Skip to main content

2021 Threat Intelligence Shows Attacks Rising Across the Board

By 24th February 2022No Comments

While the world continued to grapple with the challenges of 2020 — such as the ongoing COVID-19 pandemic and the shift to remote work — cybercriminals were building on what they learned that year to become more adaptable and formidable in 2021.

But as cybercriminals followed the moves of an ever-changing world, SonicWall Capture Labs threat researchers followed the movement of cybercriminals, recording where they attacked, who they targeted and what sorts of new techniques they developed. By compiling these findings into the 2022 SonicWall Cyber Threat Report, we’re offering organizations the actionable threat intelligence they need to combat the rising tide of cybercrime.

“It’s imperative to understand the skill set of bad actors to ultimately thwart their increasingly sophisticated and targeted attacks,” SonicWall President and CEO Bill Conner said. “The 2022 SonicWall Cyber Threat Report shines a spotlight on the growing plague of ransomware and other attempts of digital extortion.”

Here are a few of the key findings from the report:


In 2021, SonicWall Capture Labs Threat Researchers recorded 623.2 million ransomware attempts globally, an increase of 105% year over year. This increase was fueled by large volumes of Ryuk, SamSam and Cerber attacks, which together made up 62% of the total ransomware volume.

While the growth in ransomware was unusually aggressive, so were many of the techniques ransomware gangs used to separate legitimate organizations from their money. Double extortion continued to grow in 2021, and terrifying new triple extortion techniques began taking hold as well. Supply-chain attacks and attacks on vital infrastructure also increased, putting pressure on lawmaking bodies around the world to unify against ransomware’s growing threats.


As attacks of nearly every type have grown over the past couple of years, we’ve been able to count on one silver lining: “Well, at least malware volume is down.” A look at the data for 2021, however, shows signs that this sustained fall may soon be coming to an end.

While malware was still down 4% year-over-year, this is the smallest percentage drop we’ve seen in some time, with a rebound in the second half almost completely erasing the 22% drop recorded for the first half. Moreover, malware didn’t fall everywhere: the UK and India saw increases of 48% and 41% respectively.

Log4j Exploits

From Dec. 11, 2021, through Jan. 31, 2022, SonicWall Capture Labs Threat Researchers logged 142.2 million Log4j exploit attempts — an average of 2.7 million attempts each day. The data shows threat actors pivoting to attack these vulnerabilities at an alarming rate, with large numbers of attempts continuing to this day.

(As a reminder, SonicWall has released a number of signatures to help protect customers against Log4j exploit attempts — if you haven’t yet patched your organization’s internal systems against these vulnerabilities, we strongly urge you to do so.)

Capture ATP and RTDMI

In 2021, SonicWall Capture Advanced Threat Protection (ATP) with Real-Time Deep Memory Inspection (RTDMI)™ became the only solution in ICSA Labs Advanced Threat Defense (ATD) certification history to earn four straight perfect scores, all without a single false positive.

SonicWall’s data on the evolution of Capture ATP and RTDMI shed some light on how we accomplished this feat. In 2021, RTDMI identified 442,151 never-before-seen malware variants, an increase of 65% year over year and an average of 1,221 per day.


Given 2021’s record-high cryptocurrency prices, not even mining crackdowns and increased federal scrutiny were enough to keep cryptojacking down. SonicWall Capture Labs threat researchers recorded a 19% year-over-year increase in cryptojacking, amounting to an average of 338 attempts per customer network.

Leave a Reply