The overall global Internet threat level grew by 6,9 percentage points in 2013 – with 41,6% of computers being the victim of an attack at least once.
In order to conduct all these attacks over the Internet in 2013, cybercriminals used 10 604 273 unique hosts, which is 60,5% more than in 2012.
The US and Russia are the leading hosts of malicious web resources – 45% of Web attacks neutralised by Kaspersky Lab products were launched from these countries.
2013 saw a further increase in the security issues around mobile devices, with a new level of maturity in terms of the sophistication and a number of these threats. Most malicious mobile apps principally aimed to steal money, and subsequently personal data. Android is still the main target, attracting a whopping 98,05% of known malware.
Kaspersky Lab is detecting 315 000 new malicious files every day. Last year’s number was 200,000. Meanwhile, Kaspersky Lab’s products repelled an average of 4 659 920 attacks on users every day when they were online.
The number of browser-based attacks over the last two years has almost doubled to 1 700 870 654. Kaspersky Lab detected 104 427 new modifications of malicious programs for mobile devices, which is 125% more than in 2012. In October 2013 alone, Kaspersky saw 19 966 mobile malware new modifications. That’s 50% of the total it found in the whole of 2012, uncovered in a single month.
Based on 2013’s figures, 15 countries can be assigned to a high risk group based on their risk level while surfing the Internet. Russia, Austria, Germany, several former Soviet republics and several Asian countries had 41-60% of Kaspersky Lab users reporting attempted web attacks on their computers.
In terms of the popular vulnerable applications exploited by cybercriminals, 90,52% of all detected attempts to exploit vulnerabilities targeted Oracle Java. These vulnerabilities are exploited in drive-by attacks conducted via the Internet, and new Java exploits are now present in lots of exploit packs.
Seven of the Top 20 malicious programmes on the Internet were threats that are blocked during attempted drive-by attacks. This is currently the most common attack method for web-based malware. The verdicts in Kaspersky Lab’s ranking are assigned to scripts that redirect to exploits as well as to the exploits themselves.
Compared to 2012, there was an increase in the proportion of blacklisted malicious links blocked in South Africa. Nearly half of the listed malicious programmes in this South Africa Top 20 rating, were verdicts identifying threats that are blocked during attempted drive-by attacks.
They are the heuristic verdicts Trojan.Script.Generic, Trojan.Script.Iframer, Exploit.Script.Blocker, Trojan-Downloader.Script.Generic and the non-heuristic.
Eight out of 20 entries are annoying advertising of software, offering installation of multiple browser extensions (toolbars, search engines, etc). Kaspersky Lab has seen growth of such malicious programmes comparing with 2012 by more than half (from 3.3% up to 8%). They are spreading mostly in addition to popular legal software on the so-called “soft portals”.
“There is unlikely to be any slow-down in development of malicious apps, especially for Android. To date, the majority of malware has been designed to get access to the device. In the future, there is also a high probability that the first mass worm for Android will appear. Android ticks all the boxes for cybercriminals – it’s a widely-used OS that is easy to use for both app developers and malware authors alike,” says Riaan Badenhorst, MD of Kaspersky Lab Africa.