Alongside ransomware attacks, malware incidents remain one of the biggest threats online. The year 2022 was full of ups and downs, as both cybersecurity companies and cybercriminals fought their way through new challenges in an ever-present struggle to achieve more. Which side prevailed in the end? We're about to find out!
On top of the pandemic/post-pandemic difficulties and political turmoils all of us undoubtedly felt, directly or indirectly, in the last couple of years, another great peril kept lurking from every corner of the internet – malware. In fact, while an average person or a businessman struggled with psychological, emotional, and financial stability in difficult times, threat actors saw each new vulnerability as an opportunity.
Small businesses suffered in particular, with over 60% of those who experienced data breaches having to permanently shut down their firms. We investigated this and many other positive and negative malware statistics and trends in 2022. Hopefully, you'll find them useful.
The most significant malware threats, incidents, statistics, and trends in 2023
Here's the cybersecurity year 2022 in rewind, seen through malware data, statistics, and new trends.
1. The number of malware attacks is on the rise
According to the 2022 SonicWall Cyber Threat Report, there have been over 2.8 billion new malware attacks in the first half of 2022. This represents an 11% increase compared to the second half of 2021 and the confirmation that, aside from a temporary dip in 2020, malware is still on the constant rise. The trend started in 2015, and the latest data indicates it isn't likely to cease anytime soon. The report also states that the main culprits for the disappointing malware statistics in 2022 were the 30% rise in cryptojacking and the 77% increase in IoT malware.
2. Payment demands are also increasing
Malware attacks are not just increasing in volume, but the perpetrators' demands are also getting higher. A recent report by Coveware shows that the average ransom payment amount was $211.529 in Q1 2022. Although this marked a 34% decrease from Q4 2021 (when the ransom amount reached its highest value in the last four years), both average ransom payment and median ransom payment show overall growing tendencies, as represented in the graph below.
3. The median ransom payment exceeded $100,000 in Q3 2021
The median ransom payment also peaked in Q3 2022, exceeding $100,000 at the time. Luckily, in Q1 of 2022 already, this value dropped to $73,906, or by 37%. We hope this trend continues, although we're not overly optimistic considering that the median ransom payments have also shown predominantly growing tendencies in the last four years.
4. March "is the cruelest month"
SonicWall pointed out another interesting fact about the latest malware events – they somehow always end up spiking in March. The explanation for the increased malware attacks in March 2020 probably lies in the state of confusion and disorder the COVID-19 pandemic brought about around that time. In March 2022, history repeated itself, most likely due to another major socio-political event, the beginning of the Russia-Ukraine war. Interestingly, though, March was also a significant month for the number of malware incidents in 2021 as well, although there was no apparent reason for it.
5. Over 60% of detected malicious installation packages on mobile devices belonged to banking trojans
Kaspersky's study shows that more than half of malicious installation packages that were detected on mobile devices from Q2, 2021 to Q2, 2022 belonged to banking trojans. Approximately 49.28% of them were from the Trojan-Banker.AndroidOS.Bray family, 5.54% were The Trojan-Banker.AndroidOS.Wroba, and 4.83% were Trojan-Banker.AndroidOS.Fakecalls. The total number of banking trojans detected on mobile devices within that same period was 55,614, which represents a year-on-year increase of 31,010.
6. Mobile threats are in decline
From April to June 2022, cybercriminal activity on mobile devices was actually in decline. Kaspersky Labs discovered "only" 405,684 malicious installation packages in Q2 2022, or 110,933 less than in the previous quarter. This also represents a decline of over 50% (480,421) from Q2, 2022, just the year before.
7. Malware attacks have a devastating impact on businesses – especially the ones in their early stages of cloud security solutions implementation
Online security breaches (including malware attacks) can cost organizations millions, depending on their size and stage of cloud security development. The mature-stage organizations are usually the best-prepared ones and, therefore, have the lowest average cost of a data breach, around $3.87 million.
Mid-stage organizations lose approximately $4.39 million on such occasions, and early-stage organizations suffer the biggest losses – $4.53 million for those who just started implementing cloud security solutions, and $4.59 for the ones who haven't yet started.
So the cost difference between a breach in a company in the mature stage and one in the early stage is around 15.7%. In other words, that's how much mature-stage organizations save with every successful cyber attack, thanks to their preparedness.
8. There were over 270,000 new malware variants in H1, 2022
According to SonicWall, there were 270,228 "never-before-seen” malware variants in the first half of 2022 – 147,851 in Q1 and another 122,377 in Q2. That’s an average of over 1,500 brand-new malware variants every day and a 45% increase year-to-date. In March alone, 59,259 never-before-seen variants were identified, a higher than ever amount in a single month.
9. Adware was the most widespread type of malware in Q2, 2022
Adware was the most common among all malware threats in Q2, 2022, with a 25.28% prevalence. Thanks to its rise of 8.36% percentage points since Q1, it surpassed the former leader, the RiskTool riskware, which was left second with 20.81% (over 27% percentage points less than the quarter before). Various Trojans came in third, with a very similar prevalence score of 20.49% and a rise of five percentage points.
10. Log4j was the most exploited vulnerability in 2021
According to the Cybersecurity and Infrastructure Agency (CISA) which investigated vulnerabilities in 2021, alongside similar agencies in Australia, Canada, New Zealand, and the United Kingdom, the following vulnerabilities were the most exploited in 2021:
- Log4j (Log4Shell)
Log4Shell, although discovered at the end of 2021, ended up being the #1 most exploited vulnerability for that year. Luckily, there were no major attacks on critical infrastructures so far, but analysts predict this vulnerability will continue to be exploited for years to come.
Log4j is one of the most serious software vulnerabilities in history. This event is not over.
11. 92% of malware comes via email
Based on research conducted on 50,000 respondents, SafetyDetectives concluded that email is the main source of almost 92% of malicious attacks. The second most common source of malware is browser-based malware or drive-by-downloads, accounting for 6% of all incoming malware threats.
12. 38% of malware is disguised as a fake Word document
SafetyDetectives shared another interesting finding – we receive nearly 38% of malware in a form of a Word doc. Some time ago, .exe files used to be the preferred choice for cyber criminals, but users soon realized they shouldn’t open them, and even email services started blocking them after some time. Benevolent-looking .doc files are still trusted, though, and, therefore, still widely exploited.
13. Apple store blocked more than 1.6 million suspicious apps in 2022
In its latest fraud prevention analysis, Apple revealed that its safety mechanisms blocked over 1.6 million risky or untrustworthy iOS apps in 2021 before they reached users. The company estimates that this saved its customers at least $1.5 billion in fraudulent transactions and other damages.
Apple also rejected 534,000 apps from getting released in its marketplace due to suspicious features/activities or privacy violations. Not only that, but 802,000 developer accounts got terminated and 153,000 new developer enrolments got canceled over fraud concerns or other safety reasons.
14. Over 97% of malware and PUA gets distributed via Windows OS
AV-TEST also considered the distribution of malware and potentially unwanted applications (PUA) in relation to the OS the victims were using in 2022. According to their study, by far the most affected OS was the Windows OS, with over 97% of threats spotted on it – or 1,709,938 to be precise. The other three most popular platforms, Android, Linux, and macOS, only accounted for about 3% of all malware and PUA threats together. Out of these, users of macOS encountered the smallest number of malware and PUA – only 183 in total.
15. Cerber was hackers’ favorite ransomware tool in 2022
Cerber is a type of malware that belongs to the ransomware-as-a-service (RaaS) category. As with any other ransomware, it encrypts your files and holds them hostage until a victim pays the ransom. But what's specific about Cerber and similar RaaS is that they work as "rental" ransomware. In other words, hackers license cybercriminals to utilize their malicious software, and, in return, they get a percentage of the profit it generates.
RaaS is highly customizable, and its developers usually take the job very seriously, which increases the chances of success. It's no wonder, then, that this ransomware category is so popular and that Cerber is the number one ransomware tool since 2016.
16. Backdoor was the most frequent form of malware attack from October 2020 to September 2021
Statista looked into the most recurring malware attack types worldwide between October 2020 and September 2021. Backdoor was by far the most exploited method of executing malicious attacks, accounting for nearly 37% of all identified breaches. Downloader was second, with 17%, and Worm was third, taking place in 16% of all malware incidents reported.
17. Eight out of 10 organizations believe their company is at risk due to a lack of attention from their employees
Mimecast's State of Email Security report 2022 shows somewhat disheartening employee statistics. Between 92% and 93% of the respondents said they experienced a business email getting compromised because of their employees' negligent or careless behavior. Over eight out of 10 of them also confessed they believed their company might be at risk due to the potential data leaks which could occur because of such behavior.
18. Only 23% of companies provide cyber awareness training to their employees on a regular, ongoing basis
Another two significant takeouts from the above report are:
- Cyber awareness training provided on a regular, ongoing basis reduces the chances of employees clicking on a malicious link up to five times.
- Despite that, less than one-fourth of organizations, or 23%, provide consistent training to their employees.
Frequency and types of training also differ significantly from one sector to another. And so, only 50% of healthcare organizations and 44% of public sector workplaces said they provided group training to their employees during the previous year. These numbers were even lower for one-on-one training, with 35% of healthcare sector respondents and 26% of those from the public sector experiencing such privileges.
19. 60% of malicious files are sent encrypted
Threat actors realized that whatever malicious files they send as encrypted SSL/TLS traffic will have a better success rate, as they are more difficult to detect and mitigate. The percentage of encrypted malware attacks was particularly high in the last couple of years. In Q1 2022, WatchGuard reported over 60% encryption rate among all detected malicious files. Still, this was over 30% less than in Q2 of 2021, when malicious attacks were encrypted in 91% of cases.
20. Education was the most targeted sector worldwide from July 2022 to August 2022
According to Statista, July 2022 was particularly difficult for the education sector around the world. Over 5.13 million cases of malware attacks were reported in that sector, starting in July until the beginning of August. The runner-up sector was retail and consumer goods, with almost nine times fewer attacks – 574,926 in total. Healthcare and pharmaceuticals was third, with 329,820 breaches.
Such a disproportionately large amount of malware attacks in the education sector could result from the recent implementation of technologies for online learning worldwide since the outbreak of COVID-19.
Regional malware statistics
Let's now see how some specific malware types and malicious attacks, in general, affect certain countries and regions across the globe.
21. Malware in Europe rose by 29% in the first half of 2022
When it comes to the regional distribution of malicious attacks, the Asian continent saw the biggest rise in malware in H1 of 2022 – 32% more compared to the second half of 2021. At the same time, there was 29% more malware in Europe, and, surprisingly, only 2% more malware in North America, which is usually the leader in this area. What's even more surprising, the US as a country saw a 1% malware decline in H1, 2022, and the countries which led to the uptick of malware volume observed in North America were actually Mexico and Canada.
22. Organizations in Slovenia have a 1 in 3 chance of seeing a malware attack
As opposed to malware volume which only shows us the number of malware cases in a country or region, malware spread percentage counts in other factors such as size, population, and the number of incidents. This value is, therefore, much more precise in determining relative risk. In other words, the greater the malware spread, the more pervasive the malware is in a particular region or country.
In the first half of 2022, organizations in Slovenia had the highest chance of experiencing a malware attack, with 33.3% of malware spread. Basically, every third organization in Slovenia was at a risk.
23. Luxembourg is the best country to avoid malware
On the other end of the spectrum was Luxemburg, with the lowest malware spread percentage in H1, 2022. According to the same SonicWall Cyber Threat Report, organizations in Luxembourg had only a 7.3% chance of experiencing a malware attack, making it the safest place in the world malware-wise.
24. Majority of malicious spam email comes from China
According to AV-TEST - The Independent IT-Security Institute, the greatest majority of spam emails in 2022 came from the US. So far, the institute recorded 2,924 emails containing spam in that country. The second on the list was Germany, with 1,093 spam emails, and the third was China, with 882.
When it comes to the distribution of malicious spam mail, however, the rankings were somewhat different. China was the leader with 165 malicious spams recorded, the US was second with 80, and Germany came in third with 65 malicious mail attempts.
25. Iran has the highest rates of mobile malware infections
Looking into the mobile cyber security statistics, Iran is the country that dealt with the highest number of malware incidents in Q2 2022. Kaspersky Labs found that almost 27% of users in this country experienced some sort of malicious intrusion on their mobile devices. Although this is almost 10% less compared to the quarter before, Iran remains the leader in the share of breached devices in Q2 2022 as well.
26. In Australia, most malware and ransomware victims are above 65 years old
Senior citizens In Australia were more vulnerable to malware and ransomware in 2022 than any other age group in that country. In a Statista Survey, which included over 1,300 respondents, more than one-third of malware/ransomware incident reports (434) were made by people older than 65. Such a high number of attacks also resulted in nearly 55 thousand Australian dollars lost. The report also showed that the least targeted group in Australia was those aged under 18.
27. US companies are among the better prepared for cyberattacks
Despite being a hotbed for numerous far-reaching cyber security incidents in the last few years, the US is among the countries that are the best prepared for cyber attacks… or, perhaps, it's because of that. According to the above Mimecast report, nearly half of the US organizations that took part in the survey (47%) have valid cybersecurity strategies in place.
Saudi Arabia, Germany, and Denmark are right behind, with at least 44%, 43%, and 42% of their companies being adequately prepared, respectively. Surprisingly, though, organizations in some of the most developed countries in the world, like Sweden and the Netherlands, scored quite low on preparedness against cyber attacks. Only 26% of companies in Sweden and 21% of those in the Netherlands reported having some kind of cyber resilience strategy implemented.
The most common types of malware
As threat actors are becoming more persistent and more "creative", it became nearly impossible to keep count of all malware cases, or even new malware types, worldwide. Still, everyone should be aware of these most basic and most present malware types, because, chances are, we'll all encounter them at some point or another.
- Viruses – Malicious software commands that copy themselves to infect another (benign) software or a whole computer.
- Worms – Work similarly to viruses, however, they send copies of themselves to a multitude of other computers, creating a network. Their aim is to infect as many devices as possible as quickly as possible.
- Trojans – These are usually very destructive programs disguised as useful applications. As soon as installed, they steal your data and often harm your computer.
- Ransomware – Malware that snatches, blocks, and/or encrypts your data until a certain amount (ransom) is paid.
- Spyware – Malicious software that collects personal information from victims without their knowledge.
- Adware – Automatically displays or downloads unwanted advertisements on a device.
How to protect yourself from malware threats?
Regardless of its type, malware can be extremely persistent, time-consuming, and unpleasant… and, worst of all, it's here to stay. While some are very tough, or nearly impossible to avoid, most can be easily prevented in these few steps.
- Install a trusted antivirus and/or malware software.
- Perform regular system/app scans and monitor settings.
- Regularly update your OS and the apps that you use. Delete apps you're not using.
- Use only secure (encrypted) networks. If you don't have a choice but to use an unsecure network, make sure you have (and switch on) a VPN first.
- Keep a close eye on your sensitive info and your accounts. Use only strong and secure passwords. Make the best use of password managers, multi-factor authentication (MFA), or two-factor authentication (2FA) tools.
- Keep yourself informed on the latest cyber attacks and stay up-to-date on events from the world of cyber security. They often enclose valuable advice.
Although malware gained momentum some 20 years ago, the last couple of years (2020-2022) will be remembered as one of the most fruitful for cybercriminals. A lot has changed during this pandemic/post-pandemic period. There was a major shift in corporal dynamics, especially when it came to the usage of technology.
Our everyday spare-time activities were far from spared as well, and hobbies (side-jobs), like cryptocurrency trades, became increasingly targeted. And so, among other things, the year 2022 was the year of cryptojacking and IoT malware boom. However, these negative malware trends and statistics are not here to make you live in fear or despair. They are just a fact-based reminder we should stay alert and take all the precautionary measures to protect ourselves.
Modern living and high-tech gadgets have made many tasks easier for us, and, as a side-effect, they got us used to shortcuts. Unfortunately, when it comes to cyber security – there are no shortcuts. But taking care of your security online doesn't have to be tedious or nerve-wracking either. For a start, you can follow our step-by-step list from above, and you'll be good to go.