We live in a digital age, where new technologies are emerging daily, and old technologies are evolving and merging into new ones so fast that one could quickly lose track. All of this new technology is for the betterment and ease of life and to ensure that humanity lives a peaceful, stress-free and non-redundant life.
But this ease and comfort are not free and come at a price. A price that, when not handled or taken care of properly, skyrockets so fast that many enormous fortunes have been left bankrupt and forced to shut down.
This price is Cyber Security. The threats have evolved to a new level with emerging and changing technology. Threat actors and cybercriminals use unknown attack vectors and techniques to attack organisations, people and businesses.
A standard attack vector in all of these attacks is a piece of code used to attack, harm and exploit a victim called malware. You can reach us for a managed cyber security service for your security.
Malicious Software, malware is a piece of code used for various malicious purposes. Found in different forms and types, malware is one of the primary causes that can cause a data breach.
In this article, we’ll look at the latest malware trends in recent years and analyse malware infection statistics.
Some key malware attacks statistics
- 19.8% of systems encounter web-based malware annually.
- Approximately 30,000 sites are compromised daily to deliver malicious apps and malicious programs.
- Approximately 60% of small businesses shut down within six months due to malware attacks.
- The average cost of a successful malware attack for a business is estimated to be around $2.6 million.
- The healthcare industry is most commonly targeted by malware attacks, with over 50% of all reported attacks focusing on the sector.
- During the first half of 2022, malware attacks increased to 2.8 billion globally.
- In 2021, the number of malware attacks detected was 5.4 billion.
- In 2021, over 50% of all reported cyber attacks involved malware in some way or the other.
- During the second quarter of 2021, 91% of malware traffic detected was encrypted using SSL/TLS.
- Ransomware attacks have seen an alarming number increase by 365% from 2019 to 2020.
Statistics based on different malware types
Here are some of the different kinds of malware:
A type of malware that serves the victim with unwanted advertisements.
- Adware was the most commonly distributed form of malware that ranked first among all malware threats in the second quarter of 2022 with 25.28%, exceeding the previous quarter’s figure by 8.36%.
A type of malware that hides onto the victim’s device and steals sensitive information like authentication details and login credentials, financial data and more.
- According to Kaspersky’s mobile malware statistics, during the first quarter of 2022, among the countries with the most infected devices, Yemen was in third place with 21.23% mobile malware-infected devices.
- These devices were infected with Trojan Spy.AndroidOS.Agent.aas spyware.
A type of malware that locks the victim out of their systems or encrypts their data, denying access until a certain ransom is paid.
- In the first half of 2022, 236.1 million ransomware attacks were carried out globally.
- LockBit ransomware was responsible for 40% of all the attacks.
Trojans (or Trojan horses)
Malware variants disguise themselves as legitimate-looking applications and trick the victim into executing malicious code on the operating system.
- Visual Basic Application (VBA) trojans comprised 30% of all malware variants. This was probably why Microsoft announced it would disable Macros from the Internet by default starting this year.
A type of malware that replicates itself and spreads through the network exploiting vulnerabilities in the operating systems.
- Microsoft reports that approximately 3000 devices in 1000 organisations have at least once encountered the Raspberry Robin worm.
Viruses (or computer viruses)
A computer virus is a malware that injects itself into an application and is executed when launched.
- According to SonicWall’s virus statistics, there was an increase in the number of malware attacks by 11% from 2021 to June 2022.
A type of malware (and a subclass of spyware) is used to steal keystrokes and send them to the attacker.
- According to the Global Threat Index, released by Check Point Research, Snake Keylogger moved from being absent from the list of dangerous malware to eighth position in May 2022.
Bots and botnets
A bot is a malware-infected computer system, and a group of bots constitute a botnet. A botnet can be used to widespread malware and launch more cyber attacks.
- In April 2022, a DDoS attack targeted a European classified organisation’s web and mobile applications with almost 39 million malicious bot requests.
- The applications were under attack for approximately 4 hours.
A particular type of malware gives the attacker complete privileged access to a computer system.
- The biggest concern in the third quarter of 2022 was the r77 rootkit developed by the bytecode77 group. r77 holds a 40% share in the world of rootkits, successfully claiming the title of the most commonly exploited open-source rootkit.
Malware attack statistics according to the type of industries
Malware is a continuously evolving threat, and malware infections are becoming so common that it requires constant vigilance, proactive cyber security measures and absolute cyber resilience to be safe.
Below are the top trends of malware in different industries:
- The most targeted industry in the third quarter of 2022 was the Education and Research department.
- 56% of lower education organisations were targeted by ransomware, while 64% of higher education organisations were attacked by ransomware.
- An average of 2,148 attacks per organisation every week were launched.
- According to Microsoft, of 7.2 million cases of malware, about 80% originated from the education industry in December 2022.
- According to the threat report by Verizon, a significant portion of cyber attacks were ransomware attacks, causing over 30% of data breaches in the education industry.
- According to a survey by Flashpoint, the financial sector was not one of the most-targeted industries for ransomware attacks in 2022.
- Financial data from 55 firms were leaked because they denied paying the ransom.
- ATM malware was prevalent in 2022. According to Kaspersky, in 2022, ATM malware cases increased by 4% compared to 2021 and 19% compared to 2020.
- 71% of all ATM malware originated from HydraPOS and AbaddonPOS malware families.
- The following countries were among the top 3 cases of ATM malware:
- Switzerland – 39%
- Russia – 37%
- United States of America – 2%
- The healthcare industry was the prime target for ransomware during the third quarter of 2022. Ransomware attacks have increased in the healthcare industry by 5% since 2021.
- 74% of ransomware attacks were targeted at hospitals, while 26% attacked dental services, nursing homes etc.
- Every 1 in 42 healthcare organisations was hit by ransomware.
- The National Health Service (NHS) lost 100 million dollars by falling victim to a WannaCry ransomware attack.
- 36% of healthcare organisations reported an elevation in medical complications due to them being attacked by ransomware.
Malware attack statistics based on Operating Systems
Malware is a serious growing problem in the world of digitization. By infiltrating computer systems and networks, malware is capable of causing absolute havoc.
Be it small businesses or massive corporates, from disrupting network communication and hindering business operations to locking the users out of their systems or demanding a huge ransom to continue the business, malware attack is a nightmare to all.
Below are some of the top trends set by malware according to different types of operating systems.
Windows malware statistics
- Since 2021, there has been a decline of 34% in new malware variants coming out in 2022.
- 59.58 million new Windows malware samples were introduced in the first three quarters of 2022.
- 95.6% of the latest malware variants surfacing in 2022 were targeted at Windows operating systems.
- According to malware detection statistics, about 320,000 malicious files targeting Windows operating systems were detected by Kaspersky alone.
- 93.28% of ransomware and malware detection files were found to be Windows .exe files.
Linux malware statistics
- Based on the malware stats from AV-ATLAS, Linux malware increased by a massive 50%.
- 1.76 million new malware samples targeting Linux operating systems were introduced.
- About 2.8% of the entire malware family of never seen malware samples were for Linux systems.
- In the last quarter of the year, new Linux malware skyrocketed again, growing by 117% and reaching an additional 164,697 new samples.
MacOS malware statistics
- MacOS suffered minor infections, with just 6.2% of the malware infections.
- Eight thousand three hundred twenty-nine new malware samples for MacOS existed during the first three quarters of 2022.
- About 80.5% of MacOS malware infections were due to trojans.
- Of the entire MacOS malware infections, about 48% were caused by the MacKeeper malware.
- XCSSet ranked second with approximately 17% of the infections.
- AdLoad came in at third with about 12.5% of the malware infections.
Android malware statistics
- Android mobile malware constituted about 1.5% of the unseen malware samples.
- A total of 938,379 new malware samples that targeted Android systems originated in the first three quarters of 2022.
- Like 2021, in 2022, smartphone malware statistics report that Pegasus malware continued to run wild.
- Pegasus found its way into the devices of Finland’s Ministry of Foreign Affairs, Spain’s Prime Minister and some UK officials.
- The GinMaster (or GingerMaster) Android mobile malware constitutes 6% of the total malware attacks on Android.
- FakeInst is another big gun in the Android mobile malware market, responsible for about 22% of all malicious attacks.
iOS malware statistics
- iOS, to this date, remains the least infected operating system, with only under 1% of the total mobile malware infections.
Malware statistics by countries
Malware attacks are a global cyber problem, with different countries experiencing different levels of impact. It is important to note that these figures are constantly changing as threat actors develop new attack methods.
Understanding the current state of malware attacks can help businesses and individuals make informed decisions about their cybersecurity strategies.
Top 3 countries with mobile devices infected by malware
- Iran, with about 30.29% of mobile devices infected with mobile malware.
- Algeria, with about 21.97% of mobile malware-infected devices.
- Bangladesh witnessed 17.18% of mobile malware infections.
Top 3 countries where mobile banking trojans attacked users
- Japan was on the complete list, with 1.89% of mobile users affected by mobile banking trojans.
- Turkey placed second with 0.33% of users getting attacked by mobile banking trojans.
- Italy was just in line at third place, with 0.31% of mobile users infected by mobile banking trojans.
Top 10 countries with the lowest malware infection rates
- Sweden tops the list with just 19.88% of malware infections.
- Finland falls just behind in second place with 20.65% of malware infections.
- Norway comes in third place with 21.63% of malware infections.
- Japan witnessed a good 22.24% of malware infections.
- Belgium was just neck to neck, with Japan having 22.78% malware infections.
- The United Kingdom (UK) fell victim to almost 23.38% of malware infections.
- Switzerland had 23.94% malware infections.
- Germany had 24.12% malware infections.
- Denmark saw 24.34% of malware infections in 2022.
- The Netherlands had 24.86% malware infections.
Top 10 countries with the highest malware infection rates
- China tops the list with a massive 49% malware attack rate.
- Taiwan wasn’t far behind, with 47.34% of malware infections.
- Turkey performed slightly better but still got 40.99% of malware infections.
- With its cyber solid security, Russia got 38.95% of malware infections.
- Guatemala had 37.56% infections.
- Mexico witnessed 36.89% of malware infections.
- Peru had 36.23% of malware infections.
- Ecuador fell victim to 36.22% of malware attacks.
- Brazil saw 34.68% malware attacks.
- Poland had minor infections, with 33.01%.
Top 10 countries where most users were a target of ransomware attacks
- 9.6% of users in India were ransomware victims.
- In the Russian Federation, 6.41% of users faced ransomware infection.
- 5.75% of the users in Kazakhstan were attacked by ransomware.
- 5.25% of users in Italy got their systems and files encrypted due to ransomware attacks.
- 4.26% of computer users in Germany were successfully targeted by ransomware.
- 3.96% of Vietnam’s computer users fell victim to ransomware.
- 3.9% of the users in Algeria suffered from ransomware attacks.
- 3.72% of users in Brazil experienced a ransomware attack.
- Ransomware impacted 3.72% of users in Ukraine.
- People of the United States were most vigilant, and only 1.41% of users fell victim to a ransomware attack.
Top malware threats were seen in 2022
When it comes to malware attacks, there are a few that stand out as particularly dangerous. These top malware threats are known for their ability to cause widespread harm and can be challenging to detect and remove.
It’s crucial to stay informed about these threats as they can evolve and adapt over time and have the proper tools and strategies to detect, prevent and respond to them.
- Shlayer, a dropper and downloader for macOS malware, was the number one candidate, occurring 45% during the first quarter of 2022.
- Zeus, a banking trojan, constitutes 15% of the malware threats.
- Agent Tesla, a Remote Access Trojan (RAT), makes up 11%.
- NanoCore, another RAT, makes up 11% of malware threats.
- CoinMiner, a cryptojacking malware, was seen maliciously mining cryptocurrency, making up 7% of the malware threats in 2022.
- Delf, a trojan, was seen less and made up 3% of the malware threats.
- Gh0st, another RAT, witnessed the same amount of time as Delf and contributed to 3% of malware threats.
- Jupyter, spyware and info stealer were most active in the info stealers family, constituting 2% of malware threats.
- Arechclient2, another RAT, was seen in 2022, contributing 2% in malware threats.
- Mirai, or the all-famous Mirai botnet, surfaced again, but only 1% of the malware threats were due to the Mirai malware.
Malware spreading media
Malware can spread through various media, including email attachments, malicious websites, and malicious program downloads. Social engineering techniques, such as phishing attacks, can also trick individuals into installing malware on their devices.
Additionally, malware can spread through removable media like USB drives and external hard drives, as well as through networks and cloud services.
It’s essential to be cautious when opening email attachments, visiting unfamiliar websites and downloading malicious files from untrusted sources to prevent malware infection.
- 92% of the malware delivered was via email.
- 38% of the malware was disguised as malicious Word documents.
- There was a significant increase in PDF malware by 52% compared to last year.
- Nearly 30% of phishing emails were opened that contained malware or ransomware.
- 11% of the users, as a victim of phishing attacks, clicked on the malicious link or attachment.
- Netskope reported that more than 400 different cloud applications delivered malware.
- Cloud-based malware delivery increased three times, compared to the previous year, i.e. 2021.
- It was reported that 30% of all cloud malware originated from Microsoft OneDrive.
- Honeywell Industrial Cybersecurity USB Threat Report mentions that 52% of malware threats were explicitly designed to be delivered using removable media.
- This number has gone up from 32% the previous year.
Top 3 ransomware infections
Ransomware can pose a significant risk to individuals and organisations. The encryption of files can lead to loss of access to essential data, which can significantly impact productivity and operations.
Ransomware attacks can also lead to reputational damage and legal implications and sometimes may also be used as a smokescreen for other malicious activities such as data exfiltration. Therefore, it is essential to take proactive measures to protect against ransomware attacks.
- LockBit 3.0 first emerged in July 2022 and went on to take over the ransomware campaigns by 44%.
- Conti ransomware (or, more appropriately called Ransomware-as-a-Service) constituted 23% of the total ransomware campaigns.
- Third on the list is a relatively new player, Hive, which made up 21% of the ransomware campaigns in 2022.
Top 3 banking trojan infections
Banking trojans monitor the victim’s online banking activities and steal authentication credentials, credit card information, and other sensitive financial data. Such trojans are also capable of keylogging and screen capturing.
Banking trojans may cause massive financial losses to individuals and organisations, and it is important to have proactive security measures to protect against them.
- In the banking trojans category, Emotet leads with 67% of infections.
- Most infections came from Japan (28%), followed by Italy (16%) and then Mexico (11%).
- Second place is taken by NJRat, with 15% of banking trojan attacks.
- Qakbot (or QBot) takes third place with 9% of the attacks,
Some general malware statistics
- Five hundred sixty thousand samples of malware and computer viruses are detected almost every single day.
- 7% of the websites were infected when Google tested for malware infections.
- According to a report, nearly every week, Google detects 50 websites that contain malware.
- According to Symantec, 75% of IoT devices are routers that are infected with malware.
- 53% of all malware was .exe files, while PDFs were left way behind with just 6%.
- Computer virus facts show that 47% of all malware attacks in the US target small businesses annually.
- According to Kaspersky, about 60% of the detected malicious installation packages on mobile devices were identified to be mobile banking trojans.
Predictions for 2023 and Beyond
Malware incidents and cyber security attacks are not going to stop. With the trend, the number of malware attacks will continue to rise instead of decrease. This rise in cyber attacks in the current year and beyond will most likely be due to the following reasons:
The world’s economy is directly related to the rising inflation rate, energy crisis and supply chain issues, and these problems are affecting almost every industry.
While these issues are not directly related to malware incidents and malware threats, they are the reason for organisations’ low budgets for cyber security.
Many organisations have started downsizing and implementing hiring freezes. Cybersecurity is not an easy task, nor is it an inexpensive venture.
- There will be a global shortage of 3.5 million cybersecurity jobs in 2023.
At this growing rate of inflation, if the cyber security budgets are not increased, analysts predict that the world will be seeing a new and improved wave of malware infections.
- Global cyber security spending is likely to exceed 1.75$ trillion from the previous years.
Malware as a service (MaaS)
Malware-as-a-Service (MaaS) is an emerging cybercrime service in which malicious Software is offered to customers on a subscription basis. Customers use the malware to carry out various attacks, such as data breaches, financial fraud, and distributed denial-of-service (DDoS) attacks.
MaaS is becoming increasingly popular among cybercriminals because it allows them to launch attacks without high technical expertise.
The providers of MaaS typically offer technical support and updates to the malware, making it easier for even script kiddies to carry out the attacks.
To protect against MaaS, organisations need to focus on efficient incident response, incident management and incident recovery procedures, as well as having strict access controls, monitoring of the networks, and implementing reliable and robust antivirus software with efficient malware detection.
International disputes can cause a rise in malware attacks in several ways. One of the most common is state-sponsored cyber attacks, in which the bad actors have their country’s government’s support and support. They use deceptive cyber tactics to deploy malware or potentially unwanted applications, disrupt services or gather information from other nations.
Similarly, international conflicts can also lead to increased cybercrime as individuals or groups may use malware to exploit the situation financially.
But unfortunately, one cannot avoid such attacks. The only solution is to take proactive defensive measures, implement solid cyber security and antivirus software solutions and be cyber vigilant of any incoming threats.
Increased attack surfaces
The increased attack surfaces caused by the fast evolution and adoption of technology can increase the number of malware attacks. The increased number of devices and systems connected to the Internet and each other is opening new doors for cyber criminals to get unauthorised access to sensitive and confidential information. This includes the Internet of Things (IoT) devices, mobile devices, laptops, and any other digital devices that are connected to the Internet or connected to a system that is connected to the Internet.
- The world must protect 200 zettabytes of digital data from cyber security breaches.
- The world must secure 338 billion lines of newly written code by 2025.
Furthermore, with the increase of cloud computing, virtualization and organisations following a remote work culture, the attack surfaces for cybercriminals are expanding. The more devices and systems connected to the Internet, the more potential entry points for malware entering an organisation’s network.
Malware continues and will continue to pose a significant threat to organisations’ cyber security – be it small businesses or the world’s largest companies, individuals, and governments.
The occurrence and intricacy of malware attacks have increased dramatically in recent years, making it imperative for individuals and organisations to protect their systems and confidential data proactively. To read about how to prevent malware attacks, click here.
The continuous evolution of malware and the use of new technologies by cybercriminals make it a constantly evolving threat that requires ongoing monitoring and updating of security procedures to stay ahead of the threat actors.
Regular updates of antivirus programs, being vigilant and exercising safe online behaviour, and staying informed about the latest threats and trends in malware are all essential steps in defending against these types of attacks.
Shahrukh, is a passionate cyber security analyst and researcher who loves to write technical blogs on different cyber security topics. He holds a Masters degree in Information Security, an OSCP and has a strong technical skillset in offensive security.