Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Risk Management
  3. Financial Risk Management

The next big risk in cybersecurity: cryptojacking and IoT malware attacks

Cryptojacking and internet of things (IoT) malware cyber attacks set a new yearly record in 2022, giving treasury, finance and security leaders across regions and industries plenty to worry about.

Cryptojacking is a type of cybercrime that refers to the unauthorized use, hijacking or takeover of someone else’s computer or mobile device to mine cryptocurrency. Cryptocurrency mining consumes massive amounts of energy that drive electricity bills up, which is why cyber criminals prefer using others’ computer infrastructures (computers, smartphones, tablets and network servers) to mine cryptocurrency for their own benefit.

IoT malware is a type of malware designed to take over connected, or IoT, devices. These devices include connected cars and connected devices (gadgets, sensors, actuators, appliances and machines) in smart offices and homes, as well as industrial control systems (water treatment facilities, power plants and more) and medical devices that are used to transmit data in real-time over the internet or across a wireless network.

IoT malware is used to steal sensitive data and remotely monitor and control the compromised device for nefarious purposes, as well as for ransomware attacks and cryptojacking.

2022 was characterised by a spike in cryptojacking and IoT malware. “The year brought a seismic shift in cybercriminal behavior”, observed the 2023 SonicWall Cyber Threat Report, with threat actors pushing cryptojacking and IoT malware to a new high.

To offer “actionable insights to arm organizations against today’s ever changing environment” and to act as a “Guide to attackers’ rapidly evolving tactics”, SonicWall published the 11th edition of the annual SonicWall Cyber Threat Report.

Cryptojacking setting records

“The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything – from education to retail to finance”, said Bob VanKirk, President and CEO, SonicWall.

With the decline in ransomware attacks in 2022, cryptojacking surged as some cybercriminals shifted from ransomware to more stable revenue streams. This drove cryptojacking attempts past the 100 million mark, which was “More cryptojacking than SonicWall had ever observed in a single year”, cautions the report.

Source: 2023 SonicWall Cyber Threat Report

With cryptojacking incidents accelerating significantly, by the end of 2022, “SonicWall Capture Labs threat researchers recorded 139.3 million cryptojacking attempts, a 43% year-over-year increase.” This also marks a substantial 142.3% increase since SonicWall began tracking cryptojacking in 2018.

SonicWall also detected a shift in the regions being targeted. While Latin America (LATAM) was the only region to see a drop, with a 66% dip in cryptojacking volume, “In North America, which typically sees by far the most attacks, volume rose from 78.0 million in 2021 to 105.9 million in 2022 — a 36% increase, and more than the entire world saw the year before”, stated the SonicWall report.

While Asia experienced a significant year-over-year increase of 129%, rising from 3 million to 6.9 million, it was “Europe where cryptojacking grew the fastest: Volume there soared from 3.4 million in 2021 to 22.0 million in 2022, an increase of 548%”, the report noted.

IoT Malware nearly doubled

While IoT malware attack volume rose just 6% in 2021 from the year before, this easing proved to be a temporary respite. In 2022, IoT malware skyrocketed, also surpassing the 100 million mark for the first time to establish a new annual record.

Source: 2023 SonicWall Cyber Threat Report

The report further revealed that, given the spike in malware targeting of IoT devices, “SonicWall Capture Labs threat researchers recorded 112.3 million attacks in 2022, an 87% year-over-year increase.”

These IoT malware attacks witnessed across-the-board increases at the regional level, with North America being the hardest-hit region. “Much of this spike was centered in North America, where attacks rose 145%, and the U.S., which saw volumes rise 169%”, the report further added.

As IoT malware soared in North America last year, the gap between it and the second highest region, Europe, widened significantly, from just a few million to around 40 million. By the end of 2022, North America had recorded 62.9 million attacks, compared to 23.2 million in Europe, as per the SonicWall report.


The 2023 SonicWall Cyber Threat Report has issued a wake-up call for treasury, finance and security executives, given that cybercriminals favour stealthier cryptojacking and IoT malware attacks to generate big revenue with ease and minimal effort.

Buttressing this silent yet insidious security threat is the growing ubiquity of connected devices and networks that make easy targets for hackers. This represents a major threat for companies, small and large, across various regions and industries, including retail, finance, education and healthcare.

As the aggressive growth of cryptojacking and IoT malware continues, it could morph into taking over phones and potentially entire organization networks. It may be a good idea to heed the advice of Bob VanKirk, President and CEO, SonicWall: “In this volatile threat environment, preparation is more critical than ever before. And today, being prepared means more than just deploying the most advanced solutions. It means developing comprehensive cybersecurity strategies, based on the most current threat intelligence available.”

Like this item? Get our Weekly Update newsletter. Subscribe today

About the author

Also see

Add a comment

New comment submissions are moderated.