In 2023, the worldwide number of malware attacks reached 6.06 billion, an increase of 10 percent compared to the preceding year. In recent years, the highest number of malware attacks was detected in 2018, when 10.5 billion such attacks were reported across the globe. Malware attacks worldwide In 2022, worm malware was blocked over 205 million times. Another common malware type during that period, Emotet, primarily targeted the Asia-Pacific region. Overall, websites are the most common vector for malware attacks and recent industry data found that malware attacks were frequently received via exe files. Most targeted industries In 2022, the education sector was heavily targeted by malware, encountering 2,314 weekly attacks on average. Government and military organizations ranked second, followed by the healthcare units. Overall, in 2022, the education sector saw over five million malware attacks in the examined year.

Description

The datasets demonstrate the malware economy and the value chain published in our paper, Malware Finances and Operations: a Data-Driven Study of the Value Chain for Infections and Compromised Access, at the 12th International Workshop on Cyber Crime (IWCC 2023), part of the ARES Conference, published by the International Conference Proceedings Series of the ACM ICPS.

Using the well-documented scripts, it is straightforward to reproduce our findings. It takes an estimated 1 hour of human time and 3 hours of computing time to duplicate our key findings from MalwareInfectionSet; around one hour with VictimAccessSet; and minutes to replicate the price calculations using AccountAccessSet. See the included README.md files and Python scripts.

We choose to represent each victim by a single JavaScript Object Notation (JSON) data file. Data sources provide sets of victim JSON data files from which we've extracted the essential information and omitted Personally Identifiable Information (PII). We collected, curated, and modelled three datasets, which we publish under the Creative Commons Attribution 4.0 International License.

1. MalwareInfectionSet
We discover (and, to the best of our knowledge, document scientifically for the first time) that malware networks appear to dump their data collections online. We collected these infostealer malware logs available for free. We utilise 245 malware log dumps from 2019 and 2020 originating from 14 malware networks. The dataset contains 1.8 million victim files, with a dataset size of 15 GB.

2. VictimAccessSet
We demonstrate how Infostealer malware networks sell access to infected victims. Genesis Market focuses on user-friendliness and continuous supply of compromised data. Marketplace listings include everything necessary to gain access to the victim's online accounts, including passwords and usernames, but also detailed collection of information which provides a clone of the victim's browser session. Indeed, Genesis Market simplifies the import of compromised victim authentication data into a web browser session. We measure the prices on Genesis Market and how compromised device prices are determined. We crawled the website between April 2019 and May 2022, collecting the web pages offering the resources for sale. The dataset contains 0.5 million victim files, with a dataset size of 3.5 GB.

3. AccountAccessSet
The Database marketplace operates inside the anonymous Tor network. Vendors offer their goods for sale, and customers can purchase them with Bitcoins. The marketplace sells online accounts, such as PayPal and Spotify, as well as private datasets, such as driver's licence photographs and tax forms. We then collect data from Database Market, where vendors sell online credentials, and investigate similarly. To build our dataset, we crawled the website between November 2021 and June 2022, collecting the web pages offering the credentials for sale. The dataset contains 33,896 victim files, with a dataset size of 400 MB.

Credits Authors

• Billy Bob Brumley (Tampere University, Tampere, Finland)
• Juha Nurmi (Tampere University, Tampere, Finland)
• Mikko Niemelä (Cyber Intelligence House, Singapore)

Funding

This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme under project numbers 804476 (SCARE) and 952622 (SPIRS).

Alternative links to download: AccountAccessSet, MalwareInfectionSet, and VictimAccessSet.

More than ** percent of computers in Romania were reported as facing at least one malware attack in 2021. The share of mobile devices affected by the virus was smaller, totaling **** percent.

During the third quarter of 2022, over ** percent of all mobile users in Iran were attacked by mobile malware. Yemen ranked second with a ** percent malware encounter rate among mobile audiences. Saudi Arabia came third, with around ** percent of mobile users in the country being attacked by malware.

Symantec Corporation held 77 percent of the Windows anti-malware application market as of May 2023, more than any other vendor. It was followed by Norton 360, with a market share of 15 percent. In 2019, Symantec sold its Enterprise Security software division to Broadcom and renamed the remaining business to NortonLifeLock.

Beware the Trojan horse

Malware is software designed to maliciously interfere with the regular operation of computers or mobiles. This includes the destruction or gathering of data, presenting unwanted advertising, or rendering a device vulnerable to external control. There were 5.5 billion malware attacks in 2022 alone, down from 10.5 billion in 2018.

Trojan horses are the most common methods of infection, in which a user is tricked into downloading malware, disguised as a legitimate product.

Malware targeting Windows

While all users of devices connected to the internet are vulnerable to malware infections, certain systems are more vulnerable. Malware developers target windows-based systems more than any other, with 83.45 percent of newly detected malware programs in the first quarter of 2020 targeting machines running Windows. This is not to say that users of MacOS are immune, with malware such as Flashback, Macontrol, and Shlayer all designed to infect systems running MacOS.