OpenText’s 2022 Threat Report reveals largest cyber threats in 2021

Mark J. Barrenechea, Chief Executive Officer & Chief Technology Officer at OpenText

OpenText™ announces the 2022 BrightCloud® Threat Report which outlines key data points affecting small and large businesses, and individuals in the new hybrid world. This year’s report provides analysis, insights, trends, and predictions as firms move toward strengthening their resiliency in the face of ever-increasing cyberattacks and cyber warfare.

Hybrid work environments, along with rapidly shifting world affairs, continues to alter how we interact and presents new security challenges that opens lucrative avenues for bad actors.

What were the prevalent cyber threats in 2021?

Last year, phishing attacks escalated across email and other communications platforms and new high-risk malicious URLs were found hiding behind proxy avoidance and anonymizers.

While browser-based cryptojacking may have practically disappeared, cryptomining malware shifted into mainstream as cybercriminals continue looking for ways to compromise data.

“Businesses’ ability to prepare for and recover from threats will increase as they integrate cyber resilience into their tech, processes, and people. With security risks escalating worldwide, compromises are inevitable,” said Mark J. Barrenechea, OpenText CEO & CTO.

“The findings reiterate the need for firms to deploy strong multi-layered security defenses to remain at the heart of cyber resilience and circumvent the most creative cybercriminals.”

What were the key insights of OpenText’s report?

The 2022 BrightCloud® Threat Report had these key highlights:

Phishing & Impersonated Companies

  • 770% overall phishing activity spike during the month of May 2021
  • January – April 2021 saw a mere 9% of phishing activity
  • 54% of all detected phishing URLs in 2021 were from top-targeted brands: Apple, Facebook, YouTube, Microsoft, and Google according to the report
  • TO NOTE: eBay fell from being #1 impersonated brand in 2020, dropping out of the top 10 completely in 2021 as pandemic-related shortages eased.


  • 86.3% of malware is unique to a single PC; consistent YOY
  • 83% of Windows malware hides in one of four locations, noting that %appdata% saw a 46% decrease from the prior year, and %desktop% saw a 40% increase
  • TO NOTE: The number of malware files reaching Webroot-protected Windows endpoints dropped 58% between 2020 and 2021.

Infection Rates by Industry

  • Manufacturing registered 54% above average in 2021
  • Public Administration saw 41% rise above average in 2021
  • Finance and Insurance were 22% below average in 2021
  • TO NOTE: Manufacturing was the industry most likely to be infected in 2021 based on a willingness to pay ransoms to prevent supply chain disruptions.

The 2021 Colonial Pipeline incident was reminiscent of the damage and chaos from the 2017 NotPetya ransomware by Russian nation state attackers on the Ukrainian supply chain. We expect to see more attacks targeting manufacturers and supply chains in 2022. 

Infection Rates by Region

  • Japan, United Kingdom, North America, and Australia saw infection rates drop by 51% since the year prior according to the 2022 BrightCloud® Threat Report
  • United States held the largest number of malicious IP addresses and convictions (24.3%)
  • TO NOTE: Netherlands had the highest number of convictions per bad IP address (average 526), meaning that each malicious IP address in the Netherlands performed more malicious activity on average than the average malicious IP address in other countries.

“Cyber resiliency is a top proactive priority for organisations worldwide. Better understanding the known threats will play a key role in building and maintaining a strong layered security approach,” said Craig Robinson, IDC Program Director, Security Services.

Download the full 2022 BrightCloud® Threat Report here.