Product of the year 2022: Summary of security tests

2 February 2023

We award "Product of the Year 2022" for excellent results in security tests

The most severe threats and attacks of the year 2022

2022 dominated by ransomware and wipers.

During the entire year developers of modern endpoint security solutions update their software several times by fixing errors and adding new features. Thanks to the in-depth Advanced In-The-Wild Malware Tests it is possible to check the effectiveness of protection throughout the year. Cyber criminals are constantly looking for new ways to outsmart the security of systems and applications designed to protect, and because the existence of malware in the wild is short but dynamic and destructive, developers must adapt protection technologies for systems preventing data theft, encryption, or destruction by so-called wipers.

Fortinet claims that this is a trend of the evolution of threats as one of the hacker’s tools, as evidenced by the spread of malicious software that removes data. Ransomware-Wiper is designed to destroy or delete important data on computers and network. It can be delivered in different ways, including email attachments, malicious websites or software installers. If you think you may be a victim of an attacks, it is important to take an immediate action to minimize harm and prevent further spreading. This may include isolating workstation, restoring data from backup, or seeking help from cyber security specialist.

In 2022 cyber criminals sent much more messages with malicious content than in 2021. Developers of the oldest Polish antivirus mks_vir noted a significant increase in encryption threats. Out of all detected malicious files, as many as many as 40% were ransomware, often with a payload that destroys data.

There were also “old players” with a participation of 10% in the controlled Emotet botnet and related attacks: traffic redirection, spam, DDoS, credential stealing. PUAs and PUPs had clear participation in statistics as fake antivirus, applications pretending to clean the system or update drivers (16%), spyware, and adware (10%). A large percentage of this type of applications has an advanced mechanism that make them difficult to detect and remove from the system.

The most popular systems in telemetry of Polish developer are: Windows 10 (74%), Windows 7 (11%), Windows 11 (11%), Windows 8/8.1 (3%), Windows XP/Vista (1%). It is worth mentioning that despite only 1% of the market share for the old Windows XP and Vista systems, their presence is stable and does not decrease in developer’s statistics, mainly due to the use of old hardware and the need for older versions of applications (for example accounting) that prevent the exclusion of such system from use.

The mks_vir telemetry data is consistent with the Cisco report: in the past quarter, ransomware was 40% of the observed cyber security threats and the most common target of the attacks were educational institutions, financial services, government systems, power industry, and e-commerce. Similar conclusions are being drawn from the study “Data Protection Trends Report 2022” by the Veeam company: healthcare providers have irretrievably lost nearly 40% of data that were encrypted as a result of ransomware attack. Cyber-attacks were also the reason for most interruptions in hospitals and clinics.

There will be more social engineering attacks in 2023!

In 2022 we saw a noticeable increase in the number of social engineering attacks. Experts predict that this will be a strengthening trend in 2023. According to an expert from Acronis the BEC attacks will increasingly spread to other messaging services such as SMS, Slack, Teams, and other communicators in order to avoid filtering and detection by security solutions. On the other hand, ESET predicts that in Poland in 2023 the most popular will be malicious software, website and Remote Desktop Protocol attacks.

The resources available to companies may be insufficient, both in terms of software and the staff of IT specialists. This is conducive to crime, and increases the risk that the attack will succeed if the weakest link is an untrained employee.

In the period from January to December 2022, a big problem for companies was the lack of awareness of cyber threats among employees, as well as the financial consequences of hacker intrusion. Image losses were reflected in customer churn, where more than 70% of consumers say they would not have made a purchase from a company that they do not trust in terms of the processing of personal data.

In 2023 special attention should be paid to the BEC (Business Email Compromise) attacks, as these are scams made using social engineering techniques. Data leaks and intrusions into companies have found a wide echo in the media that has a negative impact on the image of the attacked company.

About the Test

It is a long-term analysis that the primary purpose is to verify in real time the effectiveness of Windows security solutions in various aspects. We simulate user behavior when browsing the Internet, and may fall victim to a social engineering attack. Due to the real malware used, the test is the most beneficial for developers as it indicates the type of technology that helps to block a threat. It is also a confirmation of the usefulness of tools for early-stage alerting on threats from the Internet and mechanisms for detecting malware during its analysis in the system memory.

For the tested solutions, less than half of all samples on average used in the tests in 2022 were an unknown threat at the date of analysis, which corresponds to 0-day files with unknown reputation.

Advanced In The Wild Malware Test in numbers

In 2022 we conducted 6 editions of the test. Each was carried out every two months. For example, starting from January: at the beginning of February we sent feedback to developers and publish the results. In March we start another edition. Similarly, in the following months. In 2022 we used 10453 samples of unique malicious software. This means that there was no situation of testing on the same sample of malware throughout the year 2022.


The "Product of the Year 2022" award goes to
Avast, CatchPulse, Emsisoft, Xcitium

Product of the Year 2022

A product had to meet certain conditions in order to win the award, which is a special certificate:

  1. Participate in all editions of the Advance In The Wild Malware Test.
  2. Block all samples in every edition of the test.

A solution could not get a unique certificate if:

  1. A product has failed to block at least one sample in any edition of the test
  2. A product has not participated in all editions of the test.*
Award „Product of The Year 2022”

A summary of Security Test