2022 H1 Global Threat Analysis Report

  • Published: Thursday, Sept. 1, 2022

The H1 2022 Global Threat Analysis Report provides detailed insights into network and application attack activity.

Highlights of the report

DDoS attacks rise dramatically

The first six months of 2022 were marked by a significant increase in DDoS activity across the globe. Attacks ranged from cases of hacktivism to terabit attacks in Asia and the United States.

  • The number of malicious DDoS attacks climbed 203% compared to the first six months of 2021.
  • There were 60% more malicious DDoS events during the first six months of 2022 than during the entire year of 2021.

Patriotic hacktivism surges

During the first half of 2022, patriotic hacktivism increased dramatically.

  • Both established and newly formed pro-Ukrainian and pro-Russian cyber legions aimed to disrupt and create chaos by stealing and leaking information, defacements, and denial-of-service attacks.
  • DragonForce Malaysia, a hacktivist operation targeting Middle Eastern organizations in 2021 made a return in 2022. Its recent campaigns were political responses to national events. OpsBedil Reloaded occurred following events in Israel, and OpsPatuk was launched in reaction to public comments made by a high-profile political figure in India.
  • Major information and communication networks in the Philippines, including CNN, news network ABS-CBN, Rappler and VERA Files, were the target of DDoS attacks in connection with the country’s 2022 general elections.

Outside of the war realm, cybercrime groups re-emerged and went on with business

  • During the first half of 2022, a renewed campaign of RDoS attacks by a group claiming to be REvil emerged. This time the group was not only sending warning notes for ransom before the attack started, but also embedded the ransom note and demands within the payload.

Retail and high-tech top industries for most web attacks

During the first six months of 2022, an increase was observed in malicious transactions targeting online applications, dominated by predictable resource location and injection attacks.

Resources

The full report can be downloaded from the ungated link here.

Three blogs cover the key events and shifts in the threat landscape and are accompanying the report as separate publications:

The number of malicious web application transactions grew by 38%, compared to the first six months of 2021, surpassing the total number of malicious transactions recorded in 2020.

  • Predictable resource location attacks accounted for almost half (48%) of all attacks followed by code injection (17%) and SQL injection (10%).
  • The most attacked industries were retail and wholesale trade (27%) and high tech (26%). Carriers and SaaS providers ranked third and fourth, shouldering 14% and 7% of the attacks respectively.