Malware Activity: Key Statistics
Quarter over Quarter comparison:
October 1, 2021 - December 31, 2021

Each reporting period, we analyze URLs, domain names, and IP addresses reported for serving up or distributing malware. We use these and other metadata – domain and IP address registration data, ICANN registry and registrar monthly reports, routing data, attack type, and other indicators – to report key statistics for each reporting period.

We analyzed 583,821 malware reports collected during the April - June 2021 period, a decrease of 503,989 reports (46%) over the previous period.

94% INCREASE IN NUMBER OF MALWARE REPORTS COLLECTED FROM FEEDS
15% INCREASE IN INTERNET OF THINGS (IOT) MALWARE
13% INCREASE IN ENDPOINT MALWARE
68% INCREASE IN TLDs WHERE MALWARE WAS OBSERVED
108% INCREASE IN REGISTRARS WITH DOMAINS REPORTED FOR MALWARE
70% INCREASE IN IPV4 ADDRESSES REPORTED FOR SERVING MALWARE

A comparison of key statistics from appears in the table below.

  
    Measurement
    July 2021 - September 2021
    October 2021 - December 2021
    Change 
in
 Measurement
  

    Total number of malware reports collected from feeds (per quarter)

    583,821
    1,053,971
    549,982
  

    Total number of malware records produced from malware reports
    881,186    
    613,478
    267,708
  

    Endpoint malware (targets user-attended devices)
    129,403
    193,762
    16,502
  

    Internet of Things (IoT) malware (targets sensors, wearables, appliances...)
    187,632
    215,317
27,685
  

    Uncategorized malware (Verified as malware but not classified)
    118,724    
    204,399
    85,675
  

    Unique domain names reported for serving up malware
    36,075   
    38,176
    2,101
  

    Top-level Domains (TLDs) where we observed malware hosting
    214
    360
    146
  

    Registrars that had gTLD domains under management reported for serving malware    
    180
      375
    195
  

    Hosting Networks (ASNs) where we observed malware hosting or distribution
    1,792  
    3,981
    121
  

    Unique IPv4 addresses reported as serving or distributing malware
    98,295
    167,339

    69,044
  

Measurement	July 2021 - September 2021	October 2021 - December 2021	Change in Measurement
Total number of malware reports collected from feeds (per quarter)	583,821	1,053,971	549,982
Total number of malware records produced from malware reports	881,186	613,478	267,708
Endpoint malware (targets user-attended devices)	129,403	193,762	16,502
Internet of Things (IoT) malware (targets sensors, wearables, appliances...)	187,632	215,317	27,685
Uncategorized malware (Verified as malware but not classified)	118,724	204,399	85,675
Unique domain names reported for serving up malware	36,075	38,176	2,101
Top-level Domains (TLDs) where we observed malware hosting	214	360	146
Registrars that had gTLD domains under management reported for serving malware	180	375	195
Hosting Networks (ASNs) where we observed malware hosting or distribution	1,792	3,981	121
Unique IPv4 addresses reported as serving or distributing malware	98,295	167,339	69,044

Quarter over Quarter Comparisons of:

Key Statistics

Activity in TLDs

Activity i n Domain Registrars

Activity in Hosting Networks (ASNs)

Malware Activity: Key StatisticsQuarter over Quarter comparison: October 1, 2021 - December 31, 2021

Malware Activity: Key Statistics
Quarter over Quarter comparison:
October 1, 2021 - December 31, 2021