Malware Trends: July - September 2024
Endpoint Malware
Malware identified as targeting endpoint devices increased 277% over the April-June 2024 reporting period. WordPress blog sites used for malware accounted for nearly all the ~12,000 malicious documents reported this period. These malware often add malicious redirects or spam links to illegal pharma sites, or link to a drive-by malware executable. We continue to see an uptick in malicious scripts. We collected over 58,000 reports of malicious scripts during this period, up from ~39,500 in the prior period. We believe that these numbers are very low, since many malicious files are reported, but few with sufficient metadata to classify by name.
For other important measurements, visit Malware Activity: Key Statistics July 1,2024 - September 30,2024.
Attackware and Traffic Injectors
IPv4 addresses reported for exhibiting characteristics of attackware and traffic injectors increased 38% to just under 1 million.
Over 70% of the nearly1 million IPv4 addresses were Malicious IP traffic sources.
Attackware increases are indicators that attackers are scanning for opportunities to disrupt or break into targeted systems or services,
The increased in traffic injector reports shows that attacks against web sites that use PHP or HTTP, or Web forums with comments that containing inappropriate or malicious content continues to be a major threat.
IoT Malware
We saw a 30% decrease in IPv4 addresses reported for hosting IoT malware. Nearly all the approximate hosted IoT Malware were again identified as Mozi. The majority of IPv4 addresses associated with IoT Malware were geolocated in China and India.
Hosting Networks
ASNs in China and India again have the most IPv4 addresses reported for hosting malware. The complete top 20 can be found at Malware Activity in Hosting Networks (ASNs) July 1,2024 - September 30,2024.