- 315,000 new samples are analysed every day.
- Browser-based attacks nearly doubled to 1,700,870,654.
- Offline attacks (via USB flash-drive, for example) totalled 3 billion, from a total of 1.8 million malicious and potentially unwanted programs.
- 104,427 new mobile malware samples were discovered in 2013 - an increase of 125 per cent on the previous year.
- Seven of the top 20 web-based malicious programs were drive-by attacks.
- 90.52 per cent of all detected attempts to exploit vulnerabilities targeted Oracle Java.
The above numbers are staggering but what do they actually mean to you and me?
Firstly, the volume of malware being created shows no sign of slowing down. It's also growing dramatically on the smartphones and tablets we're now using to bank, shop and network online.
Secondly, the majority of web-based attacks happen automatically, in so-called drive-by attacks. This is when cybercriminals identify insecure web sites and plant a malicious script in HTTP or PHP code on one of the web pages. This script may directly install malware onto the computer of someone who visits the site, or it may redirect the victim to a malicious site controlled by the cybercriminals.
Thirdly, one of the key reasons why we're vulnerable to such attacks is that we fail to apply security updates to the operating system or applications we use. The risk can be easily reduced by keeping software up to date. The most targeted application is Java; in 2013, Java vulnerabilities alone accounted for more than 90 per cent of cybercriminal attacks. This isn't surprising, since cybercriminals typically focus their attention on applications that are widely-used and are least likely to be regularly updated, giving them a sufficient window of opportunity to achieve their goals.
Finally, don't forget that removable media (USB flash drives, camera and phone memory cards or external hard drives) make it easy for malware to spread from computer to computer - this could include spreading malware from your home computer to your work place.
But we're not helpless victims of the cybercriminals. We can reduce our exposure to attack by taking some simple steps:
- Apply security updates to your operating system and applications as soon as they are released - don't put it off!
- Protect all your devices with security software.
- Don't click on attachments or links in unsolicited messages - it's always better to type a URL directly into your browser, to avoid the risk of being taken to a phishing site.
- Avoid over-sharing online, since personal information made public makes the job of identity thieves easier - if you wouldn't publish something on the front page of a national newspaper, don't post it online!
- Use a unique, complex (include letters, numbers and special characters) and long password (*at least* eight characters, ideally 15) password for each online account.
- Don't use untrusted public wi-fi networks to transact confidential business (e.g. online banking).
- And for your smartphone or tablet specifically:
- Don't 'jailbreak' or 'root' your device.
- Don't install apps from untrusted sources.
- Set a PIN or ideally a longer passcode - if your device is lost or stolen, it's all that prevents someone accessing your device and all your online accounts!