The State of Consumer Cybersecurity 2023

From Researchers at ReasonLabs’ Threat Intelligence Center

A Consumer Cybersecurity Trends Report

In today’s digital world, home users from all around the globe are spending increasing amounts of time online. Whether it be for online shopping, gaming, working remotely, online classes, streaming content, or any other reason, home users simultaneously face a seemingly endless barrage of cyber threats. Some cyber threats, such as phishing scams or Trojanized files, have been around for a long time. Other threats are new, born out of emerging technologies such as virtual or mixed reality.

One commonality that unites most individuals or home users, no matter where they are in the world or what their socioeconomic status might be, is a lack of adequate cybersecurity with the capabilities of protecting their devices and home networks from next-generation threats. Many legacy consumer-focused antivirus providers have antiquated engines and users of their systems must replace them with next-generation antivirus solutions.

In this cyber security report, researchers from ReasonLabs’ Threat Intelligence Center (TIC) detail the most common threats that consumers encountered in 2022. While comparing year-over-year metrics from 2021, they are able to provide much-needed context around the growth of certain threats. TIC researchers also describe where these threats have succeeded the most and what their damage possibility was, or could be in the future.

In this cyber security report, researchers from ReasonLabs’ Threat Intelligence Center (TIC) detail the most common threats that consumers encountered in 2022. While comparing year-over-year metrics from 2021, they are able to provide much-needed context around the growth of certain threats. TIC researchers also describe where these threats have succeeded the most and what their damage possibility was, or could be in the future.

The Home Cybersecurity Landscape

Over 15% of malicious web extensions we detected throughout 2022 came from users in the U.S.

The rise in HackUtilities detections from 4% in 2021 to over 20% in 2022, as well as recent outside research, shows that online piracy is either at or near an all-time high.

Work-from-home has given attackers a new entry point into the corporate network as often home networks are far less secure.

Newly promoted U.S. legislation around companies engaging in ransomware demands has forced attackers to deploy ransomware on home users instead of large corporations.

The Metaverse has now arrived and alongside it has come next-generation cyber threats, such as the attack vector identified by our researchers earlier this year.

In 2022, Trojans, such as coin miners, backdoors, infostealers, RATS, and spyware, accounted for 30% of all detections affecting home users.

Phishing remains the leading malware distribution method affecting home users and remote employees worldwide.

Cyberwarfare is generally thought of as a nation-state attacking a nation-state, however, the consequences often trickle down to average citizens who do not usually engage in war.

The bypassing of Two-Factor Authentication (2FA) will be exploited more in the coming years, as it was in 2022.

Easy-to-use Cybercrime-as-a-Service (CaaS) products, typically focused on delivering ransomware, malware, and phishing threats, are sharply on the rise.

Download Report

The Most Common Threat Detections From 2022

This year’s investigations found that Potentially Unwanted Programs (PUPs) skyrocketed to the top of the general threat detections list, with 31% of all threats registering in that category. PUPs overtake Trojan Viruses, which held the top spot last year and now come in second place for 2022. 2022 saw a drop in the detection of Miners to 4% vs. 14% in 2021. We also found a drop in Adware detections in 2022 compared to 2021, and an increase in HackUtilities in 2022 compared to 2021. Let’s take a look at the numbers:

Top Detections By General Categories in 2022

The Top Exploits of 2022

An exploit is a cyber threat that can affect every user worldwide, not just employees of large enterprises. Exploits function by taking advantage of avulnerability inside computer software or hardware. Here are the top exploits consumers faced in 2022 and could potentially face in the years to come:

Cyberwarfare Targeting Home Users Is Rising

Cyberwarfare is commonly thought of as a nation-state attacking a nation-state.However, often the consequences trickle down to average citizens who do not usually engage in war. There have also been reports of the direct targeting of citizens and civilians in cyberwarfare campaigns by nation-states in recent years. The most notable examples of this come from the ongoing war in Ukraine. Here is some of our data that shows what’s happening to home users around the world:

Emerging Cyber Threats & Trends

As technology advances, so too do cyber threats. Next-generation technology such as the Metaverse, IoT devices, autonomous vehicles, robots, and more may usher us into the future. However, many of those technologies are here now, andconsumers must be protected from the novel threats they bring.

Cybersecurity Predictions for 2023

2023 is only just beginning, but the trends and recurring threats we have witnessed over 2022 show no signs of slowing down. Here are five predictions for what we can expect throughout the cybersecurity industry in 2023:

Phishing and social engineering will become more and more sophisticated as home users become more aware of common tactics. Home users remain the easiest targets as AV providers are focused on securing enterprise dollars for their services.

We will see more Phishing-as-a-Service (PaaS) threats to home users, which refers to the practice in the cybercriminal ecosystem of providing phishing products and phishing services to other cybercriminals.

The continued targeting of unsecured consumers such as tweens and teens, who are highly connected and starting to use crypto, buying into the metaverse and other digital assets.

The cracking and bypassing of Two-Factor Authentication (2FA) will be exploited more and more in the coming year.

The continued deployment of next-generation threats as next-generation technologies, such as virtual reality, make it into the mainstream.

How Home Users Can Protect Themselves

There are many endpoint security tools available that home users and remote employees can utilize to shore up their at-home cybersecurity. These tools not only include physical and digital products but also include general education. Here’s a quick overview of the tools needed to protect the home user:

An endpoint protection system with Next-Generation Antivirus like RAV Endpoint Protection

Learn More

A virtual private network such as RAV VPN

Learn More

Domain name system filtering like Safer Web DNS

Learn More

Parental control software such as FamilyKeeper

Learn More

General education & cybersecurity awareness

Learn More