Surrounded: Unique malware up 13.7%; AV threats up 523%, backdoors 134%; banking trojans 61%

News by Rene Millman

Unique malware varieties have risen by an eighth this year, according to The Kaspersky Security Bulletin: Statistics of the Year report, with Web skimmer files blamed for growth in unique malicious code.

According to The Kaspersky Security Bulletin: Statistics of the Year report, over the last year, the number of unique malicious objects it detected grew by 13.7 percent reaching 24,610,126. 

The company said that this growth was mainly influenced by a 187 percent rise in web skimmer files. It added that other threats, such as backdoors and banking Trojans detected in-lab, also grew, while the presence of miners dropped by more than a half.

According to the company, these trends have demonstrated a shift in the type of threats used by attackers on the web who search of more effective ways to target users.

At the same time the number of threats detected by web antivirus have risen by 523 per cent, totalling 2,660,000 in 2019. Web skimmers also entered the top 20 malicious objects detected online, taking tenth place in the overall ranking. The share of new Backdoors and banking Trojan files, among all types of threats detected in-lab, also grew by 134 per cent and 61 per cent to reach 7,644,402 and 739,551 respectively.

However, the number of unique malicious URLs detected by Kaspersky web antivirus halved in comparison to 2018 (50.5 per cent) – from 554,159,621 to 273,782,113. Kaspersky said that the shift was largely caused by significant decrease of hidden web miners, even though several detections related to them (including Trojan.Script.Miner.gen, Trojan.BAT.Miner.gen, Trojan.JS.Miner.m), can still be seen in the top 20 web malware threats.

The presence of programs that secretly generate cryptocurrency on users’ computers (called ‘local’ miners) has also been steadily declining over the year: the number of users’ computers affected by attempts to install miners dropped by 59 percent, from 5,638,828 to 2,259,038.

According to the report, 85 percent  of web threats were detected as malicious URLs. This includes links to web pages containing redirects to exploits, sites with exploits and other malicious programs, botnet command and control centres, extortion websites, and others.

Vyacheslav Zakorzhevsky, head of anti-malware research at Kaspersky, said that the volume of online attacks has been growing for years, but in 2019 we saw a clear shift from certain types of attacks that are becoming ineffective, to the ones focused on gaining clear profit from users.

"This is partly due to users becoming more aware of the threats and how to avoid them, and organisations steadily becoming more responsible. A good example is miners, which have lost their popularity due to lower profitability and cryptocurrencies’ fight against covert mining. This year we also witnessed growth in zero-day exploits, showing products remain vulnerable and are used by attackers for sophisticated attacks, and this trend is likely to continue in the future," he added.

*The share of all malware web attacks detected on the computers of users.

Javvad Malik, security awareness advocate at KnowBe4 told SC Media UK that there could be a number of factors at play which have resulted in the number of unique malicious objects growing. 

"It could be because there are more authors at work, or more likely, it could be that the criminals have got more efficient at sharing or obtaining each other’s malware and making minor modifications. Even outside of the dark web, a cursory web search can yield many open source malicious files such as ransomware," he said.

Paul Ducklin, principal research scientist at Sophos, told SC Media UK that the good news is that the number of new malware samples a day isn't a measure of how complex or dangerous the average threat is. 

"Most new samples are just minor variations of an existing theme and can be mopped up proactively. The bad news is that the number never seems to decrease, because the crooks are still coining it and therefore don't have any reason to slow down. So, whatever you do, make sure you've got all the basics right before you start concentrating on protecting against any specific sort of malware," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews