Interisle study shows unabated malware growth, continued exploitation of IoT devices in 2022

Interisle Consulting Group has published its annual Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study analyzes 2.5 million records of distinct malware events collected by the Cybercrime Information Center to determine what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.

Among the major findings, the study reports that

  • The most frequently reported malware targets Internet of Things devices such as surveillance cameras, sensors, or embedded technologies.

  • Information stealers, ransomware, and backdoors are the most prevalent malicious software that targets tablets, mobile phones, laptops, and PCs.

  • Asia-Pacific networks host most IoT malware. China, India, and Australia represent 81% of malware that targeted IoT devices.

  • Networks in the United States and China host the most endpoint malware and 8 of the 10 registrars with the most malware domains reported are headquartered in North America.

  • Domains registered in the new Top-level Domains (TLDs) are disproportionately attractive to malware attackers. The new TLDs represent only 8% of the domain name registration market, but they contained 24% of reported malware domains. By contrast, the country code TLDs represent 39% of the market, but only 26% of the reported malware domains.

The study also reports that malware attackers made effective use of cloud services, including file sharing services, code repositories, and storage services. Most uses of anonymous file sharing and code repositories are well-intentioned; however, the study data show that malware attackers used these services to distribute source code, attack code, and files containing compromised credentials or cryptographic keys.

For our malware studies, Interisle developed and maintains a taxonomy that is based a classification proposed by the Computer Antivirus Research Organization (CARO). The taxonomy extends that original effort in the context of cybercrimes as defined in the Council of Europe’s Convention on Cybercrime.  

A summary of the study can be found at https://www.cybercrimeinfocenter.org/malware-landscape-2022.

Please submit comments or questions by email to criminaldomainabuse@interisle.net.