Kaspersky: 411,000 Malicious Files Were Unleashed Daily in 2023

A hacker in a dark room with a covered face typing away at a computer trying to steal personal information or hack into a system is a cybersecurity threat. PHOTO: Nahel Abdul Hadi/Unsplash A hacker in a dark room with a covered face typing away at a computer trying to steal personal information or hack into a system is a cybersecurity threat. PHOTO: Nahel Abdul Hadi/Unsplash
A hacker in a dark room with a covered face typing away at a computer trying to steal personal information or hack into a system is a cybersecurity threat. PHOTO: Nahel Abdul Hadi/Unsplash

Kaspersky’s detection systems discovered an average of 411,000 malicious files every day, which is an increase of nearly 3% in 2023 compared to the previous year. Particular types of threats also escalated: experts observed a marked surge of 53% in attacks involving malicious Microsoft Office and other types of documents.

Attackers leaned towards more dangerous tactics, such as utilizing backdoors to infiltrate systems undetected. These insights, detailed in the Kaspersky Security Bulletin: Statistics of the Year Report, underscore the evolving landscape of cyber threats.

In 2023, Kaspersky’s systems detected almost 125 million malicious files in total. Windows continued to be the primary target for cyberattacks, accounting for 88% of all malware-filled data detected daily.

Malicious families disseminated through various scripts and different document formats ranked among the top three threats, accounting for 10% of all malicious files detected daily.

Kaspersky’s detection systems discovered a rather significant daily increase of malicious files in various document formats — for instance, Microsoft Office, and PDF — rising by 53% to about 24,000 files. The growth may be linked to a rise in attacks utilizing phishing PDF files, designed to pilfer data from potential victims.

The most widespread type of malware continues to be trojans.

This year, there has been a notable uptick in the use of backdoors, registering a growth from 15,000 detected files per day in 2022 to 40,000 in 2023.

Backdoors stand out as one of the most hazardous types of trojans, providing attackers with remote control over a victim’s system to carry out tasks such as sending, receiving, executing, and deleting files, as well as harvesting confidential data and logging computer activity.

“The cyberthreat landscape continues to evolve, becoming more dangerous year after year. Adversaries continue to develop new malware, techniques, and methods to attack organizations and individuals. The number of vulnerabilities reported is also growing annually, and threat actors including ransomware gangs use them without hesitating,” said Vladimir Kuskov, Head of Anti-Malware Research at Kaspersky.

Furthermore, he says the entry barrier into cybercrime is now being lowered due to the proliferation of artificial intelligence (AI), which attackers use, for example, to create phishing messages with more convincing texts. “In these times, it is essential both for large organizations and for every regular user to embrace reliable security solutions”.

Kuskov adds that Kaspersky experts are dedicated to tackling these ever-evolving cyber threats, ensuring a secure online experience for users every day and providing vital threat intelligence about relevant threats.

The discoveries are based on Kaspersky detections of malicious files from January to October and are part of Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts within the cybersecurity world.

Kaspersky’s detection systems numbers. Infographic: Kaspersky
Kaspersky’s detection systems numbers. Infographic: Kaspersky
Kaspersky offers tips to users and organizations to stay protected

Users:

  • Do not download and install applications from untrusted sources.
  • Do not click on any links from unknown sources or suspicious online advertisements.
  • Create strong and unique passwords, including a mix of lower-case and upper-case letters, numbers, and punctuation, as well as activate two-factor authentication.
  • Always install updates. Some of them may contain critical security issue fixes.
  • Ignore messages asking to disable security systems for office or cybersecurity software.
  • Use a robust security solution appropriate to your system type and devices, such as Kaspersky Premium.

Organizations:

  • Always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities.
  • Establish the practice of using strong passwords to access corporate services. Use multi-factor authentication for access to remote services.
  • Choose a proven endpoint security solution such as Kaspersky Endpoint Security for Business that is equipped with behavior-based detection and anomaly control capabilities for effective protection against known and unknown threats.
  • Use a dedicated set for effective endpoint protection, threat detection, and response products to timely detect and remediate even new and evasive threats. Kaspersky Optimum Security is the essential set of endpoint protection empowered with EDR and MDR.
  • Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.

ALSO READ: CYBERCRIMMINAL FOR HIRE: THE RISE OF RANSOMWARE-AS-A-SERVICE