SonicWall: Spikes in IoT Malware, Cryptojacking Offset Decline in Ransomware in 2022

Cyber Security, Phishing, E-Mail, Network Security, Computer Hacker, Cloud Computing

SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.

Based on SonicWall’s data in its newly released 2023 Cyber Threat Report, malware crews appear to be favoring a slow and stealthy strategy for financial gain, as suggested by the decline of overall global ransomware hits (-21%) in 2022.

Threat Actors Shift Attack Strategies

“While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate,” said SonicWall president and chief executive Bob VanKirk.

Here are some of the report’s findings:


  • Total volume was up 2% in 2022 after three straight years of decline.
  • Europe as a whole saw increased levels of malware (+10%) as did Ukraine, which had a record 25.6 million attempts, suggesting malware was used heavily in regions of geopolitical strife.
  • Malware was down year-over-year in the U.S. (-9%), U.K. (-13%) and Germany (-28%).
  • Education (+157%), finance (+86%) and retail (+50%) verticals hit the hardest by malware.
  • SonicWall discovered 465,501 ‘never-before-seen’ malware variants in 2022.


  • Overall ransomware numbers saw a 21% decline globally.
  • Total ransomware in Q4 (154.9 million) was the highest since Q3 2021.
  • 2022 second-highest year on record for global ransomware attempts (493.3 million).

IoT Malware

  • Global volume rose 87% in 2022, totaling 112 million hits by year’s end.
  • With no corresponding slowdown in the proliferation of connected devices, bad actors are likely probing soft targets to leverage as potential attack vectors into larger organizations.

Apache Log4j

  • Intrusion attempts against the industry's Apache Log4j Log4Shell vulnerability eclipsed 1 billion in 2022. The vulnerability was first discovered in December 2021.


  • Use of cryptojacking as a ‘low and slow’ approach continued to surge, rising 43% globally, for the most SonicWall threat researchers have recorded in a single year.
  • The retail and financial industry saw 2810% and 352% increases, respectively, year-over-year in cryptojacking.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.