Cryptojacking Balloons as Cyberattackers Shift Gears to Easier, High Volume Targets

• Intrusion attempts rose 21% with a record surge in cryptojacking volume at 399% to 332 million incidents in the first half of 2023.
• Cryptojacking volume in North America spiked 345% and 788% in Europe.
• IoT malware increased by 37% to 77 million events and encrypted threats rose 22% to 6 million incidents.
• Opportunistic threat actors are aiming at education and government verticals.
• SonicWall discovered 172,146 "never-before-seen" malware variants but down 36% year over year. The numbers suggest that bad actors are spending less time on research and development and more time on volume-based attacks, using open-source tools that may be less likely to be intercepted.
• The lowest first half totals on ransomware attempts since 2020, down 41% despite big Q2 jump, suggest a likely rebound over the next six months.

“Threat actors are relentless, and our data indicates they are more opportunistic than ever, targeting schools, state and local governments, and retail organizations at unprecedented rates. The 2023 SonicWall Mid-Year Cyber Threat Report helps us better understand the mindset and criminal behavior that will in turn help SonicWall create the right countermeasures, and help organizations protect themselves by being better prepared and build stronger defenses against malicious activities.”

• On cryptojacking. While cryptojacking has exploded, ransomware has shifted strategy, as bad actors are pivoting to lower-cost, less risky attack methods with potentially high returns like cryptojacking, said SonicWall vice president of product security Bobby Cornwell.“It also explains the reason we’re seeing higher levels of cybercrime in regions like Latin America and Asia. Hackers search for the weakest points of entry, with the lightest possible repercussions, limiting their risk and maximizing their potential profits.”
• On verticals. Prominent attacks continued to plague enterprises, cities, airlines, and even K-12 schools, causing widespread system downtime, economic loss and reputational damage. While several industries followed the global trend of ransomware volume decline, they saw a huge growth in cryptojacking attacks: education (+320X), government (+89X) and healthcare (+69X).
• On malware by geographic region. Total global malware volume dipped slightly by -2% in the first half of 2023, with the U.S. and U.K. logging the biggest dips at -14% and -7%, respectively. Surprisingly, malware numbers climbed in every other tracked region. On Europe saw an (+11%) increase, while Latin America malware jumped (+19%) – suggesting a geo-migration of threat actor behavior as they move from targeting traditional hotspots to more opportunistic locations.
• On ransomware. Despite the 41% global decline in the number of incidents, Q2 suggests a potential rebound, as it spiked 74% when compared to Q1. Some countries still felt the sting of ransomware attacks as Germany increased by 52% and India spiked by +133%.
• On IoT malware. Global volume rose 37%, totaling almost 78 million hits by the end of June. As connected devices continue to rapidly multiply, bad actors are targeting weak points of entry as potential attack vectors into organizations.
• On encrypted threats. Another quieter approach embraced by bad actors in the last six months was encrypted threats, which climbed 22% globally.