There are around 190,000 new malware attacks every second, and nearly 90% of all cyber threats are phishing or other social engineering schemes. Learn about the biggest cybersecurity threats of 2024, what’s on the rise, and other ways that malware and viruses are impacting the digital world. The more you know, the better you can protect yourself against common threats.
New mobile and computer viruses are developed continuously, with cyber threats running into the billions every year. As antivirus and web users become more savvy to existing malware risks, threat actors introduce new methods and viruses. There are several important trends to be aware of based on recent security statistics.
Here are a few threat types that have significantly increased in 2024:
Tech Support scams have started to steadily increase again over the first few months of 2024, after all but disappearing by the end of 2023.
Cryptojacking attacks rose to over 1 billion by the end of 2023 — a number likely related to Bitcoin’s value, which is at an all-time high.
Encrypted threats more than doubled over the last year, particularly in the retail, government, and education sectors.
PDF files being used to transmit malicious code are continually prevalent, especially as part of social engineering attacks such as an “expiring password” phishing scheme.
Recent security breaches affecting notable businesses are still a threat in 2024, such as the SpaceEyes breach and the AT&T breaches.
Sextortion and other dating scams are skyrocketing, particularly in Central Europe.
The global risk ratio for dating scams as of Q1/2024. (Source: Decoded.io)
Threat actors quickly learn the most effective ways to exploit digital systems with computer viruses and malware, and they evolve as users become more aware of existing threats. Perhaps because of how flexible an attack vector it is, phishing has been the top-reported cybercrime in the United States for four years running.
This popular attack method is responsible for spreading malware and viruses worldwide, contributing to a wide range of global, individual, and company data breaches. There are many types of viruses and malware risks currently out there, and this overview of the recent malware statistics lays out the most common threats over the past year.
These are the top malware and virus threats right now:
While antivirus apps and secure browsers are a great defense, the best thing you can do to protect yourself is to stay on top of security trends. Computer viruses and malware attacks are common — to the tune of over 6 billion attacks in 2023. That’s around 190,000 malware attacks per second!
Thanks to emerging technologies, particularly Artificial Intelligence (AI), cybercriminals can now create exponentially more sophisticated attacks, including audio and visual manipulation to produce convincing deep fakes. But, as AI threats evolve, security protections are also advancing to keep pace.
"Notably, attacks utilizing AI-generated techniques, such as scams via phone calls or deepfake videos, are becoming increasingly common, further complicating the threat environment." - Gen 2024 Threat Report
Cyber economy research organization Cybersecurity Ventures predicted that annual spending related to cybersecurity will reach $10.5 trillion per year by 2025. Much of this spending will likely be used to fight fire with fire — developing AI-driven security measures to fight AI-driven attacks.
The simple fact is that attempted cyber attacks increase as malware evolves — according to SonicWall, global intrusion attempts have gone up each year since they started tracking the metric a decade ago, with an overall intrusion increase of 613% since 2013.
The worst computer viruses can inflict irreparable damages to people and businesses, including theft of sensitive data, money, and, in some of the worst cases, identity.
The 17% increase in web threat incidents compared to other types of cyber threats over the last 3 quarters is alarming, but malicious threats have met varying success rates — sometimes being mitigated thanks to antivirus and network security programs blocking the threats.
But malware can spread in many ways, often due to human error or misjudgment. Malicious links in phishing messages are one of the biggest sources of malware in 2024. Other attack vectors include infected websites, removable media containing malware, and malware-infected PDFs and downloads.
The statistics about viruses on business devices and networks are startling. While security is becoming a major concern for all business owners, many are still vastly unprepared to fend off malicious attacks.
A common thread in mitigating risks lies in educating employees about digital security and best practices. This can be as simple as setting rules for stronger passwords, creating ways to wipe lost or stolen devices, and screening emails and web traffic for threats.
Here are a few statistics specific to business threats that we’ve collected:
Preparedness
Experts estimate that up to 69% of companies are understaffed in their cyber security departments. However, 51% of companies report that they plan to invest more in security after experiencing a data breach.
Ransomware targets
While multi-million dollar ransomware attacks on major organizations are most newsworthy, hundreds of millions of smaller attacks are launched every year, particularly targeting individuals and small businesses. Ransomware strains like WannaCry, Enigma, and STOP are among the most common ransomware strains blocked by Avast Threat Labs.
Cost of malware attacks
Global cybercrime is predicted to cost the world over $10.5 trillion annually by 2025. The upfront cost of increasing cybersecurity may seem high, but the cost of a potential malware attack is likely higher. In addition to immediate financial losses, the impact on a company’s reputation after an attack can be major, causing it to lose customers and market position.
Organization size
Large enterprises are generally at the biggest risk for malware attacks because they offer a potentially higher payoff for the threat actors. But small and medium-sized enterprises accounted for 43% of attacks in 2023. They can be attractive targets since they often have less robust security measures in place.
Commonly targeted systems and programs
While Windows malware is most common, potentially due to its prevalence in business settings, Macs are also at risk of malware. Users should take caution, even when updating their work systems, to be sure it’s a legitimate update.
WordPress malware statistics
WordPress is the foundation for nearly 40% of all websites, many of which are owned by small to medium-sized businesses. But with the popularity comes significant risks and vulnerabilities — recent reports show that 700,000 WordPress sites were found to contain at least one malicious file.
Fileless malware statistics
Some malware is delivered via Word and PDF documents, which themselves are not executable files. However, there are still ways to inject dangerous code into other trusted processes that can run undetected. This “fileless malware” method trended sharply up in 2023, when nearly a third of all new malicious file types discovered were in PDF format.
Phishing is the most common cyber threat targeting individuals today, and the most common threat vectors are email and social media messages, malicious file downloads, and infected websites and mobile apps. According to Gen Threat Labs, users are much more likely to encounter phishing websites now than ever before.
An example of a phishing email supposedly sent from Amazon.
According to the FTC, by the end of 2023, individual reports of identity theft numbered over 1 million in the US alone. This is indicative of how much sensitive and personal data users are sharing online, unwittingly through phishing scams or not.
Understanding current malware attack vectors is essential for anyone concerned about general cybersecurity — which, according to the Chicago Council on Global Affairs, includes around 73% of Americans. If you’re one of them, a great way to start combating cyber threats across the board is by keeping your devices’ operating systems up to date to help patch vulnerabilities that cybercriminals love to exploit.
You’ll also want to take caution before clicking links in emails, use strong and unique passwords for your online accounts, and enable multi-factor authentication wherever possible.
Malware attackers tend to show up where internet users spend most of their time, and smartphone malware statistics from this year show just that. It’s no secret that phones have become an important part of our daily lives. But users may have a false sense of security when using their phones, leading to riskier behavior such as opening links sent in a smishing attack or failing to block spam text senders.
New Android malware is often developed in the form of fake apps to exploit interest in popular mobile games. While Google rejected 2.28 million risky Android apps in 2023, malicious copycats of the popular Minecraft game were installed 35 million times on Google Play before they were discovered. And while iOS is generally thought to be safer from attacks, there are still iOS threats in the form of spyware, ransomware, and data breaches to contend with.
Mobile malware statistics for the first quarter of 2024. (Source: Decoded.io)
Today, around 16% of mobile malware is in the form of malvertising — a type of malware that’s injected into an ad from a legitimate business. One Reddit user reported that tapping an ad while scrolling YouTube shorts infected their phone with malware that they were unable to remove.
Awareness is key to detecting when something is amiss. Possible signs that your phone is tapped or that you have malware include a rapidly draining battery, increased data usage, and sudden onset of spam messages or pop-ups. You should block spam text and calls as soon as you receive them, and only use secure messaging apps to chat.
Geography is a consideration when it comes to cybersecurity — both in terms of trending risks and cybersecurity awareness. Statistics on malware incidents vary widely by country and the type of attack. Here’s a breakdown of notable malware attack stats by country:
Malware attacks show us where our biggest vulnerabilities lie, and malware attack types that rely on psychological manipulation and social engineering — such as phishing attacks and scams — remain the most persistent malicious threats. This suggests that human error and misjudgment offer an easy payoff for cybercriminals.
But compromised systems and registered vulnerabilities also give attackers ample opportunities to exploit. The latest malware threats often appear in familiar places like social media, email, and app stores. While new Windows viruses — such as trojans, spyware, and RAT attacks — are particularly prevalent, all device users are at risk.
Phishing remains the most common threat type, as many attacks rely on phishing as their primary threat vector. And, aided by AI tools, phishing is rapidly becoming much more sophisticated. Cybercriminals now use AI to craft realistic phishing messages or trick users into downloading fake AI tools that are actually malware.
Projection: A rise in AI-related threats is likely.
Formats once seen as trustworthy are now more suspect. Generative AI offers cybercriminals an advantage by enabling the creation of highly convincing fake content. This includes more realistic deepfake video and audio, as well as sophisticated phishing messages in multiple languages.
Phishing attacks powered by AI will continue to get more sophisticated.
Though coinminer attacks in the United States have seen a steady decrease throughout 2024, crypto-jacking and mining viruses are still a threat. The coinmining virus XMRig still holds a 53.89% share of all coinminers on the market, even with the risk ratio of coinminer malware dropping 18% in Q2/2024.
Projection: Blockchain may improve security.
As a decentralized technology, blockchain has the potential to enhance the security of transactions and personal data storage. Its structure relies on decentralization, strong encryption, and resistance to tampering, which helps mitigate the risk of a single point of failure and major data breaches. It may play a crucial role in securing IoT networks in the future.
The Internet of Things enhances convenience, but also poses serious security risks. As smart home devices, such as security equipment and appliances, increasingly make their way into our homes, so does the risk of malware infection — especially by botnets. According to Wired, these IoT malware attack cycles are getting faster, and, what’s more, users don’t always know how to install updates to their IoT smart home devices.
Projection: Increased risk to Internet of Things (IoT).
As IoT technology has developed, its security gaps have left ample room for cyber attacks. Now that consumers and manufacturers are more aware of the risks — largely due to honeypots that lure hackers into exploiting IoT vulnerabilities — it’s likely that stricter security protocols will built into more IoT devices out of the box.
Social media is now a common platform for launching malware attacks, offering many threat vectors like ads, messages, and plugins to exploit. YouTube, for instance, can be leveraged for malvertising attacks that are often linked to deepfake content. The updated Medusa banker also uses social media accounts to control infected devices, showing how these platforms can help spread malicious content and manipulate victims in unexpected ways.
Projection: Higher mobile security focus.
Mobile devices are central to our lives, and securing them is crucial. Fortunately, mobile security apps are evolving to offer better and more advanced protection, advancing alongside emerging threats.
The emergence of MaaS (malware-as-a-service) means that cybercriminals lacking the technical resources to develop their own malware and computer viruses can rely on service providers. This could have a serious effect on the number of attacks launched in the near future.
Projection: Threats to SaaS and cloud environments.
SaaS environments have specific security challenges, leaving them vulnerable to new kinds of attacks, especially as MaaS attacks become more democratized. Hijacking of privileged accounts is one danger that points to the need for stricter account monitoring and stronger authentication methods
Several recent examples of attacks on prominent businesses and institutions reflect the malware statistics trends highlighted above. When locked in on a target, hackers often use multiple methods, including injecting viruses and malware, exploiting vulnerabilities, or carrying out brute-force attacks.
The motivation can be political, financial, or otherwise, but the effect is often devastating — not only to those exposed to the threat, but to the general public perception of digital safety.
Here are some notable recent cyber attacks:
Many misconceptions about malware persist, despite statistical evidence that disproves them. To understand the real cybersecurity risks, it’s necessary to revisit and debunk such myths. Here’s a breakdown of some common malware myths and the truth behind them:
Myth: Built-in virus protection on my computer is enough.
Truth: While the built-in security on your Windows or Mac can catch many threats, their detection rates were inferior to top antivirus programs in a recent Malware Protection Test run by AV-Comparitives. Out-of-the-box protection simply does not cover as many threat areas. For example, many third-party AV programs now offer browsing protection, VPN, dark web monitoring, and identity theft protection features.
Myth: I don’t need malware protection on my phone.
Truth: Mobile attacks are on the rise and are expected to continue to increase. Android, in particular, is a prime target for hackers and cybercriminals due to its open-source nature and the variety of device manufacturers that use the operating system, with each manufacturer offering different levels of built-in threat protection.
Myth: Macs can’t get viruses.
Truth: Although Macs have a lower malware infection rate than Windows, malware constituted 11% of threats to Mac users in 2023. Additionally, 50% of Mac users say they’ve been affected by malware or other threats. This could stem from a false sense of security, which might lead to risky behaviors like reusing passwords or saving them in browsers. There are targeted attacks on macOS systems too — including scareware promoting fake Mac antivirus programs that act as trojans when downloaded.
Myth: SMBs are too small to be targeted for cyber attacks.
Truth: Small and medium-sized businesses aren’t the most obvious targets for hackers, but they do hold sensitive data. And as they often have smaller security budgets, SMBs can be easier to infiltrate, which can make them vulnerable to cyber attacks like invoice scams that target businesses of all sizes.
Threats from viruses and malware are continuously evolving. Common sense, good digital hygiene, and cyber-responsibility are just a few of the small ways to protect yourself against malware attacks. But a robust and trusted cybersecurity tool like AVG AntiVirus Free is anything but small — and it makes your job a lot easier.
AVG AntiVirus Free can help you dodge cyber attacks by blocking unsafe downloads and email attachments that mean you harm. Install AVG AntiVirus today and get comprehensive security for your device.
Privacy | Report vulnerability | Contact security | License agreements | Modern Slavery Statement | Cookies | Accessibility Statement | Do not sell my info | | All third party trademarks are the property of their respective owners.
