The holiday season is fast approaching, and with it, three major online shopping events are rolling into sight. Black Friday, Cyber Monday, and Christmas are all record-breaking calendar days for retailers, yet outrightly notorious for cybercrimes, payment fraud, and shopping scams. 

Major retail holidays attract armies of well-equipped, determined cybercriminals, primed and waiting to target unsuspecting shoppers who may let their guard down, if only for a moment.  

Our research team will unravel which countries and regions are affected the most by shopping season cyberthreats, and which types of malware are flagged and deterred most frequently by Surfshark Antivirus software around this time of year.

Table of contents

    Which countries are affected the most by cyberthreats? 

    The below heatmap shows the overall cyberthreats found per country when using Surfshark Antivirus scanning technology as a measurement. The map is regularly updated to reflect the latest worldwide threat rate, i.e., detected threats per 100 completed scans.

    It’s only natural that countries with big populations detect more threats, thus we chose metrics that eliminate this dependency. Threat rate can reveal a country’s trends more accurately, including how they compare to the rest of the world.

    The map completes cycles of 100 scans and reports on how many threats per scan users get over the monitoring period, as displayed in the data time stamp. On average, every 50th scan finds at least one threat. 

    You can find the list of ranked countries by their threat rate and full research material here.

    Which regions are affected the most by cyberthreats?

    Our researchers reported which areas suffer the most from riskware and other criminal activity online this time of year. 

    While Europe tends to top the list more often than not, findings do change, and the data does update weekly. By interacting with the heatmap, you’ll see which specific countries have a higher (or lower) threat rate than the region’s running average.

    Which countries carry the highest weekly cyberthreat spikes?

    The infographic below reveals which countries suffer the highest threat rate spikes from week to week. The monitoring period started on October 17 and will continue to be recorded throughout the 2022 online shopping season. The last graph also reports week-over-week global threats per scan.

    Cyberthreats. Types, tactics, and characteristics

    Two of the most common holiday season threat types are malware and riskware. Riskware is a program made without malicious intent but has security vulnerabilities that give it the potential to become malware. 

    These threats pick up massive momentum in the build-up to and throughout key shopping holidays. And, with 560,000 new forms of malware detected daily, it pays to know what to watch out for when shopping online.

    What is malware?

    Malware is any software, product, or program created or installed on your computer to cause harm. Hackers use malware to corrupt or delete files, steal money and personal data, copy passwords, or take control of specific programs

    The most common ways for malware to be installed are phishing emails, corrupt attachments, suspicious downloads, unfamiliar links, and malicious websites

    The infographic below shows the most common threat types identified and flagged during Surfshark’s Antivirus scans, including malware such as viruses, trojans, worms, spyware, adware, bots, and more

    Each form of threat is ranked and recorded as a percentage of total threats found in the pie chart at the top of the infographic and, like other data points in this article, is updated weekly. 

    Keep in mind that most threats presented are malware but some are categorized as riskware – i.e., software with the ability to create one or more security vulnerabilities or system breaches.

    Rising malware cases and occurrences

    Certain malware has become ever more “popular” in recent months, and it’s good to know which threats are popping up frequently so that you can watch out for potential breaches and take the necessary precautions. Below are three of the newest and most threatening malware types operating in 2022.

    Wiper malware 

    A class of malicious software that erases (or wipes) an infected computer’s hard drive. Unlike ransomware, which temporarily encrypts data to extort money or information, wiper malware destroys all existing data outrightly. 

    As of January 2022, around eight different iterations of wiper malware have been deployed as cyber weapons in the ongoing Russia-Ukraine war. HermeticWiper, IsaacWiper, and WhisperKill, among others, have targeted multiple Ukrainian entities and institutions, including government agencies, information systems, and private corporations. 


    With the rise of cryptocurrencies, there is also a rise in new ways for cybercriminals to make money, such as using cryptocurrency miners. Mining generates new crypto coins using huge computational power. Hackers aim to use the computational power of others to make more coins.

    CoinMiner can appear on a device through malicious email attachments or disguised together with legitimate software. For example, just recently, there were instances where such malware disguised as Google Translate or MP3 downloaders was mining cryptocurrency. However, not all coin miners are malicious; only those which use resources on a device without the knowledge and consent of the original owner.

    Clop ransomware

    Finally, Clop is a dangerous ransomware gaining popularity with cybercriminals worldwide. Like other iterations, Clop Ransomware sets out to encrypt a victim’s files and data and will only release them once a sum of money has been paid. 

    Clop mainly targets Windows applications and is currently considered the most dangerous form of ransomware in circulation, as it can infect multiple operating systems and networks simultaneously. It is primarily distributed using email or social engineering tactics. 

    Over one month in April 2022, a group of cybercriminals known as the “Clop Ransomware Gang”  attacked 21 high-profile organizations, infiltrating their systems and stealing critical data. 

    What’s the likelihood of getting several cyberthreats at once? 

    Remember that not all malware is created equal or, for that matter, performs the same function. Some act as standalone threats, while others move in bundles – today’s viruses, trojans, worms, etc., tend to multiply once they’ve infiltrated and infected a device.

    Software removal tools may eradicate some, while others can and will cause untold damage to files, folders, and operating software – not to mention the ever-present threat of compromised data or passwords.

    The above infographic shows which threats are carried over in bundles and how often. The number of threats found per confirmed scan (a scan with at least one threat) is split into four tiers: 1 threat found per confirmed scan, 2 to 4 threats, 11 to 50 threats and 50+ threats per scan.

    Remember that malware severity fluctuates, and five trojans could be worse than 100 worms.

    Tips to protect yourself from threats online

    The old saying will always apply when it comes to Black Friday and other high-profile shopping holidays. “If it sounds too good to be true – it probably is.”  

    So, before heading off, here are some preventative measures you can put in place to keep your accounts and your data safe while shopping online for deals. 

    Avoid unfamiliar sites: Steer clear of unknown or unvetted sites that offer discounts too good to be true on anything from designer electronics to branded merchandise and similar. 

    Look for the lock icon: Make sure the website you’re visiting is using a secure HTTPS connection. You can identify legitimate sites by the lock icon in the address bar. 

    Update your software: Ensure the programs and apps you’re using for desktop and mobile browsing are up to date to avoid potential security breaches. 

    Steer clear of suspicious links: Scammers will send malicious links via email, mobile or social. Please do not click on them; instead, verify deals on a retailer’s official website.

    Create safe passwords: Devise safe passwords for shopping portals, bank accounts, and similar that are uncrackable and track them with a reputable password manager. 

    Stick to brands you trust: Avoid visiting unvetted websites and stick to those you know and trust. 

    Watch for typos: Inconsistent grammar, multiple typos, strange phrases, and the like are a surefire indication that the site you’re on or messages you’re receiving are potential scams. 

    Avoid public Wi-Fi: Cybercriminals use these connection points to intercept your data. If you have no choice and need to log on, use a secure VPN.

    Use a credit card: If you need more clarification on whether a website is reputable, use a credit card, as, in the vast majority of cases, you’ll have zero liability for fraudulent transactions. You can also use a disposable, or digital debit card where you’ll be able to easily cancel the card in the event of a breach. 

    Avoid cyberthreats and malware from the start

    Research shows that worldwide threats are on the rise. But, with the right information at your disposal, key avoidance tactics in place, and a trusted antivirus toolkit in your corner, you’ll easily outsmart the smartest scammers this holiday season. 


    To compile this study, we looked into Surfshark One Antivirus encrypted data, which was aggregated and anonymized by our automated mechanisms. Our analysis has been ongoing since October 17, 2022.

    We analyzed aggregated data according to three major categories:

    • Threat rate (threats per 100 scans) by country: threat count divided by completed scans multiplied by 100;
    • Threat rate by its type;
    • Threat tiers: scan count that found 1, 2 to 10, 11 to 50, and more than 50 threats.

    Countries were ranked by threat rate, excluding those with too few scans completed.

    Data is updated weekly. You can find the complete research material here.