SonicWall’s 2022 Cyber Threat Report has come to some alarming, but likely unsurprising, conclusions: Pretty much every category of cyberattack increased in volume over the course of 2021.
We aren’t talking about small-scale numbers, either: The number of encrypted threats spiked by 167% (10.4 million attacks), ransomware rose by 105% to 623.3 million attacks, cryptojacking rose by 19% (97.1 million attacks), intrusion attempts by 11% (a whopping 5.3 trillion) and IoT malware rose by 6% to 60.1 million attacks.
The only category to decrease in 2021 was malware attacks, which dropped by 4%. Still, SonicWall logged 5.4 billion malware attacks in 2021, making it the second highest attack type by total volume.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
“Attacks on networks rose to a fever pitch in 2021. Ransomware, cryptojacking, vulnerability exploitation, phishing and other attacks continue to plague organizations around the world and overwhelm security teams,” said SonicWall Vice President of Platform Architecture Dmitriy Ayrapetov.
In terms of what business leaders are worried about, respondents said targeted phishing attacks were their number one concern, with 77% saying they were concerned or extremely concerned about them. Ransomware followed with 73%, tailed by customer data breaches (68%), business email compromise (63%) and employee data breaches (56%).
It’s still all about ransomware …
There has been a decided spike in every form of cybercrime, but SonicWall’s report only describes one attack form as currently enjoying a “savage reign” as the top threat: Ransomware.
Bill Conner, president and CEO of SonicWall, said that the new work reality that set in along with the COVID-19 pandemic caught many companies’ networks, employees and processes unprepared to face the realities of remote work and the accompanying increase in attack surface.
“Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases. Securing information in a boundless world is a near impossible and thankless job, especially as the boundaries of organizations are ever-expanding to limitless endpoints and networks,” Conner said.
SonicWall said that November 2020, with 32.8 million attacks, was the worst ransomware month of that year. By contrast, the lowest point in 2021 only fell barely below November 2020’s high. SonicWall said that its data for 2021 represents “an average of 2,170 ransomware attempts per customer, and nearly 20 ransomware attempts every second.” Yikes.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
In June 2021 alone, the total number of ransomware attack attempts (78.4 million) was higher than three out of four quarters in 2020. “With 304.7 million attempts, the first half of 2021 had more ransomware than all of 2020—but the second half would prove to be even worse, reaching 318.6 million,” the report said.
… but ransomware isn’t the only threat
These ransomware numbers barely scratch the surface of SonicWall’s 66-page report. Additional interesting statistics include the fact that IoT malware shows signs of stabilizing toward steady attack numbers, the number of CVV numbers issued set a record, there was a 65% increase in newly discovered malware variants, and malware attacks increased by 22% in the second half of 2021, erasing most of the decrease from earlier in the year.
“As the pace of attacks continues to increase, and the ways attackers breach and infiltrate systems continue to become more targeted and evasive, the future will increasingly belong to the proactive,” the report said. Being proactive means knowing what threats are out there, and the length and detail of SonicWall’s full report makes it an important read for IT and security leaders that would like to put themselves in the “proactive” category.