Malware Landscape 2021: A Study of the Scope and Distribution of Malware

Among the major findings in the study, Interisle reports that:

• Malware that exploits Internet of Things (IoT) devices is the fastest growing category of malware. IoT Malware accounted for 56% of the malware reports we collected.

• Mozi malware dominates the IoT malware landscape.

• Information stealers and ransomware account for 40% of malware that exploited user devices such as tablets, mobile phones, laptops, and PCs.

• Malware attackers use fewer domains but to great effect. Phishing attacks and spam campaigns use large numbers of domain names as “bait”. Our data revealed Internet addresses are more frequently identified as serving up malware than domain names but our study data show that domains associated with file sharing or storage services can host thousands of URLs that serve up malware.

• Domains registered in the new Top-level Domains (TLDs) are disproportionately attractive to malware attackers. The new TLDs represent only 6% of the domain name registration market, but they contained 16% of reported malware domains. By contrast, the country code TLDs represent 43% of the market, but contained only 28% of the malware domains.

• Domain registrars with high malware domain counts tend also to have high phishing domain counts.

• Malware attackers extensively misuse file sharing services, code repositories, and storage services. While most uses of anonymous file sharing and code repositories are well-intentioned, malware attackers have used these services to distribute source code, attack code, and files containing compromised credentials or cryptographic keys.

Comments can be submitted to feedback@interisle.net

The opinions, findings, and conclusions or recommendations expressed in this report are the product of independent work conducted by Interisle Consulting Group, without direction or other influence from any outside party, including parties that may have provided funding to support the work.