180840202831
Signal-Malware-statistics-Hero

Written by Jessica Valasek Estenssoro
Published on November 5, 2024

Increased risks and new threats

New mobile and computer viruses are developed continuously, with cyber threats running into the billions every year. As antivirus and web users become more savvy to existing malware risks, threat actors introduce new methods and viruses. There are several important trends to be aware of based on recent security statistics.

This article contains :

    Here are a few threat types that have significantly increased in 2024:

    The global risk ratio for dating scams as of Q1/2024.The global risk ratio for dating scams as of Q1/2024. (Source: Decoded.io)

    Top malware and virus statistics 2024

    Threat actors quickly learn the most effective ways to exploit digital systems with computer viruses and malware, and they evolve as users become more aware of existing threats. Perhaps because of how flexible an attack vector it is, phishing has been the top-reported cybercrime in the United States for four years running.

    This popular attack method is responsible for spreading malware and viruses worldwide, contributing to a wide range of global, individual, and company data breaches. There are many types of viruses and malware risks currently out there, and this overview of the recent malware statistics lays out the most common threats over the past year.

    These are the top malware and virus threats right now:

     

    300,000+
    New malware types daily
    Each day, AV-TEST Institute registers new malware and PUPs — they’ve already found over 60 million new strains in 2024.
    298,878
    Phishing reports in 2023
    According to the IC3, phishing has been the most commonly-reported cybercrime yearly since 2019.
    900,000+
    Unique phishing sites
    APWG reported nearly 1 million unique phishing sites in the first three months of 2024 — a number sure to grow.

     

    71%
    Increase in ransomware
    Research shows that billions of dollars are paid to threat actors every year due to ransomware attacks.
    53%
    Increase in lost funds
    Losses from cryptocurrency scams in the US increased in 2023, totaling $3.94 billion lost. Crypto scams are here to stay.
    90%
    Of all threats are scams
    According to Avast Threat Labs, almost all threats blocked in Q1/ 2024 were social engineering scams & phishing campaigns.

    Security trends overview

    While antivirus apps and secure browsers are a great defense, the best thing you can do to protect yourself is to stay on top of security trends. Computer viruses and malware attacks are common — to the tune of over 6 billion attacks in 2023. That’s around 190,000 malware attacks per second!

    Thanks to emerging technologies, particularly Artificial Intelligence (AI), cybercriminals can now create exponentially more sophisticated attacks, including audio and visual manipulation to produce convincing deep fakes. But, as AI threats evolve, security protections are also advancing to keep pace.

    What the experts say

    "Notably, attacks utilizing AI-generated techniques, such as scams via phone calls or deepfake videos, are becoming increasingly common, further complicating the threat environment." - Gen 2024 Threat Report

    Jakub Křoustek

    Malware Research Director

    Cyber economy research organization Cybersecurity Ventures predicted that annual spending related to cybersecurity will reach $10.5 trillion per year by 2025. Much of this spending will likely be used to fight fire with fire — developing AI-driven security measures to fight AI-driven attacks.

    Threats

    The simple fact is that attempted cyber attacks increase as malware evolves — according to SonicWall, global intrusion attempts have gone up each year since they started tracking the metric a decade ago, with an overall intrusion increase of 613% since 2013.

    The worst computer viruses can inflict irreparable damages to people and businesses, including theft of sensitive data, money, and, in some of the worst cases, identity.

    The 17% increase in web threat incidents compared to other types of cyber threats over the last 3 quarters is alarming, but malicious threats have met varying success rates — sometimes being mitigated thanks to antivirus and network security programs blocking the threats.

    But malware can spread in many ways, often due to human error or misjudgment. Malicious links in phishing messages are one of the biggest sources of malware in 2024. Other attack vectors include infected websites, removable media containing malware, and malware-infected PDFs and downloads.

    Business statistics

    The statistics about viruses on business devices and networks are startling. While security is becoming a major concern for all business owners, many are still vastly unprepared to fend off malicious attacks.

    A common thread in mitigating risks lies in educating employees about digital security and best practices. This can be as simple as setting rules for stronger passwords, creating ways to wipe lost or stolen devices, and screening emails and web traffic for threats.

    Here are a few statistics specific to business threats that we’ve collected:

    • Preparedness
      Experts estimate that up to 69% of companies are understaffed in their cyber security departments. However, 51% of companies report that they plan to invest more in security after experiencing a data breach.

    • Ransomware targets
      While multi-million dollar ransomware attacks on major organizations are most newsworthy, hundreds of millions of smaller attacks are launched every year, particularly targeting individuals and small businesses. Ransomware strains like WannaCry, Enigma, and STOP are among the most common ransomware strains blocked by Avast Threat Labs.

    • Cost of malware attacks
      Global cybercrime is predicted to cost the world over $10.5 trillion annually by 2025. The upfront cost of increasing cybersecurity may seem high, but the cost of a potential malware attack is likely higher. In addition to immediate financial losses, the impact on a company’s reputation after an attack can be major, causing it to lose customers and market position.

    • Organization size
      Large enterprises are generally at the biggest risk for malware attacks because they offer a potentially higher payoff for the threat actors. But small and medium-sized enterprises accounted for 43% of attacks in 2023. They can be attractive targets since they often have less robust security measures in place.

    • Commonly targeted systems and programs
      While Windows malware is most common, potentially due to its prevalence in business settings, Macs are also at risk of malware. Users should take caution, even when updating their work systems, to be sure it’s a legitimate update.

    • WordPress malware statistics
      WordPress is the foundation for nearly 40% of all websites, many of which are owned by small to medium-sized businesses. But with the popularity comes significant risks and vulnerabilities — recent reports show that 700,000 WordPress sites were found to contain at least one malicious file.

    • Fileless malware statistics
      Some malware is delivered via Word and PDF documents, which themselves are not executable files. However, there are still ways to inject dangerous code into other trusted processes that can run undetected. This “fileless malware” method trended sharply up in 2023, when nearly a third of all new malicious file types discovered were in PDF format.

    Personal statistics

    Phishing is the most common cyber threat targeting individuals today, and the most common threat vectors are email and social media messages, malicious file downloads, and infected websites and mobile apps. According to Gen Threat Labs, users are much more likely to encounter phishing websites now than ever before.

     An example of a phishing email supposedly from Amazon.An example of a phishing email supposedly sent from Amazon.

    According to the FTC, by the end of 2023, individual reports of identity theft numbered over 1 million in the US alone. This is indicative of how much sensitive and personal data users are sharing online, unwittingly through phishing scams or not.

    Understanding current malware attack vectors is essential for anyone concerned about general cybersecurity — which, according to the Chicago Council on Global Affairs, includes around 73% of Americans. If you’re one of them, a great way to start combating cyber threats across the board is by keeping your devices’ operating systems up to date to help patch vulnerabilities that cybercriminals love to exploit.

    You’ll also want to take caution before clicking links in emails, use strong and unique passwords for your online accounts, and enable multi-factor authentication wherever possible.

    Mobile threats

    Malware attackers tend to show up where internet users spend most of their time, and smartphone malware statistics from this year show just that. It’s no secret that phones have become an important part of our daily lives. But users may have a false sense of security when using their phones, leading to riskier behavior such as opening links sent in a smishing attack or failing to block spam text senders.

    New Android malware is often developed in the form of fake apps to exploit interest in popular mobile games. While Google rejected 2.28 million risky Android apps in 2023, malicious copycats of the popular Minecraft game were installed 35 million times on Google Play before they were discovered. And while iOS is generally thought to be safer from attacks, there are still iOS threats in the form of spyware, ransomware, and data breaches to contend with.

     Graphs showing mobile malware statistics and mobile malware types from Q1/2024.Mobile malware statistics for the first quarter of 2024. (Source: Decoded.io)

    Today, around 16% of mobile malware is in the form of malvertising — a type of malware that’s injected into an ad from a legitimate business. One Reddit user reported that tapping an ad while scrolling YouTube shorts infected their phone with malware that they were unable to remove.

    Awareness is key to detecting when something is amiss. Possible signs that your phone is tapped or that you have malware include a rapidly draining battery, increased data usage, and sudden onset of spam messages or pop-ups. You should block spam text and calls as soon as you receive them, and only use secure messaging apps to chat.

    Attacks by country

    Geography is a consideration when it comes to cybersecurity — both in terms of trending risks and cybersecurity awareness. Statistics on malware incidents vary widely by country and the type of attack. Here’s a breakdown of notable malware attack stats by country:

    India
    As of 2022, 39% of global internet users reported having faced a cyberattack at some point in the past — India reported the highest instances (68%), followed by the US (49%) and Australia (40%).
    United States
    In 2022, Ransomware attacks were highest by far in the US (217 million), followed by the UK (71 million), and Spain (52 million). Brazil and Germany have also seen high numbers of ransomware attacks in recent years.
    Russia
    The Cybercrime Index recently identified the countries from which cybercrime most commonly originates. Topping the list is Russia, with a World Cybercrime Index (WCI) of 58.39. Next are Ukraine (36.44), China (27.86), and the United States (25.01).
    Germany
    By the end of 2023, financial losses and damage from cybercriminal attacks in Germany alone totaled over €200 billion for the third year in a row. This data is based on a survey of over 1,000 German companies, more than half of which reported that cyberattacks pose a significant threat to the very existence of their businesses.
    Lebanon
    In September 2024, thousands of people in Lebanon were injured or killed in a series of attacks widely believed to have been designed and launched by the Israeli government. The attack appears to have been a sophisticated, hybrid-style trojan involving distributed pagers that were programmed to detonate at a specific time.
    Ukraine
    Cyberattacks are nearly a given in modern warfare, like the new cyber threats seeking to take advantage of wartime Ukraine. These attacks are systematically integrated into military operations, crippling critical data systems and disrupting communications channels that control access to vital information, supplies, and money.
    Global
    Cybercriminals are adept at exploiting human psychology, and uncertain situations such as the COVID-19 pandemic provided a perfect stage for attacks. Threat actors took advantage of widespread fear and instability, often by impersonating official institutions to entice citizens to share personal data, download malware, donate money, or visit malicious websites with official-sounding domains.

    Emerging malware attack trends and future projections

    Malware attacks show us where our biggest vulnerabilities lie, and malware attack types that rely on psychological manipulation and social engineering — such as phishing attacks and scams — remain the most persistent malicious threats. This suggests that human error and misjudgment offer an easy payoff for cybercriminals.

    But compromised systems and registered vulnerabilities also give attackers ample opportunities to exploit. The latest malware threats often appear in familiar places like social media, email, and app stores. While new Windows viruses — such as trojans, spyware, and RAT attacks — are particularly prevalent, all device users are at risk.

    Phishing improves with AI

    Phishing remains the most common threat type, as many attacks rely on phishing as their primary threat vector. And, aided by AI tools, phishing is rapidly becoming much more sophisticated. Cybercriminals now use AI to craft realistic phishing messages or trick users into downloading fake AI tools that are actually malware.

    Projection: A rise in AI-related threats is likely.
    Formats once seen as trustworthy are now more suspect. Generative AI offers cybercriminals an advantage by enabling the creation of highly convincing fake content. This includes more realistic deepfake video and audio, as well as sophisticated phishing messages in multiple languages.

    Phishing attacks powered by new AI tools are getting more sophisticated and difficult to detect.Phishing attacks powered by AI will continue to get more sophisticated.

    Decline in crypto-jacking and mining viruses

    Though coinminer attacks in the United States have seen a steady decrease throughout 2024, crypto-jacking and mining viruses are still a threat. The coinmining virus XMRig still holds a 53.89% share of all coinminers on the market, even with the risk ratio of coinminer malware dropping 18% in Q2/2024.

    Projection: Blockchain may improve security.
    As a decentralized technology, blockchain has the potential to enhance the security of transactions and personal data storage. Its structure relies on decentralization, strong encryption, and resistance to tampering, which helps mitigate the risk of a single point of failure and major data breaches. It may play a crucial role in securing IoT networks in the future.

    IoT malware attack cycle quickens

    The Internet of Things enhances convenience, but also poses serious security risks. As smart home devices, such as security equipment and appliances, increasingly make their way into our homes, so does the risk of malware infection — especially by botnets. According to Wired, these IoT malware attack cycles are getting faster, and, what’s more, users don’t always know how to install updates to their IoT smart home devices.

    Projection: Increased risk to Internet of Things (IoT).
    As IoT technology has developed, its security gaps have left ample room for cyber attacks. Now that consumers and manufacturers are more aware of the risks — largely due to honeypots that lure hackers into exploiting IoT vulnerabilities — it’s likely that stricter security protocols will built into more IoT devices out of the box.

    Social media attack trends

    Social media is now a common platform for launching malware attacks, offering many threat vectors like ads, messages, and plugins to exploit. YouTube, for instance, can be leveraged for malvertising attacks that are often linked to deepfake content. The updated Medusa banker also uses social media accounts to control infected devices, showing how these platforms can help spread malicious content and manipulate victims in unexpected ways.

    Projection: Higher mobile security focus.
    Mobile devices are central to our lives, and securing them is crucial. Fortunately, mobile security apps are evolving to offer better and more advanced protection, advancing alongside emerging threats.

    Malware as a service enables new threat actors

    The emergence of MaaS (malware-as-a-service) means that cybercriminals lacking the technical resources to develop their own malware and computer viruses can rely on service providers. This could have a serious effect on the number of attacks launched in the near future.

    Projection: Threats to SaaS and cloud environments.
    SaaS environments have specific security challenges, leaving them vulnerable to new kinds of attacks, especially as MaaS attacks become more democratized. Hijacking of privileged accounts is one danger that points to the need for stricter account monitoring and stronger authentication methods

    Notable attack examples

    Several recent examples of attacks on prominent businesses and institutions reflect the malware statistics trends highlighted above. When locked in on a target, hackers often use multiple methods, including injecting viruses and malware, exploiting vulnerabilities, or carrying out brute-force attacks.

    The motivation can be political, financial, or otherwise, but the effect is often devastating — not only to those exposed to the threat, but to the general public perception of digital safety.

    Here are some notable recent cyber attacks:

    August 2024
    National Public Data
    Nearly 2.7 billion records containing personally identifiable information (PII) — including names, addresses, and Social Security numbers — were leaked by hackers in August. The hackers involved claim to have stolen the data from National Public Data, a company known for collecting and selling public data primarily for background checks.
    March 2024, July 2024
    AT&T
    AT&T, the American telecommunications giant, was targeted in a hacking incident that involved data from 109 million customer accounts being downloaded via a third-party cloud platform. The data involved included call and text records from 2022, but did not involve PII such as Social Security numbers.
    March 2024
    UnitedHealth Group
    The cybercriminal group BlackCat recently breached Change Healthcare, a subsidiary of UnitedHealth Group responsible for processing approximately half of all medical claims. This attack exposed sensitive health and personal data, significantly impacting community health centers that primarily serve uninsured and vulnerable populations
    December 2023
    23andme
    23andme, known for providing genetic testing services to individuals, was hacked in a credential stuffing attack that potentially impacted the data of 6.9 million users — including their genetic background. Some of the data was allegedly posted online in a hacking forum.
    November 2023
    Bank of America
    The LockBit ransomware group attacked the Bank of America, potentially exposing the records of 57,000 customers of the financial giant. The breach exposed data including Social Security numbers, dates of birth, and other personal data.
    August 2023
    Discord.io
    Discord.io, a third-party service that allows Discord users to create custom invitations to Discord channels, experienced a data breach due to a phishing attack, exposing 760,000 Discord users’ data including email, password, and billing information.
    January 2023
    PayPal
    PayPal user accounts were compromised in a credential stuffing attack, affecting nearly 35,000 users and leaving some of their personal data exposed. PayPal confirmed that there was no breach of its own systems, and the unauthorized access was attributed to compromised credentials from other sources, not directly from PayPal.

    Malware and virus myths

    Many misconceptions about malware persist, despite statistical evidence that disproves them. To understand the real cybersecurity risks, it’s necessary to revisit and debunk such myths. Here’s a breakdown of some common malware myths and the truth behind them:

    • myth-icon

      Myth: Built-in virus protection on my computer is enough.

    • truth-icon

      Truth: While the built-in security on your Windows or Mac can catch many threats, their detection rates were inferior to top antivirus programs in a recent Malware Protection Test run by AV-Comparitives. Out-of-the-box protection simply does not cover as many threat areas. For example, many third-party AV programs now offer browsing protection, VPN, dark web monitoring, and identity theft protection features.

    • myth-icon

      Myth: I don’t need malware protection on my phone.

    • truth-icon

      Truth: Mobile attacks are on the rise and are expected to continue to increase. Android, in particular, is a prime target for hackers and cybercriminals due to its open-source nature and the variety of device manufacturers that use the operating system, with each manufacturer offering different levels of built-in threat protection.

    • myth-icon

      Myth: Macs can’t get viruses.

    • truth-icon

      Truth: Although Macs have a lower malware infection rate than Windows, malware constituted 11% of threats to Mac users in 2023. Additionally, 50% of Mac users say they’ve been affected by malware or other threats. This could stem from a false sense of security, which might lead to risky behaviors like reusing passwords or saving them in browsers. There are targeted attacks on macOS systems too — including scareware promoting fake Mac antivirus programs that act as trojans when downloaded.

    • myth-icon

      Myth: SMBs are too small to be targeted for cyber attacks.

    • truth-icon

      Truth: Small and medium-sized businesses aren’t the most obvious targets for hackers, but they do hold sensitive data. And as they often have smaller security budgets, SMBs can be easier to infiltrate, which can make them vulnerable to cyber attacks like invoice scams that target businesses of all sizes.

    Help protect against malware & viruses with AVG Antivirus Free

    Threats from viruses and malware are continuously evolving. Common sense, good digital hygiene, and cyber-responsibility are just a few of the small ways to protect yourself against malware attacks. But a robust and trusted cybersecurity tool like AVG AntiVirus Free is anything but small — and it makes your job a lot easier.

    AVG AntiVirus Free can help you dodge cyber attacks by blocking unsafe downloads and email attachments that mean you harm. Install AVG AntiVirus today and get comprehensive security for your device.

    Get powerful security for your iPhone and iPad with AVG Mobile Security

    Free install

    Get real-time malware protection with AVG AntiVirus

    Free install
    Malware
    Security
    Jessica Valasek Estenssoro
    5-11-2024