09.03.2023 | 2 Images

Attacks every few seconds: Around 100 malware variants per minute threaten IT security

G DATA threat report: Attackers rely on phishing and malvertising
G_DATA_KeyVisual_ThreatReport © G DATA CyberDefense AG

This press release has:
Security experts at G DATA CyberDefense identified around 50 million different malware programs in 2022. This is twice the number for 2021, according to the new threat report from G DATA CyberDefense. In addition to phishing, attackers are increasingly using malvertising, i.e. malicious advertising, and search engine poisoning to spread malicious code. In addition, the number of averted cyber attacks rose sharply again in the fourth quarter of 2022.

Press release Plain text

In 2022, cyber criminals released almost 135,000 new variants of their malicious software within one day - more than 93 attack attempts per minute. The criminals are banking on the inability of antivirus solutions to keep up with the fast pace and their failure to detect the new malware variants, allowing them to penetrate the network unhindered. Security analysts identified more than 49 million different malware programs in 2022 - an increase of 107 percent. The number has more than doubled compared to 2021.

A focus on consumers
Current research by G DATA CyberDefense shows that the number of averted cyber attacks increased by more than 15 percent from the third to the fourth quarter. Cyber criminals have increasingly been targeting private users. While the number of averted attacks on companies fell by more than 11 percent within three months, the number of unsuccessful attacks on private individuals increased by a fifth. A major reason for this is that cyber criminals are taking advantage of seasonal events and holidays such as Black Friday or Christmas and luring consumers into traps with fake websites or phishing emails. The aim of this is to copy login data for online banking or to install malware on home computers.

“Cyber criminals work on a seasonal basis and especially focus on consumers at the end of the year,” explains Tim Berghoff, Security Evangelist at G DATA CyberDefense. “Most attacks happen either on the weekend or just before holidays. Companies should not lull themselves into a sense of security - they should continue to work on their IT security strategy. Once again, this includes real-time protection to keep up with the fast pace of the attacks.”

Malware Top 10 - return of the Trojans
Four malware families from last year's ranking are in the Top 10 for 2022. Another change is that, while remote access Trojans especially have been dominating the list in recent years, the picture is now much more diverse. Berbew, Urelas and Vilsel are three Trojans now in the ranking. This continues the trend of combining different malware strains into attack chains in order to maximise profit.

The Malware Top 10 at a glance:
Position  Name Proportion in percent  Type
1 (7)  Shade  15,9  Ransomware
1 (8)  BlackShades  15,9  Remote Access Trojan
3 (-)  Urelas  11,4  Trojan
3 (-)  Berbew  11,4  Trojan
5 (2)  Emotet  9,1  Malware Distributor
6 (-)  Vilsel  7,1  Trojan
7 (-)  DC-RAT  6,9  Remote Access Trojan
8 (-)  Buterat  3,6  Remote Access Trojan
9 (-)  Prepscram  3,0  Software Bundler
10 (1)  Dridex  2,3  Information Stealer
Previous year’s position in brackets

Multiple attack paths lead to the target
Cyber criminals use various methods to infiltrate networks and computers. In addition to classic phishing emails, search engine poisoning and malvertising are currently among the most frequently used attack vectors. This is how phishing mails have been working for more than 30 years - even though private individuals and companies have been using email security and spam filters for just as long. One reason for this is that phishing emails have improved in quality. In addition, the danger from targeted attacks has become greater.

Search engine poisoning is currently a widespread attack method. Cyber criminals use search engine optimisation tactics to ensure that a malicious website ranks high in search engine results. Criminals use trending topics such as upcoming political elections, major sporting events or seasonally recurring events - for example holidays, Black Friday or Valentine's Day. Anyone who clicks on the link in the results lands on a website with malicious code. Alternatively, the cyber criminals try to trick their victims into entering confidential information to use it for identity theft.

There was also a significant increase in infections via malvertising, i.e. malicious advertising. In this method of attack, cyber criminals use a special form of malware that hides behind primed advertising banners. Anyone who clicks on an infected banner downloads the malware onto their computer. However, in addition to this, attackers often exploit security gaps in the browser and/or the operating system to infiltrate malware into the system.

“Users should have an effective security solution installed on their computer to protect themselves from the effects of malvertising or search engine poisoning,” says Tim Berghoff. “Software with real-time protection prevents execution of the malware. It is also important that the antivirus software is always up to date and that updates are installed. The same applies to the firewall, the operating system and the browser being used.”

Even though attacks on companies have recently declined, cyber criminals will continue to attack companies. In doing so, they also apply economic aspects and try to achieve maximum profit with minimum effort. So if companies keep their IT security up to date, patch their systems and increase the security awareness of their employees, attackers will also have to invest more effort into reaching their target. And if this effort exceeds the return, cyber criminals will look for new victims whose systems are easier to beat.

With holistic cyber defence services, G DATA CyberDefense makes you defensible against cybercrime. The renowned IT security company protects with AI technologies, endpoint protection, security monitoring and offers penetration tests, incident response and awareness training in order to secure companies in the best possible way.

G DATA CyberDefense AG supports its customers in every security situation. From the headquarters in Bochum, more than 550 employees ensure the digital security of companies, critical infrastructures such as hospitals or airports as well as millions of private users. With almost 40 years of expertise in malware analysis, G DATA has become a top player in the cybersecurity world and conducts research and software development exclusively in Germany. This also applies to service and support, which is available around the clock for customers all over the world. G DATA security solutions are available in more than 90 countries and have received numerous awards from independent test institutes.

All contents of this press release as .zip:

Direct download

Release text 5219 Characters

Plain text Copy release text

Images (2)

2 362 x 1 240 © G DATA CyberDefense AG
G DATA Security Evangelist Tim Berghoff
5 978 x 3 985 © G DATA CyberDefense


(3) Stefan Karpenstein
Stefan Karpenstein
Public Relations Manager

+49 234 9762 - 517