March 23, 2022

Malwarebytes Annual Report Reveals Massive “COVID Bounce” in Cyberthreats

A challenging year for security, 2021 was defined by a resurgence in dangerous cyberthreats affecting organizations and individuals, while revealing systemic weaknesses in legacy systems and software supply chains

San Francisco, Calif. – March 23, 2022 – MalwarebytesTM, a global leader in real-time cyberprotection, today announced the findings from the 2022 edition of its annual “Threat Review” report. At a particularly perilous moment for privacy and security, Malwarebytes’ research uncovered a “COVID bounce,” a massive 2021 resurgence of cyberthreats across multiple categories following pandemic-induced declines in 2020.

Malwarebytes tracked a 77% increase in malware detections over 2020. Business-focused cyberthreats jumped 143%, while consumer-specific threats rose by 65% to more than 152 million in 2021. This increase represents more than a return to business as usual, with detection numbers far exceeding pre-pandemic figures.

“2021 was a challenging year for both cybersecurity and user privacy, which points to alarming trends,” said Marcin Kleczynski, CEO of Malwarebytes. “With workforces still dispersed, cybercriminals capitalized on both new and latent vulnerabilities, burrowing deeply into critical infrastructure and infecting supply chains, driving increased threat volume, and homing in on targets with maximum potential for disruption. In this climate, ensuring every person and organization is thoroughly fortified against attacks through a simplified patching process and layered security is more critical than ever.”

Surge in Surveillance

In the wake of 2020’s lockdowns and stay-at-home orders, stalkerware surged, with spyware detections increasing 1,600% [1] in the first six months of that year. 2020 was the worst year for stalkerware to that point, but 2021 would prove to be even worse. Malwarebytes detected Android monitoring apps 54,677 times and spyware apps 1,106 times, notable figures for this targeted form of abuse, especially due to Android’s history of adware issues.

As a founding member of the Coalition Against Stalkerware, Malwarebytes also highlights growing stalking concerns with Apple devices. In 2021, Pegasus spyware infected iPhones used by journalists and government officials, enabling surveillance of their locations and data. Average users also began struggling with the pros and cons of Apple-developed location trackers – AirTags – that enabled potential victims to be silently monitored by perpetrators. Despite several software updates enabling AirTags to reveal themselves after periods of quiet use, millions of people still face the prospect of being monitored without consent.

Additional key findings from the report include:

  • In addition to the “COVID bounce” in both consumer and business-oriented malware, Malwarebytes tracked 56% year-on-year growth in malware sent via email.
  • Mac detections also increased more than 200% YoY, climbing to 164 million, as unwanted app installs from aggressive and/or misleading marketing continued to grow.
  • Although ransomware detections decreased in number – falling 38% from 2020 – ransomware gangs became more targeted, leading to more severe attacks on critical infrastructure and supply chains. The impact of ransomware is predicted to grow in 2022, as ongoing hybrid work perpetuates ongoing vulnerabilities.
  • The large mountain of technical debt in widely used apps and code became due, as latent vulnerabilities were exploited in the software billions of people rely upon daily.  The IT world asked, “why is patching so hard?” as zero-day attack chains in Microsoft Exchange Server, 18 zero-day vulnerabilities in Google’s Chrome browser, and a Log4j vulnerability with a CVSS score of 10 out of 10 were discovered.

For a detailed analysis of the report findings, as well as 2022 predictions, please view Malwarebytes’ 2022 Threat Review report here:

To learn more about Malwarebytes, visit the blog, follow us on Twitter, or check us out on LinkedIn.

[1] 2021 State of Malware report

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.