Have Malware Attacks Become More Common?
Today, we’re going to discuss a topic that’s more important than ever in 2024 – the number of malware attacks.
Cybercrime has evolved so much that it’s becoming harder and harder for companies to protect themselves against malware. The sophistication of some of these cyberattacks is through the roof as well.
In this article, I’ll show you how common malware attacks have become, and which industries are targeted the most.
Enjoy!
Annual Number of Malware Attacks Worldwide from 2015 – 2022
While we don’t have data for 2023 yet, Statista shows us the how many malware attacks happened yearly across the world from 2015 to 2022.
Here’s what the data shows:
| Year | Number of Malware Attacks |
| 2015 | 8.2 billion |
| 2016 | 7.9 billion (-3.65%) |
| 2017 | 8.6 billion (+8.86%) |
| 2018 | 10.5 billion (+22.09%) |
| 2019 | 9.9 billion (-5.71%) |
| 2020 | 5.6 billion (-43.43%) |
| 2021 | 5.4 billion (-3.57%) |
| 2022 | 5.5 billion (+1.85%) |
Over the years, it seems that the number of malware attacks has decreased, with 5.5 billion in 2021.
This is a 32.92% decrease from the 8.2 billion attacks in 2015, which is a 7-year difference.
2022 has seen 100 million more malware attacks compared to 2021, though, but this is still a far cry from the numbers we’ve seen in 2015, 2016, 2017, 2018, and 2019.
So far, the situation is looking good but let’s keep looking!
Distribution of Malware Attack Vectors Worldwide from 2018 to 2022
In this section, I will show you which vectors (attack methods) are used by hackers to launch malware attacks on their victims.
Statista provide us with the data:
| Year | Web Malware Attacks | Email Malware Attacks |
| 2015 | 67% | 33% |
| 2016 | 36% (-46%) | 64% (+93%) |
| 2017 | 17% (-52%) | 83% 9 (+29%) |
| 2018 | 16% (-5.88%) | 84% (+1.2%) |
| 2019 | 14% (-12%) | 86% (+2.3%) |
Over the years, threat actors have shifted from web-based malware attacks to email-based attacks, showing a change in their attack patterns.
Email malware attacks increased by 160% from 2018 to 2022, and web malware attacks decreased by 79%.
The reason for this is the increased efficiency in email-based malware attacks. There are more attack options and the victims are more vulnerable on their emails.
Plus, these attacks are easier to pull off, as the simplest phishing attacks on email only require an active internet connection, a well-crafted email, and a virus in an attachment.
Distribution of Malware Attacks in Global Regions in 2022, by Category
Let’s take a look at the malware categories used in cyberattacks in selected global regions in 2022:
| Type of Malware | Global | Americas | EMEA | APAC |
| Multipurpose Malware | 32% | 23% | 33% | 44% |
| Crypto-Miners | 16% | 12% | 15% | 25% |
| Ransomware | 7% | 5% | 8% | 9% |
| Infostealers | 24% | 18% | 25% | 30% |
| Mobile | 9% | 7% | 8% | 14% |
*EMEA – Europe, the Middle East, and Africa
**APAC – Asia-Pacific
Multipurpose malware was the most common type of malware used in cyberattacks globally, with Asia Pacific being the prime target.
Infostealers came a close second, with Asia Pacific still receiving the brunt of these attacks.
And then, there are crypto-miners, mobile malware, and ransomware in terms of distribution variety.
Multipurpose malware include trojans, botnets, worms, and more. These are malware who can perform multiple actions across several attack chains.
Most importantly, these malware are able to evade security controls and infiltrate systems with a lower chance of detection.
Global Industry Sectors Most Frequently Targeted by Malware Attacks from July 2022 – August 2022
Next, I’ll show you which sectors have been targeted the most by malware attacks in July-August of 2022.
Here’s the data:
| Industry | Number of Malware Attacks |
| Education | 5,130,197 |
| Retail and Consumer Goods | 574,926 |
| Healthcare and Pharmaceuticals | 329,820 |
| Telecommunications | 141,598 |
| Power and Utilities | 93,662 |
| Financial Services and Insurance | 93,258 |
Between July and August 2022, the education sector emerged as the most heavily targeted industry for malware attacks, recording nearly 5 million incidents during that period.
In stark contrast, the retail and consumer goods sector experienced just 574,926 attacks—an 88.79% decrease by comparison.
These numbers highlight just how attractive the education industry has become to cybercriminals, particularly when it comes to malware-based threats.
One key reason behind this trend is the rapid digital transformation triggered by the pandemic.
As schools, universities, and other institutions shifted to online learning platforms, many lacked the robust cybersecurity infrastructure needed to defend against evolving threats.
This sudden reliance on remote technologies has left educational institutions more exposed, making them prime targets for attackers seeking to exploit weak systems, outdated software, and undertrained users.
Year-Over-Year Change in Global Malware Attacks in 2022, by Industry
Let’s have a look at how 2022 compared to 2021 in terms of the number of malware attacks distributed across several industries:
| Industry | Year-Over-Year Change |
| Education | +157% |
| Finance | +86% |
| Retail | +50% |
| Healthcare | -15% |
| Government | -58% |
This chart confirms what we’ve seen previously – that the Education sector has become the most targeted industry in the world.
There’s been a 157% increase in the number of attacks against the Education sector since between 2021 and 2022.
Finance comes second with an 86% increase, which is almost half as much attacks in the same period.
The Healthcare and Government sectors saw a decrease in the number of malware attacks against them, on the other hand.
This is likely because the Education, Finance, and Retail sectors were the most vulnerable targets in that period.
Year-Over-Year Change in Weekly Malware Attacks in 2022, by Industry
Lastly, I’ll show you the year-over-year change in the weekly number of malware attacks globally in 2022, by industry:
| Industry | Year-Over-Year Change |
| Education/Research | 43% |
| Government/Military | 46% |
| Healthcare | 74% |
| Communications | 27% |
| Internet Service Provider/Managed Service Provider | 28% |
| Finance/Banking | 52% |
| Utilities | 48% |
| Insurance/Legal | 47% |
| Manufacturing | 36% |
| Leisure/Hospitality | 60% |
| SI/VAR/Distributor | 18% |
| Retail/Wholesale | 66% |
| Transportation | 41% |
| Software Vendor | 37% |
| Consultant | 19% |
| Hardware Vendor | 25% |
The year-over-year increase in weekly malware attacks between 2021 and 2022 shows that the Healthcare industry is under most weekly attacks.
It has seen a 74% increase in weekly malware attacks. The Education industry has only seen a 43% increase, despite this industry being the most targeted yearly.
All in all, the industries with a year-over-year increase over 50% in weekly malware attacks are:
- Healthcare at 74% YoY increase
- Retail/Wholesale at 66% YoY increase
- Leisure/Hospitality at 60% YoY Increase
- Finance/Banking at 52%
There’s not much more to say about this. These four industries are especially at risk of being attacked by malware based on the data above.
Conclusion
As of 2023, there have been 5.5 billion malware attacks worldwide, with the Manufacturing sector being the most targeted industry.
According to Statista, the most common cyber threat globally was Riskware, which I plan to discuss in a future article—stay tuned for that!
2022 saw an increase in malware attacks compared to 2021, indicating an upward trend in cyberattacks.
Although 2022 didn’t reach the peak of yearly global malware attacks (which occurred in 2018), it doesn’t mean we’re any safer. The threat landscape continues to evolve, and vigilance remains crucial.
Cybercrime-as-a-service has become extremely popular in recent months, leading to a new wave of hackers making victims all over the world.
All we can do is prepare ourselves better and become aware about the cybersecurity risks we’re putting ourselves in when going online.
Cyber insurance is especially important for businesses who operate online and who are storing valuable customer data.
Cybercriminals are getting more and more sophisticated in the methods they’re using, so awareness alone doesn’t cut it anymore…
Sources
Statista – Annual Number of Malware Attacks Worldwide from 2015 to 2022
Statista – Distribution of Malware Attack Vectors Worldwide from 2018 to 2022
Privacy Affairs – Why Is Phishing So Common & How to Protect Against It?
Statista – Distribution of Cyberattacks in Selected Global Regions in 2022, by Category
Privacy Affairs – Cybersecurity Deep Dive: What Is a Worm Attack?
Statista – Industry Sectors Most Frequently Targeted by Malware Attacks Worldwide from July 2022 to August 2022
Statista – Year-over-Year Change in the Number of Malware Attacks Worldwide Across Selected Industries as of 2022
Statista – Year-over-Year Change in Average Weekly Number of Malware Attacks in Organizations Worldwide in 2022, by Industry
Privacy Affairs – Cybersecurity Deep Dive: What Is Cybercrime-as-a-Service?
Privacy Affairs – What Is Cyber Insurance and How Does It Impact Cybercrime?
