Malware has been around for more than 40 years, but according to a report from Panda Security 20 percent of all of the malware that's ever existed was created in 2013. That’s the equivalent of 30 million new malware threats in one year, or about 82,000 per day.
Given that context, you should probably consider yourself lucky your devices aren’t constantly compromised. Even if you got infected by one malware attack per month, it would still mean you were spared from 99.9999 percent of all the possible new threats. Your antimalware must be doing something right.
PandaLabs found that more than seven in 10 of the new threats in 2013 were Trojans. Factoring that against the total volume of malware for the year, Panda discovered more than 21 million new Trojan variants last year. The rest of the malware threats were composed of worms (13.3 percent), viruses (8.49 percent), adware/spyware (6.93 percent), and a very miniscule number that fell into the “other” category.
Not surprisingly, the rates of actual malware compromise are similar. Trojans lead the way, accounting for nearly eight out of 10 infections in 2013. The most infected country was China with 54.03 percent of the total detected infections. It’s probably not a coincidence that China also has the highest percentage of users running Windows XP.
The sheer volume of malware seems to be less of a direct concern, however, than targeted attacks and data breaches. Twitter was targeted in February 2013, followed by Facebook, Apple, and Microsoft. PandaLabs reports that all four of these major tech companies fell victim to a sophisticated attack that targeted users by exploiting an unpatched Java vulnerability.
PandaLabs singles out the breach at Adobe as one of the most heinous incidents of last year. Source code for some Adobe products was compromised, and the usernames and passwords of more than 38 million active users were exposed. Sadly, what we learned is that nearly two million accounts—about five percent of the total—used the ridiculously insecure password of “123456” despite many similar breaches in the past and the oft-repeated message from security experts to use more complex passwords. Another half million users relied on “123456789,” and nearly 350,000 accounts simply used “password” as the password.
Social networks also came under fire in 2013. The Burger King Twitter account was hacked, and the attackers changed the images to McDonald’s and claimed that the fast food chain had been acquired by its rival. The Twitter account of the Associated Press was also hacked, and attackers used it to send out fake news alerts claiming that bombs had been detonated at the White House and that President Obama had been injured.
PandaLabs also explored the world of mobile malware, and concluded—like every other security vendor out there—that Android is by far the primary target of mobile malware developers. Panda warns Android mobile users that they are in the crosshairs and to expect new waves of attacks and attempts to steal personal and financial data from Android devices in 2014.
For more details, check out the complete Panda Security Annual Report PandaLabs 2013 Summary.