to 2019, this is the fourth straight year RTDMI increased its total of malware discoveries.


Please enter your comment!
Please enter your name here