In the last four years, hackers performed over 11-million malware attacks, reveals the latest study by NordPass, which also investigates which countries are the most targeted, which credentials are the most leaked, and which type of malware Internet users fall victim to the most frequently.
From 2020 to 2022, the number of malware attacks reported has grown from over 600 000 to almost 5-million. In the first nine months of 2023, over 2,7-million cases were reported.
“We noticed that cybercriminals are using increasingly sophisticated hacking techniques and targeting their attacks more precisely – including towards governmental institutions and critical infrastructure,” says Tomas Smalakys, chief technology officer of NordPass. “This year, the FBI seized control of hundreds of routers infected by malware that was targeting critical infrastructure.”
Having investigated which online credentials hackers aim to steal, researchers found that the most popular cloud servers, email accounts, and social media platforms are their prime targets.
According to Smalakys, threat actors usually seek monetary gain and access to sensitive platforms gives them the leverage to demand a ransom payment, sell data, or otherwise exploit stolen accounts.
These are the most targeted domains:
* accounts.google.com – 8,2-million stolen records.
* facebook.com – 5,9-million stolen records.
* login.live.com – 5,6-million stolen records.
* m.facebook.com – 3,2-million stolen records.
* Instagram.com – 3,1-million stolen records.
* discord.com – 3,1-million stolen records.
* netflix.com – 3-million stolen records.
* roblox.com – 2,8-million stolen records.
* com.facebook.katana – 2,5-million stolen records.
* amazon.com – 2,4-million stolen records.
* paypal.com – 2,3-million stolen records.
* twitter.com – 2,3-million stolen records.
“Malware steals data from places you may not imagine, including Excel sheets, browsers and text documents where many save their passwords and other important credentials,” says Smalakys.
“Internet users are still not aware of the consequences these attacks may have on their lives. Granting hackers access to, let’s say, your Google account could initially block you from your digital life given that many of us use Google to join other platforms too.”
The study showcases that Brazil, the US, and India are the countries whose Internet users experienced the most malware attacks in the past four years. While no European country got into the top 10, France ranks 15th and takes the lead for the highest number of users affected by malware in Europe.
The top 10 are as follows:
* Brazil – 9 659 846 affected users.
* US – 6 966 426 affected users.
* India – 6 914 742 affected users.
* Indonesia – 5 354 246 affected users.
* Vietnam – 3 611 798 affected users.
* Egypt – 3 516 376 affected users.
* Mexico – 3 042 467 affected users.
* The Philippines – 2 926 483 affected users.
* Turkey – 2 888 663 affected users.
* Pakistan – 2 849 788 affected users.
Based on the study, the most prevalent types of malware in the last four years have been RedLine (attacks constitute 59% of the total records collected), Vidar (18%), and Raccoon (12%). Other common types of malware include AZORult, CryptBot, Taurus, and Meta Stealer.
Smalakys shares his insights on how to avoid falling victim to any of these malware attacks:
* Be careful with your email activity. Internet users are often infected with malware via email because spam and phishing tricks can convince users to click on harmful links or download infected attachments. Careless browsing, such as clicking on pop-ups, can also lead to visiting malicious websites that stealthily download malware.
* Use antivirus software to detect and remove malware from devices. A good antivirus program scans the system constantly for known malware signatures and behaviours providing an essential layer of defence against various threats.
* Keep operating systems, applications, and firmware up to date. Doing so is important because, when the system is updated, it includes security patches and bug fixes that help protect the system from threats like malware. Cybercriminals often target known security vulnerabilities so updating the system is crucial in maintaining security.
* Use a password manager. Using a password manager to store passwords is a more secure option because the environment is fully encrypted. This tool not only allows you to generate unique and complex passwords for each account, but also helps to reduce the chances of unauthorised access.