What does a typical malware attack look like right now? Who’s being hit, and why? What kind of damage does malware cause, and what can be done to mitigate its effects?
For current and aspiring cyber security professionals, knowledge always equals power. Familiarity with current and recent malware statistics helps you flesh out your understanding of the threat landscape.
When showing the importance of malware threat mitigation and the need for vigilance in business, real-life facts and figures can go a long way in helping you make your case.
With this in mind, here are the latest malware statistics, recent trends, and threat actor behavior patterns that underpin them.
If you’re ready, let’s dive in.
Trends in Malware
Especially when looking at statistics on overall malware volume, it’s worth remembering that many individual malware samples only have a limited shelf life: i.e., they are only in active use by threat actors for a short period before they move onto new variants.
Nevertheless, rising malware volumes and continued high attack rates demonstrate that malware-related attacks remain an extremely serious cyber threat.
Malware Volumes
1. There are around 1.2 billion malicious programs and potentially unwanted applications (PUA) in existence.
2. In 2023, more than 100 million strains of malware and PUA were identified by AV-Test.
3. Recently, the most active year for new malware variants was 2021, when around 150 million new programs were identified.
4. Last year, threat actors deployed an average of 200,454 unique malware scripts per day - or roughly 1.5 new samples per minute.
Malware Attack Rates
5. Last year, 81% of organizations faced malware threats, phishing attacks, and password attacks.
6. In 2022, there were 5.5 billion malware attacks worldwide, a 2% increase from the previous year.
7. In recent years, the highest number of malware attacks was in 2018 (10.5 billion attacks globally).
8. In 2023, malware showed up in 40% of data breaches—which is 30% up from 2022.
Malware Categories and Variants
Ransomware remains the most prevalent malware category (for more detailed information on this type of threat, be sure to check out our latest rundown of ransomware statistics). Recent malware statistics also highlight a growing trend in the volume of attacks aimed at IoT devices.
Malware Variants
9. In 2022, according to Trend Micro Smart Protection Network detections, worms were the most frequently blocked category of malware.
10. Webshell, Emotet, and Negasteal were the three most frequently detected malware families detected in 2022.
11. According to Trend Micro, Webshell was the single most frequently-encountered malware family encountered in H1 2023. This type of malware exploits vulnerabilities in internet-facing web servers.
12. XLoader Packer was the most frequently encountered category of Android malware in H1 2023. This is a backdoor trojan that uses Domain Name System (DNS) spoofing to distribute malware infections through Android apps.
13. In the year to June 2023, Magniber was the most commonly-encountered malware variant used in ransomware attacks. It was found in approximately 21% of all ransomware encounters.
14. The top four ransomware variants (Magniber, Lockbit, Hive, and BlackCat) comprise 65% of all ransomware encounters.
Malware File Names
15. The most commonly encountered malware file name is “purchase order.exe.”
The Persistent Threat of Ransomware
16. Ransomware is the most common form of malware. Ransomware is present in almost 70% of malware-related breaches, and 24% of all breaches overall.
17. In 2022, there were around 500 million ransomware attacks globally.
18. The worst year on record for ransomware attacks was 2021, when over 600 million attacks occurred across the globe.
19. In 2021, it was estimated that someone falls victim to a ransomware attack every 11 seconds.
20. Experts predict that by 2031, ransomware will attack an organization, consumer, or device every 2 seconds.
IoT Malware Variants
21. 2022 saw an 87% year-on-year increase in the number of malware attacks targeting Internet-of-Things (IoT) devices (112.3 million attacks globally).
22. In 2022, the finance sector saw a 252% year-on-year increase in the volume of IoT malware attacks—the most significant increase of any industry sector.
Targets of Malware
Globally, the USA sees the lion’s share of malware attacks. However, when it comes to the chances of being hit by malware—i.e., the volume of attacks compared to the number of devices/users—the malware statistics tell a very different story.
Malware Attacks by Global Region
23. North America remains the region most frequently attacked by malware. However, in 2022, there was a 10% year-on-year decrease in the volume of attacks to 2.75 billion, the region’s lowest total since 2017.
24. In 2022, Europe, LATAM, and Asia recorded double-digit increases in the volume of malware attacks of 10%, 17%, and 38% respectively.
Malware Attacks by Country
25. The United States is the country most frequently attacked by malware. In 2022, the United States saw ~2.7 billion malware attacks, out of ~5.5 billion attacks globally.
26. Of US states, California has the highest malware attack volume.
27. Based on malware spread—i.e., number of attacks per-head of the population—Kansas is the US state where the risk of malware attack is highest.
28. Vietnam is the country with the highest malware spread—i.e., the largest volume of malware attacks compared to the size of the population.
29. According to NordLocker’s analysis, the United States is the country most frequently attacked by ransomware. In 2022, the country experienced 38.8% of all attacks.
Industries Most Hit by Malware
30. Education is the industry sector most likely to be hit by a malware attack. The volume of attacks against this sector rose by 157% between 2021 and 2022.
31. Between 2021 and 2022, the volume of malware threats targeting the healthcare industry fell by 15%.
32. In the year to 2023, the retail and finance sectors saw year-on-year increases in the volume of malware attacks of 50% and 86% respectively.
33. According to Sophos, 66% of organizations were targeted by ransomware attempts in 2022. The sector breakdown is as follows:
Malware Attacks and Organization Size
34. In the year to June 2023, 70% of organizations encountering human-operated ransomware had fewer than 500 employees.
35. Based on ransomware cases analyzed by NordLocker that occurred between January 2022 and January 2023, small and medium-sized companies between 11 and 50 employees, as well as companies with 51-200 employees, suffered the most cyber attacks, based on a cyber attack-per-employee ratio.
Motives of Malware Attackers
Especially following the war in Ukraine, state-sponsored and politically motivated malware attacks have grabbed a lot of headlines.
While these incidents are increasing in volume, it’s still the case that a very large majority of malware attacks are motivated by plain, old-fashioned greed.
Malware Threat Actors: Identity
36. Top 10 Ransomware Groups in the year to June 2023:
Financial Motivations of Malware Threat Actors
37. Verizon’s 2023 Data Breach Investigations Report suggests that the vast majority (94.6%) of cyber security breaches—including malware attacks—are driven by financial motivations.
38. An estimated 65% of threat actors are thought to be linked to organized crime. Around 15% fall into the “other” category (e.g., lone wolf attackers).
39. Ransomware is present in 59% of all incidents with a financial motivation.
40. Ransomware is present in 62% of all incidents committed by organized crime actors.
Malware and Nation-State/State-Sponsored Activity
41. It is estimated that around 5% of threat actors are nation-state or state-affiliated attackers.
42. Espionage is the motivator for approximately 3% of attacks. “Ideology” and “Grudge” are the motivators of around 1% of attacks each.
43. In 2022, Ukraine witnessed an 8,105% increase in total malware attacks, including a 5,835% increase in ransomware.
44. In 2021, an estimated 74% of all money made through ransomware attacks went to Russia-linked hackers.
45. In H2 2021, The US Treasury’s Financial Crimes Enforcement Network found that 75% of ransomware-related incidents were linked to Russia, its proxies, or persons acting on its behalf.
46. In the year to June 2023, almost half of attacks by Russian state or state-affiliated cyber threat actors were targeted against Ukraine. A further 36% of attacks were targeted at NATO member states.
47. Education (16%), Government (12%) and Think Tanks / NGOs (11%) are the sectors most frequently targeted by state-sponsored threat groups globally.
Methods, Technologies, and AI in Malware Creation and Distribution
Recent statistics show that threat actors are adapting malware in light of new working models (e.g., working from home). They’re using it to support crypto mining scams in ever-growing numbers. They are also putting AI to work to create new malware scripts.
Malware and Remote Work
48. In 2023, 62% of companies suffered a security breach connected to remote working. Poorly secured home networks, multiple unknown users, and lower policy adherence are identified by Verizon as factors that increase the risk of malware infections.
49. In 2021, the percentage of organizations that experienced installation of malware on a remote device doubled from 3% to 6%.
Malware and the Growing Crypto-Jacking Threat
50. 2023 witnessed a 399% global rise in crypto-jacking, i.e., the unauthorized use of another party’s device to mine cryptocurrency by infecting the target device with XMRig mining malware.
51. In 2023, Microsoft observed evidence of current or previous unauthorized coin mining activity in 4.2% of all its customer security engagements.
Malware Generation and AI
52. Almost half (46%) of senior security professionals believe that generative AI will increase their organization’s vulnerability to attacks, making it easier for threat actors to create and launch attacks.
53. Within days of its launch in July 2023, the Telegram channel for Worm-GPT, a malware and phishing campaign generation tool, had picked up more than 5,000 followers.
Impact of Malware Attacks
Statistics show that malware's implications are significant in terms of financial cost and broader disruption. A majority of organizations realize the need for more anti-malware measures.
Cost of Malware Attacks
54. The total global cost of ransomware exceeded $30 billion last year.
55. According to IBM, the global average cost of a data breach in 2023—including breaches caused by malware—was $4.45 million, which is 15% more than in 2020.
56. For companies with an annual turnover of less than $10 million, the average cost of recovery following a ransomware attack is $165,520.
57. In 2021, average ransomware demands were estimated at $220,298—a 43% increase from 2020.
58. Based on FBI data, the median amount paid by ransomware victims to threat actors is $10,000.
59. In 2023, 84% of private sector organizations hit by ransomware reported that the attack caused them to lose revenue.
60. Lower education (94%) and construction (93%) were the sectors most likely to report some loss of business/revenue.
Readiness to Mitigate the Malware Threat
61. 68% of IT professionals responsible for malware detection say they face challenges in detecting both known and unknown variants of malware.
62. 67% of businesses say they are “grappling with inadequate signature-based solutions” for dealing with the malware threat.
63. 54% of IT professionals say they are dealing with fragmented tools for detecting malware.
64. 68% of organizations recognize the need for additional investments in tools and processes to enhance their malware detection and threat intelligence capabilities.
65. Just 22% of businesses describe their threat intelligence programs as “fully mature.” Most say they are still in the early stages of development.
New Technologies for Responding to Malware
66. AI-based threat intelligence tools are up to 300% more accurate than traditional techniques at detecting attempts by malicious scripts to target a device with a common vulnerability.
67. AI tools may be able to identify 70% more malicious scripts than traditional techniques alone.
68. Just 11% of IT managers currently use AI for threat detection, but 56% are optimistic about the use of it in the future.
Notable Malware Attacks
MOVEit
Made public in May 2023, a vulnerability in the MOVEit file transfer solution was exploited by multiple hacker groups. Within six months, these attacks had impacted over 2,000 organizations and exposed the data of 60 million people. Get the full lowdown on this breach here:
Ukraine Power Grid Attack
The potential of malware attacks hitting critical infrastructure has received a lot of coverage since Russia’s attack on Ukraine. However, one of the most significant attacks predates the current conflict. The 2015 attack on the Ukraine Power Grid was the first of its kind.
Worm-GPT Recalibrates
We’ve touched on the emerging trend of hackers using the power of generative AI for creating new malware scripts. This video illustrates how the founders of one of the earliest and best known GenAI tools, WormGPT, are recalibrating it as a white hat hacking resource.
Conclusion
Recent malware statistics illustrate how the cyber security landscape is constantly evolving.
Well-established categories of malware (e.g., ransomware) remain major parts of that landscape. However, they are joined by new threats, such as crypto-jacking, IoT-targeted campaigns, as well as the increasing use of AI for generating malicious scripts.
All of this highlights the need to stay on top of cyber security best practices. It also shows the importance of making sure your skills and knowledge align with the malware detection and threat intelligence capabilities organizations are looking for.
To learn how to protect yourself and your business or become a cyber security professional yourself, consider a StationX Membership.
With access to thousands of courses and labs, mentors, mastermind groups, and custom career and certification roadmaps, we can help you succeed in your personal cyber security goals.
Frequently Asked Questions
Sources:
- AV-Test: Malware Statistics and Trends Report
- BBC: ‘74% of Ransomware Revenue Goes to Russia-linked Hackers’, Article, February 2022
- BlackBerry: ‘New Malware is Born Every Minute’, Article, May 2023
- Conceal: Who’s Who in Ransomware Report, 2023
- Help Net Security: ‘Cryptojacking Soars as Cyber Attacks Increase’, Article, July 2023
- IBM: Cost of a Data Breach, Report, 2023
- Infosecurity Magazine: ‘AI Boosts Malware Detection Rates by 70%’, Article, November 2023
- Microsoft: Digital Defense Report, 2023
- Nordlocker: ‘Ransomware Statistics: Who is Targeted Most?’, Report, 2023
- OPSWAT, ‘2023 Threat Intelligence Survey Results’, Article, August 2023
- SC Magazine: ‘Ransomware Payouts and Recovery Costs Went Way Up in 2023’, Article, August 2023
- Security Magazine: ‘81% of Companies Had Malware, Phishing and Password Attacks in 2023’, Article, December 2023
- Security Magazine: ‘Detecting Malware Cited as Challenge for Organizations’, Article, August 2023
- SOCRadar: ‘Worm GPT: Blackhat AI Module Surges to 5,000 Subscribers in Just Few Days’, Article, July 2023
- SonicWall: Cyber Threat Report, 2023
- Sophos: State of Ransomware Report, 2023
- Statista: Annual Number of Malware Attacks Worldwide from 2015 to 2022
- Statista: Malware Types Most Frequently Blocked in Malicious Files Worldwide
- Statista: Number of Malware Attacks by Country
- TechCo: ‘Ransomware Statistics: Key Trends, Insights and Questions Answered’, Article, July 2023
- Trend Micro: 2023 Midyear Cybersecurity Threat Report
- US Treasury Dept: ‘Treasury Sanctions Russian Ransomware Actor’, Press Release, May 2023
- Verizon: Data Breach Investigations Report, 2023
- Verizon: Mobile Security Index, 2023
- Yahoo Business Wire: ‘Deep Instinct Study / Attacks Fueled by Generative AI’, Article, August 2023