Audit for IT NOW… Segregating IoT Networks Avoids IoT Malware

2023 global attack trends


IoT Malware in 2023

IoT Malware Jumps by More than a Third In the first six months of 2023, SonicWall Capture Labs threat researchers recorded 77.9 million IoT malware attacks, up 37% year to date and higher than any other six-month period on record. This total not only exceeds the midyear total of 2022 by more than 20 million, it also exceeds the full-year total for both 2020 and 2021, and is more than 2018 and 2019 combined. This record half was fueled by high attack volumes in Q1, followed by abnormally high attack volumes in Q2. When the monthly total for April reached 14.7 million, it set a new record — but in May, attack volumes nearly doubled, surpassing the 20-million mark for the first time and resulting in a second[1]straight record-breaking quarter.


IoT Malware by Region Cybercriminals spent the first half of 2023 shifting their sights away from North America, and IoT malware was no exception: While the region still saw the highest overall attack volume, it was also the only one to experience a decrease, falling 3% to 32.2 million. Meanwhile, a corresponding increase was occurring in Europe, Latin America and Asia. In Europe, first-half attack volume reached 12.1 million, an increase of 10% year-to-date. But it was Latin America and Asia that saw the biggest growth: In Latin America, IoT malware increased 164% to 8.5 million, and in Asia, attack volume soared to 23 million, an increase of 170%. The by-country data followed the same general trends as the regional data: The U.S. saw a 2% drop, bringing attack volume to 30.4 million, and the U.K. (up 53% to 4 million) and India (up a staggering 311% to 19.4 million) also fell in line with regional patterns. Only Germany bucked the trend: IoT attacks there dropped 30 percent, to 1.3 million attacks. IoT Malware by Industry Despite an overall increase in IoT malware, all but one of the industries we studied experienced a double-digit drop in the first half of 2023. Government and education both saw a steep decline of 73%, followed by a 70% decrease in finance and a 60% drop in healthcare. Only the retail industry saw an increase: SonicWall observed a 13% jump in attacks on these customers compared with the first six months of 2022.


Malware in 2023


Malware Continues Its Migration During the first six months of 2023, SonicWall Capture Labs threat researchers recorded 2.7 billion malware attempts globally, down just 2% from the 2.8 billion observed during the same time period in 2022. But while the year-to-date change was essentially flat, the trend line was anything but. While there were both peaks and valleys as the first half wore on, the direction was decidedly upward — leading to a June monthly volume of 576 million. Not only was this 46% higher than the 395 million hits observed in January, it was also the highest monthly malware total recorded since March 2020


Malware By State A look at malware volume rankings by state shows that cybercriminals are shifting targets here, too. The state with the highest malware volume last year, Florida, fell all the way to No. 4 this year. No. 2 California moved up into the top position, No. 3 New York fell to No.7, No. 4. Illinois is now No. 2, and No. 5 Texas is the new No. 3. But while all of last year’s top 5 found themselves on this year’s list, most of the other states from the 2022 Top 10 did not: Minnesota, Rhode Island, South Carolina and New Jersey all fell off the list, and were replaced by Ohio, Georgia, Tennessee and Michigan


But as we saw with the country-specific data, larger malware volumes don’t necessarily predispose an area to higher malware spread percentages. In fact, none of the top-ten states for volume also made the top-ten for malware spread. So if none of the top ten states for volume are the riskiest in terms of malware, which state is? Once again, it’s Kansas, where 12.6% of SonicWall sensors registered a malware attempt. Fortunately for those in the Sunflower State, however, this continues to fall: from 26.7% in 2020, to 21.4% in 2021, to 18.7% in 2022. At the other end of the malware spread spectrum was Maine, where only 7.4% of sensors logged a malware attempt


Malware by Industry While malware was down slightly overall, this wasn’t the case in any of the industries we studied. In fact, malware was one of three threat categories in which every industry we looked at experienced an increase in malware volume. (The other two were cryptojacking and encrypted threats.) But while these industries shared that in common, the similarities ended there — outcomes ranged from a near-negligible uptick to a near-tripling in attack volume. Government: Government customers saw the smallest year-to-date increase out of the industries listed here, with volumes creeping up just 2%. An average of 11.3% of government customers were targeted by a malware attack each month. Retail: Retail customers ended June with the second-lowest malware volume, and also experienced the second-lowest increase: Attacks on these customers jumped 39% over the first six months of 2022. Roughly 9% of retail customers saw an attack each month. Finance: So far in 2023, customers working in finance have experienced a 59% overall increase in malware volume. An average of 10% of these customers were targeted in a given month. Healthcare: While customers working in healthcare ended June with the second-highest malware attack volume, they saw a slightly smaller increase of 46% year to date. Approximately 10% of healthcare customers saw an attack each month. Education: In the first six months of 2023, education customers saw a staggering 179% increase in attack volume compared with the same time period in 2022. These customers were also the most likely to see an attack: An average of 16.6% were targeted every month. It’s worth noting that the malware trends we’re seeing in education are the result of two disparate trends. Higher education actually saw a decrease in malware attempts in the first half of the year, bringing their total attack volume down 42%. But this was more than offset by a massive spike in malware among K-12 organizations, which saw a staggering 466% increase in attacks year to date


Contact us!

MARK YOUR CALENDARS: September 27 10AM-2PM – SOS Small Business Summit

  • Mayor Trent Staggs: Our Keynote Speaker!

  • Amanda Millerberg: Service Coordinator to the First Lady of Utah, Abby Cox

  • And more…!

Topics will include:

  • Cyber-Security
  • Health/Wellness in the Workplace
  • Service in the community
  • Government & Business Interactions

Free Stuff

  • Lunch Provided!
  • Raffle Drawings!

For More Info:


Attached is a flyer for the event.


sos small business summit


Come and Support our Small Business


We have never had a ribbon-cutting ceremony for the past 20 years. We sort of missed that… :-/

We are making up for it by planning this event and 10X’ing any Ribbon Cutting!

  • We have vendors flying in from out of state to present on some crucial I.T. security topics!
  • Scott Gentry will be sharing his epic and legendary Phishing Training
  • Yours truly will be sharing insights on I.T. Security vs I.T. Efficiency – and How to make the best of both worlds happen, and how to build your I.T. from the Inside Out based on value – and making your I.T. work for you!

Come throw down a table! We Grow With You! Your Success is Our Success!


The venue will have multiple breakout rooms, and we are welcoming our clients to engage with us to share YOUR business! Set up a table and some flyers and swag! Contact Tawna White @ or 801-563-9700. We will also be reaching out more about this opportunity!




Verified by MonsterInsights