Your perspective on malware is likely to change when you engage with someone who has suffered greatly because of it or once you delve into the latest facts on cyber attacks. It’s in these moments that you truly grasp the reality of malware as a legitimate and substantial threat.

In collaboration with independent third-party researchers, we analyzed cybersecurity incident data from January 2020 to September 2023 to assess and show you how big of a threat malware is today.

Here’s what we discovered…

Key findings from the research

1. With nearly 3 million attacks in 2023, malware has spread like a biological virus

While you may not find it surprising that the number of malware attacks has increased over the last few years, the speed at which this issue has been escalating might catch you off guard.

In 2020, approximately 614,144 malware-related incidents were reported. However, this number surged to 2,898,142 in 2021 and nearly doubled again in 2022, reaching 4,858,963. As you can see, these are not minor differences but massive leaps highlighting a substantial increase in the scale of the problem.

In 2023, there were 2,678,841 malware attacks reported. However, before you assume that this signals a gradual resolution of the problem, let us highlight some details that — unfortunately — indicate it’s not yet time to celebrate.

To start, the malware incident data we’ve examined covers only the first 9 months of 2023, implying that the total number of cases for the entire year will more than likely be higher.

Moreover, a troubling trend observed by numerous IT experts is the increasing frequency of successful attacks. This indicates that cybercriminals are employing more and more sophisticated hacking methods and focusing on more targeted approaches. Simply put, this means we’re observing fewer malware attacks overall, but more of them are accurate. This is further evidenced by the continuous growth in the number of successfully executed unique email attacks, as depicted in the graph below.

How does malware spread? Email is a common culprit, where spam and phishing tricks convince users to click on harmful links or download infected attachments. Careless browsing, like clicking on pop-ups, can also lead to visiting malicious websites that stealthily download malware.

Within organizations, coworkers clicking on malicious links can spread malware through the internal network, infecting multiple devices at the same time. Another risk comes from bundled software, where malware sneaks in with seemingly trustworthy downloads, causing users to unknowingly install various harmful programs — from annoying adware to data-stealing spyware.

2. Brazil, the USA, and India have the most malware-affected users

In the analysis of cybersecurity incidents, the focus was also on examining the global distribution of cases related to malware. Presented below are the top 15 countries with the highest number of malware-affected users (drawing from data spanning from October 2020 to November 2023):

1. Brazil — 9,659,846 affected users

2. USA — 6,966,426 affected users

3. India — 6,914,742 affected users

4. Indonesia — 5,354,246 affected users

5. Vietnam — 3,611,798 affected users

6. Egypt — 3,516,376 affected users

7. Mexico — 3,042,467 affected users

8. The Philippines — 2,926,483 affected users

9. Turkey — 2,888,663 affected users

10. Pakistan — 2,849,788 affected users

11. Columbia — 2,655,695 affected users

12. Thailand — 2,523,671 affected users

13. Argentina — 2,300,732 affected users

14. Peru — 2,215,622 affected users

15. France — 2,142,316 affected users

Despite securing the top rank in the 2020 Global Cybersecurity Index (GCI) with a score of 100 index points, the United States of America holds second place for the most users impacted by malware — with a staggering number equivalent to the entire population of Massachusetts. Notably, five other nations in the Americas and seven in Asia are grappling with the impacts of the malware situation.

The study also reveals that France takes the lead for the highest number of users affected by malware in Europe. This may be attributed to several factors, such as the country’s substantial internet usage (82% of the population) and the increased likelihood of economically and politically charged cyberattacks against French users.

3. RedLine is the most common type of malware

Malware comes in various types and forms like adware, spyware, ransomware, trojan horses, and keyloggers. Each one possesses specific functionalities that can compromise one’s digital security. However, certain types of malware are more popular than others.

According to the research, the most prevalent types of malware in the last four years have been:

1. RedLine

   RedLine is a type of malware designed to collect data from web browsers, applications, email and messaging apps, and cryptocurrency wallets. In simple terms, it functions as a remote access trojan, enabling cybercriminals to steal and transfer sensitive user data, which is later sold on the dark web. The research reveals that RedLine attacks constitute 59% of the total records collected — surpassing the runner-up Vidar by 3.2 times.

2. Vidar

   Vidar is malicious software designed to steal sensitive information, including login credentials, credit card details, cryptocurrency wallets, and browser history, from infected systems. The stolen data can be used for identity theft or financial fraud — or it can be sold on the dark web. As previously noted, RedLine constituted nearly two-thirds of all the analyzed attacks. However, Vidar remains a considerable threat, comprising 18% of the total number of attacks.

3. Raccoon

   Raccoon, also known as Raccoon Stealer, is a type of information-stealing malware designed to extract sensitive data from the computers of its victims. This includes, but is not limited to, login credentials and credit card information.
   Raccoon Stealer typically spreads through malicious websites, phishing emails, or other deceptive methods. Once it infects a system, it can covertly send the stolen information to a server operated by cybercriminals.
   Raccoon cases account for 12% (21% between July 2022 and April 2023) of malware attacks analyzed for this research.

Other common types of malware include AZORult, CryptBot, Taurus, and Meta.

Why have these malware types become more widespread? One reason might be that they are easier to create and deploy. Furthermore, using these types of malicious software may offer greater financial rewards for cybercriminals compared to other methods. The popularity of specific malware is also influenced by the constantly evolving landscape of cyber threats, technological vulnerabilities, and shifts in the digital environment.

4. Tens of millions of credential records were stolen from social media and entertainment platforms

Given the widespread practice of storing sensitive data on cloud servers, email accounts, and social media, it comes as no surprise that these platforms are prime targets for cybercriminals. However, the actual numbers will raise a few eyebrows.

So brace yourself for some eye-opening statistics as we explore the top domains associated with the biggest number of data theft incidents caused by malware and unveil the staggering number of records that fell into the wrong hands.

Most targeted domains*:

1. accounts.google.com – 8.2 million of stolen records

2. facebook.com – 5.9 million of stolen records

3. login.live.com – 5.6 million of stolen records

4. m.facebook.com – 3.2 million of stolen records

5. Instagram.com — 3.1 million of stolen records

6. discord.com – 3.1 million of stolen records

7. netflix.com – 3 million of stolen records

8. roblox.com – 2.8 million of stolen records

9. com.facebook.katana – 2.5 million of stolen

10. records amazon.com – 2.4 million of stolen

11. records paypal.com – 2.3 million of stolen records

12. twitter.com – 2.3 million of stolen records

The information above indicates a consistent trend of cybercriminals stealing data from widely used digital platforms. This highlights the necessity for enhanced cybersecurity measures to ensure secure data storage and access.

However, it is ultimately up to the user to take proactive steps to actively educate themselves on protecting their credentials and take appropriate follow-up measures.

*NordPass is not endorsed by, maintained, sponsored by, affiliated, or in any way associated with the owners of the mentioned domains. Domains are listed solely for the purpose of accurately reporting information related to cybersecurity incident data.

Level up your online security

 

Store and manage your digital valuables safely

 

Start Free Trial

What you can do to protect yourself from malware threats

First and foremost, protection against malware – whether for individual users or entire organizations – relies on awareness and a sense of responsibility for implementing appropriate security measures for systems, platforms, and data in use. Therefore, everyone needs to take proactive steps in this regard, as without such engagement, achieving adequate protection becomes challenging.

Here are four actions you can take to enhance your protection against malware:

1. Raise awareness: By learning about different types of malware and sharing this knowledge with others, you can effectively reduce the risk of being targeted. Awareness campaigns, for example, play a crucial role in helping people identify suspicious activities like phishing emails or dubious website links.

2. Use antivirus software: Using antivirus software is essential for detecting and removing malware from your devices. A good antivirus constantly scans your system for known malware signatures and behaviors, offering a vital layer of defense against various threats.

3. Update your systems regularly: Regularly updating your operating system, applications, and firmware is vital as it addresses known security vulnerabilities frequently targeted by malware. These updates typically include security patches and bug fixes, bolstering your system’s defenses against potential cyber threats.

4. Use a password manager: Using a password manager allows you to create and store unique, complex passwords for each of your accounts, lowering the risk of unauthorized access. By securely storing your credentials, password managers help prevent malware from stealing your login information and accessing sensitive accounts.

How NordPass can help protect your sensitive data and account access

NordPass is a cybersecurity solution designed to help businesses and individuals protect their data and minimize the threat of malware attacks. How so?

First, NordPass is an end-to-end encrypted credentials manager. This means you can use it to securely generate, store, manage, and share passwords, passkeys, credit card information, and personal data — and do so knowing that they are all protected by advanced encryption algorithms.

Second, NordPass facilitates the implementation of single sign-on (SSO) and multi-factor authentication (MFA). You can use it to present employees with a convenient yet highly secure method of logging in to the company accounts.

Third, organizations can use NordPass as an identity and access management (IAM) tool to control and monitor access to company resources in real time. In other words, with NordPass, a company can see exactly who accessed what and when and manage access privileges with ease.

In addition, NordPass goes the extra mile by utilizing a Master Password. Most browser password managers lack this feature, making them more susceptible to malware attacks.

Naturally, our product is equipped with many other features like Autofill, Data Breach Scanner, and Password Health, all designed to enhance your cybersecurity and help defend against malware-related attacks. If you’re interested in exploring these features and gaining a comprehensive understanding of our platform, we invite you to visit our website.

Stay safe!

Social media — the missing piece in a cybersecurity puzzle

When asked about why cybercriminals target passwords, most people typically think of common motives like stealing sensitive data, hijacking accounts for ransom, or infecting systems with malware to disrupt operations. But in an exclusive interview for NordPass, Dennis-Kenji Kipker, a Professor of IT Security Law and Research Director at cyberintelligence.institute, brought to light a sometimes overlooked aspect — that some attackers may steal credentials just to get access to a company’s social media platforms and wreak havoc. He said:

Simply put, Professor Kipker points out that mishandling passwords for social media accounts can lead to more than just losing access. It can also result in losing the trust of partners and customers, which can then lead to financial losses. How do we know things like these could happen? Because similar incidents have occurred in the past.

Real-life examples of huge social media takeovers

A major corporation stuns everyone by announcing its acquisition by a primary rival; a government agency spreads fake news causing chaos in the cryptocurrency market; a renowned music label reports the passing of one of its top artists — these are not plot ideas for the next season of Black Mirror. They are real instances where false information was shared through the official social media channels of popular organizations, leading many people to believe it was true.

That’s right. The first situation refers to the 2013 Twitter hack of Burger King, where cybercriminals seized control of the company’s Twitter account to spread false news alleging that Burger King had been acquired by McDonald’s. The second incident occurred in 2024 and involved the Twitter hack of the Securities and Exchange Commission (SEC). In this case, cyber attackers exploited the SEC’s account to falsely announce the approval of spot-Bitcoin exchange-traded funds, leading to a significant surge in Bitcoin’s price. The third example pertains to the 2016 incident involving the hacking of Sony Music’s Twitter account, during which cyber attackers circulated a hoax about the death of the pop star Britney Spears.

While not officially confirmed, it’s widely suspected that these social media takeovers stemmed from compromised passwords or actions leading to password breaches, such as phishing or malware. As expected, each incident damaged the affected company’s reputation, occasionally resulting in significant consequences and, at other times, causing less severe repercussions.

Of course, as you can imagine, these are but three out of hundreds, if not thousands, of other similar cases. This begs the question: why did these events occur in the first place? 

Why do social media takeovers happen?

The first reason, as hinted earlier in this article, is that businesses often overlook the security of their social media accounts. While they focus on protecting their internal systems from malware and other threats, they sometimes neglect the security of their social media presence.

Another factor may be businesses’ tendency to prioritize their core operations over social media security, assuming these platforms are inherently safe and require no additional steps to safeguard against potential risks.

The next critical aspect is when organizations overlook the necessity of removing access to social media accounts when employees leave their positions. This creates a dual risk: first, if ex-employees are dissatisfied, they can post damaging content, harming the company’s reputation. Second, inactive accounts can become targets for hackers, allowing them to use them as gateways to take over the company’s social media channels.

Then, there’s the issue with passwords. At NordPass, we use the phrase, “For almost every task at work, there’s a password.” This rings true as most business operations necessitate the use of password-protected accounts. However, as highlighted in our Top 200 Most Common Passwords report, many individuals — regardless of their job title or position within the company — use weak passwords that can be easily cracked. Moreover, many employees use the same password across multiple accounts and services, amplifying the risk of a breach.

We also need to touch upon the irresponsible sharing of passwords among company members, often done through chat, email, or… written notes (yikes!). If some business leaders were to inquire about how their staff members share passwords for company social media accounts like LinkedIn, Instagram, or Facebook, they might be alarmed by the lack of security practices in place.

Of course, losing access to company social media accounts can also happen due to phishing, malware attacks, or other cyber intrusions targeting unsuspecting employees. However, ensuring passwords are strong and securely managed at all times decreases the chances of falling victim to such cyber threats, thus protecting the integrity and security of company social media accounts.

What if your company’s social media gets hacked?

Although it’s not overly challenging to imagine the outcomes of a social media takeover, being informed about the potential consequences can provide stronger motivation for us all to take action. 

First and foremost, a social media takeover can lead to severe reputational damage. Malicious actors have the power to tarnish an organization’s reputation by posting damaging content or spreading false rumors. This could result in the loss of key business partners and clients. Even when it’s clear that the content in question is the work of cybercriminals, rebuilding relationships with partners and customers can be more challenging than expected.

Another major risk, closely tied to reputational harm, is financial loss. When cybercriminals hijack a company’s social media channels and spread false information, it can cause existing customers to turn away and deter potential customers from engaging with the brand. As a result, the company may experience a significant decline in sales revenue, and face heightened difficulty in securing investments or loans. Not to mention the fact that the time and resources required to address the aftermath of a social media takeover can impede the company’s focus on growth.

A hostile social media takeover can also result in a loss of privacy for the company’s members. In other words, it opens the door to personal information being exposed or misused, potentially resulting in identity theft or attempts to exploit someone’s private image. Repairing such damage could require years of effort and resources beyond what the company initially anticipated.

Yes, social media takeovers can be prevented

Let’s shift our focus away from discussing the reasons and dangers of social media takeover and concentrate on solutions to the problem at hand — of which there are a couple.

To effectively prevent social media takeovers, a company must first recognize the threat. As highlighted earlier, many individuals may not even realize that cybercriminals target passwords to seize control of business social media channels. Therefore, the first step is to raise awareness across the organization and establish clear guidelines for accessing and sharing social media platform credentials among company members. This includes determining who can access the credentials, specifying who they can be shared with, and deciding what actions to take when a social media manager or anyone with access to company social media leaves the organization.

Step two involves utilizing today’s available technology to allow employees to securely handle the company’s social media account credentials. This can be achieved by adopting a robust password manager like NordPass. How so?

How NordPass can help your company in this regard

First, NordPass is an easy-to-use yet technologically advanced password manager that allows organization members to securely store, manage, and share passwords, passkeys, credit card details, and other sensitive information.

Beyond that, NordPass is a cybersecurity tool that allows you to monitor access to your company resources, including social media channels. Plus, it enables you to quickly identify weak, old, and re-used passwords in your company, and check whether company credentials have been compromised in a breach. 

As a result, NordPass can be a valuable tool for organizations looking to protect their social media accounts from misuse by outsiders  — all while enhancing performance and efficiency.