Cybercriminals Unleash 411K Malicious Files Daily in 2023

Kaspersky’s detection systems identified an average of 411,000 malicious files each day in 2023, reflecting a nearly 3% increase compared to the previous year. Notably, specific threat types experienced a significant uptick, with a 53% surge in attacks involving malicious Microsoft Office and other document formats. Cyber attackers adopted more sophisticated strategies, including the use of backdoors to infiltrate systems without detection. These findings, outlined in the Kaspersky Security Bulletin: Statistics of the Year Report, highlight the dynamic nature of evolving cyber threats.

Throughout 2023, Kaspersky’s systems identified a total of almost 125 million malicious files. Windows remained the primary target for cyberattacks, constituting 88% of all daily-detected malware-laden data. Among the top three threats detected daily, malicious families propagated through diverse scripts and various document formats, collectively accounting for 10% of all identified malicious files.

Kaspersky’s detection systems have identified a significant daily surge in malicious files across various document formats, such as Microsoft Office and PDF, experiencing a 53% increase to approximately 24,000 files. This rise is believed to be associated with an escalation in attacks utilizing phishing PDF files designed to extract data from potential victims.

Trojans remain the most prevalent type of malware, with a noteworthy increase in the use of backdoors. Detected files per day have escalated from 15,000 in 2022 to 40,000 in 2023. Backdoors, a particularly hazardous form of trojan, grant attackers remote control over a victim’s system, enabling tasks like sending, receiving, executing, and deleting files. They also facilitate the harvesting of confidential data and logging of computer activity.

The evolving cyberthreat landscape continues to pose increasing dangers each year, marked by the development of new malware, techniques, and methods by adversaries. The proliferation of AI has lowered the entry barrier into cybercrime, allowing attackers to create more convincing phishing messages. Vladimir Kuskov, Head of Anti-Malware Research at Kaspersky, emphasizes the importance of reliable security solutions for both large organizations and individual users.

Kaspersky’s findings are based on detections of malicious files from January to October and are part of the Kaspersky Security Bulletin (KSB), an annual series providing predictions and analytical reports on key shifts in the cybersecurity landscape.

To enhance protection, Kaspersky recommends the following:

For Users:

1. Avoid downloading and installing applications from untrusted sources.
2. Refrain from clicking on links from unknown or suspicious online advertisements.
3. Create strong and unique passwords, incorporating a mix of characters, and activate two-factor authentication.
4. Keep software updated to address critical security issues.
5. Disregard messages urging the disabling of security systems.
6. Utilize a robust security solution tailored to your system, such as Kaspersky Premium.

For Organizations:

1. Keep all software updated to prevent attackers from exploiting vulnerabilities.
2. Implement strong passwords and multi-factor authentication for corporate services.
3. Choose a proven endpoint security solution, like Kaspersky Endpoint Security for Business, equipped with behavior-based detection and anomaly control.
4. Employ a dedicated set of endpoint protection, threat detection, and response products for timely identification and remediation of new and evasive threats, such as Kaspersky Optimum Security.
5. Stay informed about actual Tactics, Techniques, and Procedures (TTPs) used by threat actors through the latest Threat Intelligence information.