2022 Cyber Security Trends: Top 5 Threats to Watch Out for This Year

The so-called cybercrime “industry” never stands still. Cybercriminals are always ducking and diving to evade new security defences and to maximise their profits.

According to the boffins at security vendor SonicWall, 2021 was a record-breaking year for cyber-nasties. It was the worst year ever for ransomware on record – a dubious accolade that was already achieved by July!

So what does the cyber threat landscape look like here in 2022?

Let’s take a look at the top 5 threats identified by SonicWall’s Capture Labs Threat Network and covered in their 2022 Cyber Threat Report.


1. Encrypted Threats

The Stats

The Capture Labs Network identified a 167% increase in encrypted threats since last year’s report – totalling a whopping 10.4 million encrypted threats. Though encrypted attacks during January 2021 were at an all-time low, there was a significant upswing in the Spring, with spikes in August and December.

What Are Encrypted Threats?

Encrypted threats are cyber threats – generally malware of some sort – that reach victims’ devices or networks through encrypted web traffic. As much of the web now relies on encrypted HTTPS/TLS connectivity (that’s the technology that’s indicated by a padlock icon in your browser’s address bar) cybercriminals are using it as a veil of protection to get their malware to unsuspecting victims.

When you visit URLs that begin “https://”, the traffic between your device and that site is sent through a totally encrypted “tunnel”. Older firewalls simply aren’t able to decrypt and inspect encrypted traffic, so they will generally let it pass by into the network without raising any alarms. All the firewall is seeing is inert, encrypted gobbledygook, so as far as it is concerned there are no threats to stop. With this in mind, cybercriminals are increasingly using encrypted channels to distribute malware, knowing full well that older defences are powerless to intercept it.

It’s also worth considering the fact that many people (largely those less au fait with tech) now deem sites that display the padlock icon as “safe”. In reality, anyone can purchase a security certificate for their website for around £30 – it’s not an objective stamp of all-round security approval, it’s just the tech needed to use HTTPS on a site.

Don’t get us wrong, the widespread adoption of HTTPS/TLS is great for keeping data safe in transit, but there’s far more to cybersecurity than a mere padlock symbol.

How Do I Avoid Encrypted Threats?

The best way to steer clear of encrypted threats is to enable Deep-Packet Inspection (DPI) functionality on your firewall. This effectively decrypts and inspects encrypted data packets as they come in, rooting out any threats that are hiding behind common encryption protocols like TLS.

With DPI, instead of leaving the individual devices on your network to handle incoming TLS decryption (as is the default), the firewall handles it all instead. This way it can properly inspect all incoming encrypted data on the fly and keep the network safe. And if your firewall is older than 5 years, upgrade it immediately!


2. Ransomware Attacks

The Stats

In their report, SonicWall refers to “Ransomware’s Savage Reign”. That’s not just hyperbole for dramatic effect. Ransomware incidents have risen by 105% to a whopping 623.3 million attacks in the year leading up to the report, including withering double and triple extortion attacks.

Ransomware topped the charts in SonicWall’s previous report by some degree, with this year’s report adding that almost 20 ransomware attacks took place every second in 2021. Though ransomware started to spike during the pandemic, 2020’s highest month for ransomware (November) barely exceeded 2021’s lowest point.

What is Ransomware?

Ransomware is malware that holds critical IT functionality or data to ransom. For an in-depth exploration of ransomware, check out this article from our friends at Just Firewalls: Digital Hostage-Taking: The What, How, and Why of Ransomware.

How Do I Avoid Ransomware?

Ransomware is malware, so it can generally be avoided in the same ways that malware can. Endpoint protection tools like antivirus are essential – keeping them updated regularly, even more so.

However, you shouldn’t rely on the protective power of antimalware tools alone – investing in solid cyber-awareness training is a must. Your team is your weakest attack surface, after all. Without proper cyber training and habit-forming, they may unwittingly let malware into your network. Ransomware is designed to quickly tear across a network once it sneaks in through the cracks; even one seemingly tiny mistake can leave you up a certain cyber-creek without a certain implement. So, train, train, and train some more!


3. Cryptojacking Attacks

The Stats

SonicWall reported 97.1 million cryptojacking attacks in their 2022 report, a year-on-year rise of 19%, showing slow, steady, yet significant growth. Cryptojacking is now well and truly bigger than it has ever been – in-keeping with the general hype around cryptocurrency and related technologies. SonicWall noted that the first quarter of 2021 “saw more cryptojacking than any other quarter since SonicWall began tracking it”.

What is Cryptojacking?

Cryptojacking is a kind of malware that infects a victim’s device and then uses that device’s computing power to secretly generate (or “mine”) cryptocurrency for the cybercriminal in the background. Cryptojacking malware doesn’t usually steal data or ransom anything, its goal is to sit undetected in the background and rake in the cash.

If you’re not familiar with the concept of crypto-mining, let’s take a quick detour. In order to create more of a given cryptocurrency, crypto-investors task their computers with solving complex cryptographic equations, which in turn spit out more of the cryptocurrency of choice. This process is called “mining”.

On the whole, crypto-miners will mine new cryptocurrency on devices they own. You may have seen the recent hubbub about crypto-enthusiasts buying up graphics cards to use in their mining operations, contributing to an already present shortage in the hardware. Graphics cards are particularly effective at solving the cryptographic maths involved in crypto-mining.

However, instead of spending money on hardware, some less savoury crypto-folk may nab that extra computing power through more nefarious means – i.e., from other people. Crypto malware can infect a whole device or just the web browser and uses up additional resources in the background to mine cryptocurrency, forwarding any spoils to the perpetrator through the internet. Though the point of cryptojacking isn’t to necessarily do the victim any harm, it is a drain on their IT resources and, in turn, productivity. It can send IT teams on a time-consuming (and sometimes expensive) wild goose chase trying to uncover the reasons behind slow PC performance and spikes in internet usage.

How Do I Avoid Cryptojacking?

Though cryptojacking malware can be spread in the same ways as traditional malware, some crypto-miners reach victims’ web browsers through infected display ads. So, install ad-blocking and miner-blocking browser extensions/add-ons within your web browser(s).

Other than that, it’s simply a case of avoiding malware in the usual ways: by using reliable, regularly updated antimalware software; by investing in a good firewall with gateway malware protection; by using strict content filtering; and by embarking on team-wide cyber-awareness training.


4. Malicious Intrusion Attempts

The Stats

At first glance, things look pretty dire: SonicWall’s figures show a 10.7% yearly rise in all intrusion attempts – that’s 5.3 trillion (yep, with a T) separate incidents.

Yet digging a little deeper yields some positive news. You see, not all intrusion attempts counted by the threat network are malicious – some are simply times where devices and networks have been innocently scanned for or “pinged”.

When SonicWall filtered out all of the harmless stuff and only focused solely on “malicious intrusion attempts”, they’ve actually fallen by 28%.

What are Malicious Intrusion Attempts?

A malicious intrusion attempt is when a threat actor tries to gain access to or control over a system by exploiting some kind of vulnerability. These vulnerabilities can be well-known threats with fixes engineered, or they can be less-well-known and un-fixed – as is the case with zero-day vulnerabilities.

Once the attackers gain access to a device or network, what they do next depends on their plans. Sometimes, it can be a quick, in-and-out smash-and-grab; other times the attacker may try and establish some kind of persistent backdoor to slowly exfiltrate data or to give them a quick way back in when the time is right. Sadly, the only limit is cybercriminals’ imaginations.

How do I Avoid Malicious Intrusion Attempts?

Thankfully, there’s a system available to prevent intrusions – inventively monikered an “intrusion prevention system” or IPS. IPSs inspect incoming traffic for signs of potential intrusion, and monitor internal network traffic patterns for any kind of suspicious cross-network traffic. If you have a wireless network, you’ll also need a Wireless IPS (WIPS) to defend against the ways criminals can compromise wireless networks from within range.

Other than that, it’s just a case of keeping all of your software up to date to avoid zero-day infections, using solid endpoint protection, and applying a healthy dose of cyber-scepticism ingrained in your team through good cyber-awareness training.

We know that keeping an eye on tools like IPSs, firewalling, and endpoint protection network-wide sounds like a lot. That’s because it often is. However, Network Security Monitoring can be easily outsourced and is much more affordable than suffering an attack! Our security analysts can monitor your network from afar and immediately notify you should anything untoward happen.


5. Internet of Things (IoT) Malware

The Stats

This year’s SonicWall report shows a 6% year-on-year increase in IoT malware, a total of 60.1 million attacks. Compared to 2019’s meteoric 218% rise, this is welcome news. SonicWall seems to agree, commenting that IoT malware “may be levelling off” and “shows signs of stabilising”.

However, we must remember that even a stable or diminishing threat is bad news when you’re the one on the receiving end!

Gadget icon vector created by macrovector – www.freepik.com

What is Internet of Things Malware?

IoT malware is malware specifically designed to infect internet of things devices – that can be anything from complex SCADA/industrial control systems to smart speakers and wearable tech. It can be used to alter the device’s operation; to provide a backdoor into a network; to spread malware to traditional IT devices; to leapfrog to devices or other parts of the supply chain; and more. There are numerous IoT threats out there – as Just Firewalls detail in their excellent post Internet of Things (IoT) Risks: A Cyber Security Danger Zone?

How Do I Avoid Internet of Things Malware?

The Just Firewalls team discussed a number of actionable pointers on the above blog, some SCADA tips here, and we’ve written about ICS security too. But to echo some of the most essential advice:

  • Update your IoT device’s firmware whenever prompted, even if it’s at an inopportune time.
  • Change any device’s access or control credentials from their pre-loaded defaults.
  • Never connect your IoT devices directly to the internet, make sure they are connected “behind” your firewall, intrusion prevention systems, and other security measures.
  • Power down your IoT devices when not in use and reboot them during any available downtime. Powering off devices like these generally clears the RAM of all data – including any malicious code.
  • Upgrade your firewall every 5 years.

In Conclusion

SonicWall’s report is a valuable peek into the current cybercrime status quo. However, as with most things, it pays to arm yourself with data from a variety of sources, so also check out Sophos’s 2022 Threat Report (if you like a long read) and WatchGuard’s 2022 Predictions (if you like a good laugh). Honestly, WatchGuard’s just letting Corey and Marc live out their dreams of being a comedy duo at this point and we’re all for it. These sources bring new and compelling topics into the mix, like space-hacking, using AI in the fight against cybercrime, and state-sponsored mobile attacks. So, keep an eye firmly on the cyber security headlines and your wits about you; because whatever happens online during the rest of 2022, it’s certainly not going to be boring.


In times of cyber-uncertainty, you need experts in your corner. Whether you’re after training, penetration testing, managed security services, or any of the solutions we’ve discussed above – book a consultation with the team today.