Cyberthreats rising in the build-up to the holiday season

The holiday season is fast approaching, and with it, three major online shopping events are rolling into sight. Black Friday, Cyber Monday, and Christmas are all record-breaking calendar days for retailers, yet outrightly notorious for cybercrimes, payment fraud, and shopping scams.  

Major retail holidays attract armies of well-equipped, determined cybercriminals, primed and waiting to target unsuspecting shoppers who may let their guard down, if only for a moment.  

Our research team will unravel which countries and regions are affected the most by cybersecurity vulnerabilities and threats, as well as which types of malware are flagged and deterred most frequently by Surfshark Antivirus around this time of year.

Table of contents

    Which countries are affected the most by cyberthreats? 

    The below heatmap shows the overall cyberthreats found per country when using Surfshark Antivirus scanning technology as a measurement. The map is regularly updated throughout the 2022 end-of-year holiday season to reflect the latest worldwide threat rate, i.e., detected threats per 100 completed scans.

    It’s only natural that countries with big populations detect more threats; thus, we chose metrics that eliminate this dependency. Threat rate can reveal a country’s trends more accurately, including how they compare to the rest of the world.

    The map completes cycles of 100 scans and reports on how many threats per scan users get over the monitoring period, as displayed in the time stamp at the top left-hand side of the screen. On average, every 50th scan finds at least one threat. 

    You can find the full research material here for ranked countries according to their threat rate. 

    Which regions are affected the most by cyberthreats?

    Our researchers reported which areas suffer the most from riskware and other criminal activity online this time of year. 

    While Europe tends to top the list more often than not, findings do change, and the information does update weekly. By interacting with the heatmap, you’ll see which specific countries have a higher (or lower) rate of cybersecurity vulnerabilities and threats compared to the running average.

    Which countries carry the highest weekly cyberthreat spikes?

    The infographic below reveals which countries suffer the highest threat rate spikes from week to week. The monitoring period started October 17 and recorded throughout 2022 online shopping season, ending with January 1st, 2023. The last graph also reports week-over-week for global threats per scan.

    Cyberthreats. Types, tactics, and characteristics

    Two of the most common holiday season threat types are malware and riskware. Riskware is a program made without malicious intent but has security vulnerabilities that give it the potential to become malware. 

    These threats pick up massive momentum in the build-up to and throughout key shopping holidays. And, with 560,000 new forms of malware detected daily, it pays to know what to watch out for when shopping online.

    What is malware?

    Malware is any software, product, or program created or installed on your computer to cause harm. Cybercriminals use malware to corrupt or delete files, steal money and personal information, copy passwords, or take control of specific programs

    The most common ways for malware to be installed are phishing emails, corrupt attachments, suspicious downloads, unfamiliar links, and malicious websites.

    The infographic below shows the most common threat types identified and flagged during Surfshark’s Antivirus scans, including malware such as viruses, trojans, worms, spyware, adware, bots, and more

    Each form of threat is ranked and recorded as a percentage of total threats found in the pie chart at the top of the infographic, like other data points in this article, and is updated weekly until January 1st, 2023. 

    Keep in mind that most threats presented are malware but some are categorized as riskware – i.e., software with the ability to create one or more security vulnerabilities or system breaches.

    Rising malware cases and occurrences

    Certain malware has become ever more “popular” in recent months. It’s good to know which threats are popping up frequently so that you can watch out for potential breaches and take the necessary precautions. Below are three of the newest and most threatening malware types operating in 2022.

    Wiper malware 

    A class of malicious software that will attack and erase an infected computer’s hard drive. Unlike ransomware, which temporarily encrypts data to extort money or information, wiper malware destroys it outrightly. 

    As of January 2022, around eight different iterations of wiper malware have been deployed as cyber weapons in the ongoing Russia-Ukraine war. HermeticWiper, IsaacWiper, and WhisperKill, among others, have targeted multiple Ukrainian entities and institutions, including government agencies, information systems, and private corporations. 


    With the rise of cryptocurrencies, there is also a rise in new ways for cybercriminals to make money, such as using cryptocurrency miners. Mining generates new crypto coins using huge computational power. Hackers aim to use the computational power of others to make more coins.

    CoinMiner can appear on a device through malicious email attachments or disguised together with legitimate software. For example, just recently, there were instances where such malware disguised as Google Translate or MP3 downloaders was mining cryptocurrency. However, not all coin miners are malicious; only those which use resources on a device without the knowledge and consent of the original owner.

    Clop ransomware

    Finally, Clop is a dangerous ransomware gaining popularity with cybercriminals worldwide. Like other iterations, Clop Ransomware sets out to connect to and encrypt a victim’s files or accounts and will only release them once a sum of money has been paid. 

    Clop mainly targets Windows applications and is currently considered the most dangerous form of ransomware in circulation, as it can infect multiple operating systems and networks simultaneously. It is primarily distributed using email or social engineering tactics. 

    Over one month in April 2022, a group of cybercriminals known as the “Clop Ransomware Gang”  attacked 21 high-profile organizations, infiltrating their systems and stealing critical information. 

    What’s the likelihood of getting several cyberthreats at once? 

    Remember that not all malware is created equal or, for that matter, performs the same function. Some act as standalone threats, while others move in bundles – today’s viruses, trojans, worms, etc., tend to multiply once they’ve infiltrated and infected a device.

    Software removal tools may eradicate some, while others can and will cause untold damage to files, folders, and operating software – not to mention the ever-present threat of compromised passwords.

    The above infographic shows which threats are carried over in bundles and how often. The number of threats found per confirmed scan (a scan with at least one threat) is split into four tiers: 1 threat found per confirmed scan, 2 to 4 threats, 11 to 50 threats, and 50+ threats per scan. According to the latest computer virus statistics, they are the most likely to be found in bundles on infected devices.

    Remember that malware severity fluctuates, and five trojans could be worse than 100 worms.

    Tips to protect yourself from threats online

    The old saying will always apply when it comes to Black Friday and other upcoming holidays. “If it sounds too good to be true – it probably is.”  

    So, before heading off, here are some holiday cybersecurity tips you can put in place to protect your accounts when you shop online for deals. 

    Avoid unfamiliar sites: Steer clear of unknown or unvetted sites that offer discounts too good to be true on anything from designer electronics to branded merchandise and similar. Make sure the site you’re on is a trusted, regulated, and reputable entity. 

    Look for the lock icon: Make sure the website you’re visiting is using a secure HTTPS connection. You can identify legitimate sites by the lock icon in the address bar. 

    Update your software: Ensure the programs and apps you’re using for desktop and mobile browsing is up to date to avoid any potential security breaches. 

    Steer clear of suspicious links: Scammers will send malicious links via fake emails from unknown senders, including text messages and social accounts. Please do not click on them; instead, verify deals on a retailer’s official website before making a purchase. 

    Create strong passwords: Devise safe passwords for shopping portals, bank account logins, and similar that are uncrackable and track them with a reputable password manager. Moreover, use multi-factor authentication for an additional security layer. 

    Stick to brands you trust: Avoid creating online accounts at unvetted websites and stick to those you know and trust. 

    Watch for typos: Inconsistent grammar, multiple typos, strange phrases, and the like are a surefire indication that the site you’re on or messages you’re receiving are designed to be holiday season or Christmas scams. 

    Avoid public Wi-Fi: Cybercriminals use these connection points to intercept your private information. If you have no choice and need to log on, you can stay safe online with a secure VPN

    Use a credit card: If you need more clarification on whether a website is reputable, use a credit card, as, in the vast majority of cases, you’ll have zero liability for fraudulent transactions. You can also use a disposable or digital debit card where you’ll be able to easily cancel the card in the event of a breach. 

    Avoid cyberthreats and malware from the start

    Research shows that worldwide threats are on the rise. But, with the right information at your disposal, key holiday cybersecurity tips, and a trusted antivirus toolkit in your corner, you’ll easily outsmart the smartest scammers when shopping online this holiday season. 


    To compile this study, we looked into Surfshark One Antivirus encrypted data, which was aggregated and anonymized by our automated mechanisms. Our analysis has been ongoing since October 17, 2022. 

    We analyzed aggregated data and Antivirus statistics according to three major categories:

    • Threat rate (threats per 100 scans) by country: threat count divided by completed scans multiplied by 100;
    • Threat rate by its type;
    • Threat tiers: scan count that found 1, 2 to 10, 11 to 50, and more than 50 threats.

    Countries were ranked by threat rate, excluding those with too few scans completed.

    Data is updated weekly. 

    You can find the full research material here, with updated information from week to week.  


    Do cyberattacks increase during the holidays?

    Yes. Internet safety statistics show cyberattacks have a marked increase during the holidays, with phishing scams and various forms of ransomware remaining the most common cases. 

    What are the three major threats to cybersecurity today? 

    Three major modern-day threats to cybersecurity include malware, ransomware, and Distributed Denial of Service (DDoS) attacks, along with phishing and other forms of social engineering. 

    What are the 5 Cs of cybersecurity? 

    The five guiding principles of cybersecurity that carry significant importance for businesses are Change, Compliance, Cost, Continuity, and Coverage.