Malware Activity: Key Statistics
Quarter over Quarter comparison:
January 1, 2022 - March 31, 2022

Each reporting period, we analyze URLs, domain names, and IP addresses reported for serving up or distributing malware. We use these and other metadata – domain and IP address registration data, ICANN registry and registrar monthly reports, routing data, attack type, and other indicators – to report key statistics for each reporting period.

We analyzed 583,821 malware reports collected during the April - June 2021 period, a decrease of 503,989 reports (46%) over the previous period.

168% INCREASE IN NUMBER OF MALWARE REPORTS COLLECTED FROM FEEDS

26% INCREASE IN INTERNET OF THINGS (IOT) MALWARE

188% INCREASE IN REGISTRARS WITH DOMAINS REPORTED FOR MALWARE

29% INCREASE IN ASNs WHERE WE OBSERVED MALWARE HOSTING OR DISTRIBUTION

20% DECREASE IN IPV4 ADDRESSES REPORTED FOR SERVING MALWARE

A comparison of key statistics from appears in the table below.

Measurement October to December 2021 January to March 2022 Change
in
Measurement
Total number of malware reports collected from feeds (per quarter) 1,053,971 2,824,937 1,770,966
Total number of malware records produced from malware reports 613,478 599,379 -14,099
Endpoint malware (targets user-attended devices) 193,762 193,703 -59
Internet of Things (IoT) malware (targets sensors, wearables, appliances...) 215,317 232,355 17,038
Uncategorized malware (Verified as malware but not classified) 204,399 173,321 -31,078
Unique domain names reported for serving up malware 38,176 48,176 10,000
Top-level Domains (TLDs) where we observed malware hosting 360 387 27
Registrars that had gTLD domains under management reported for serving malware 375 1,080 705
Hosting Networks (ASNs) where we observed malware hosting or distribution 3,981 5,144 1,163
Unique IPv4 addresses reported as serving or distributing malware 167,339 135,517 -31,822