June 8, 2015 By Shane Schick 2 min read

The rise of smartphones, tablets and other mobile devices may make it seem like they’re the primary target for cybercriminals, but the recent “PandaLabs Report Q1 2015” from Panda Security shows that close to 40 percent of desktop PCs have some form of malware.

Tracking global infection rates for the first quarter of this year, the PandaLabs report showed considerably high instances of malware in many parts of Europe, though it was China that ranked No. 1 worldwide. Overall, the report showed that Trojans made up 76 percent of the malware, compared to a scant 1.7 percent of infections that could be attributed to viruses. In terms of overall volume, however, the research said 20 million new malware samples were introduced over the past three months.

Though the techniques by hackers obviously varied considerably, ITProPortal noted that ransomware attacks were a common theme in the first quarter, as the PandaLabs report documented specific instances targeting the oil and gas sector. Social media scams on popular sites like Facebook, meanwhile, were among the other tactics, and although the most notable stats concerned PCs, there was also mention of SMS malware on Android devices.

On the other hand, TechRadar pointed out that the report didn’t immediately correlate an organization coming into contact with malware with an actual infection. There was also data to suggest that rather than creating entirely new Trojans to steal data or do other kinds of damage, many cybercriminals were simply creating variations on malware that had already been used in other attacks.

The geographic variations in malware activity are also interesting, given some of the more recent governmental efforts to beef up data protection around the world. For example, the PandaLabs report showed the U.S. had a PC infection rate of 34.3 percent. Although this is a lot lower than China at 48 percent or even Turkey at 43 percent, it may explain why, as Infosecurity Magazine suggested, the Obama administration has been making cybersecurity an increasingly important part of its mandates.

As security firm Vigilant Software indicated in a blog post, the only thing organizations can do at this point is keep an eye out for the kind of malware detailed in the report and do their own self-evaluation of how at-risk they may be. Based on this data, there’s a slim chance companies have nothing to worry about.

More from

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol

14 min read - This article was made possible thanks to the hard work of writer Charlotte Hammond and contributions from Ole Villadsen and Kat Metrick. IBM X-Force researchers have been tracking developments to the WailingCrab malware family, in particular, those relating to its C2 communication mechanisms, which include misusing the Internet-of-Things (IoT) messaging protocol MQTT. WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker that X-Force tracks as Hive0133, which overlaps with TA544. WailingCrab…

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

Pentesting vs. Pentesting as a Service: Which is better?

5 min read - In today's quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to an attack. At the same time, a newer entrant into the security arena is Pentesting as a Service (PTaaS). Although PTaaS shares some similarities with pentesting, distinct differences make them two separate solutions. This article will discuss how these methodologies…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today