30 million UK cyber attacks carried out in Q4

News by Mark Mayne

Nearly 30 million cyber attacks were carried out in the UK in the fourth quarter alone last year, according to new research.

Attacks via browsers were the primary method for spreading malicious programs, with 12.1 million cyber-threats being detected, according to the figures from Kaspersky Lab, with local threats being even more prevalent, hitting 17.5 million during the same time period. 

Those two figures place the UK at 125th worldwide and 138th in the world, but the number of incidents caused by servers hosted came to to 11.2 million – ranking the United Kingdom at sixth worldwide.

Globally, just over 30 percent of computer users were subjected to a malware-class web attack in 2018, while more than 5.5 million unique computers were targeted by miners - a form of malware that garnered an 8.5 percent share of overall detections. That contrasts with more than 800,000 that were targeted by various forms of banking malware.  

Kaspersky noted that the most common strategy in browser-borne attacks is to target plug-ins or browser vulnerabilities directly, while device and system-agnostic social engineering is the second most popular tactic.

"2018 will be remembered for the large number of targeted attacks using exploits for zero-day vulnerabilities. As in the previous year, the share of users attacked by exploits for vulnerabilities in Adobe Flash Player and Internet Explorer has decreased, even though some new zero-day publicly exploited vulnerabilities have been found in both products", noted the report authors.

Felix Rosbach, product manager at comforte AG told SC Media UK: "We all have to find a balance between security and comfort, between protection and business enablement. With too much security, users are unable to be productive. Too much access opens up organisations to a data breach.

"While the chances of being breached are higher than ever before, there is not much you can do about it. Classic defence like firewalls and anti-Virus only protects you from known attack methods. To protect what is worth being protected you have to make sure that your identity and access management is under control – and that you render sensitive data unreadable."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews