Sticky Report

2022 BrightCloud® Threat Report: The year of innovation for cybercrime

2022 BrightCloud® Threat Report: The year of innovation for cybercrime
Userlevel 7
Badge +22
  • Sr. Security Analyst & Community Manager
  • 630 replies

Our latest BrightCloud®️ Threat Report is finally here! This year, our findings show us that cybercriminals are improving their efforts to evade detection. 2021 was the year where everything security-related that could go wrong did go wrong. We witnessed unprecedented attacks on the supply chain around the world. Despite American and Russian coordinated efforts to take down Emotet, REvil, and Conti, cybercriminals found avenues to resurrect themselves and carry out their lethal efforts.

The normalization of remote and hybrid work continued to shift the way bad actors pursue lucrative avenues for exploitation. We also witnessed cybercriminals strategically releasing their executed attacks during specific times of the year.

Our report is full of great insights. Some key findings include:

  • The Middle East, Asia, and Africa were the regions with the highest percentage of infections.
  • 53% of consumer PCs were infected more than once, and 19% infected more than 5 times.
  • Apple was most often impersonated company in phishing attacks.
  • Of all the places where malware could hide on business PCs, it uses %temp% more than half the time.

“With the introduction of Windows 11, bad actors won’t think twice about engaging in new and dangerous exploits that leverage new features not previously available.”

- Grayson Milbourne | Security Intelligence Director

  • During 2021, 82% of ransomware attacks targeted organizations with less than 1,000 employees. The smallest organizations, with 100 employees or less, comprised 44% of ransomware victims.
  • The year-end average for ransomware payments in 2021 more than doubled the 2020 average, hitting $322,168.

By combining layers, like inspecting all incoming emails, keeping PCs fully patched, using antivirus software and endpoint protection tools on all PCs and educating users on how to avoid phishing attacks and other forms of social engineering, you can make it less likely that attacks will succeed.

  • In 2021, we discovered over 4 million new high-risk URLs in 2021, almost 66% of them involved in phishing.
  • Bad actors like to time their phishing attacks. In the month of May alone, we witnessed a 770% increase in phishing activity.

To thwart these types of phishing attacks, users need to be trained to recognize shortened URLs and to find out where they redirect before clicking on them.

Last year was marked by innovation across the threat landscape. In this year’s full report, we delve into the developments affecting businesses large and small.

Download the report and discover for yourself our complete analysis and predictions powered by our BrightCloud®️ Threat Intelligence.

Be sure to sign up for our Webinar to learn more and win prizes


104 replies

Since formally joining the IT world in the early 80’s I have personally witnessed only a handful of infections. In those days I knew of the existence of two antivirus software applications. For the past 4 years I have satisfactorily and happily been protecting my devices and those of my customers with Webroot  ; )

It all boils down to 2 things for me, vigilance and training. People are the weak link in any attack and they will always be. 

This has shown to be true in every attack we have witnessed.

Userlevel 4

No Surprise at all to see Africa there. 

It should come as no suprise that ransomware attacks companies with under 1000 employees, they are more vunerable because they may not have the necessary security in place.

In my experience the sell of security to small companies is a lot harder than large and the education is also less.