In 2012 34.7% of Kaspersky Lab’s users were targeted by a web-based attack at least once while browsing the internet. These attacks were successfully detected and prevented by Kaspersky Lab’s web antivirus module.
The percentage of users targeted by web-based attacks is one of the key findings of Kaspersky Lab’s annual Security Bulletin report, which provides the overall malware and cyber-threat statistics for 2012. Compared to 2011 data, the overall global online threat level increased by 2.4 percentage points. Russia and some of the former Soviet Republics were the countries with the most dangerous online environment in 2012.
Local threats (malware found on hard drives or external storage) represent a different picture. Almost 3 billion malicious files were found and blocked, with over 2.7 million unique samples of malware discovered. Among the countries, where users are most frequently attacked with local threats are Bangladesh, Sudan and Malawi.
Read the full Kaspersky Security Bulletin 2012 report
Understanding the difference between online and local threats
The statistics for Kaspersky Lab’s Security Bulletins is sourced from Kaspersky Security Network – the cloud-based security service that delivers information on the latest threats to customers and processes strictly anonymous information about attacks on users to better react to cybercriminal activity.
Currently, the majority of threats are web-based attacks – an incident is registered when Kaspersky Lab’s product finds and blocks malicious URLs, objects on a web page or infected files. A local attack is registered when a malicious file is discovered on internal or external storage of a PC – and infections that spread via USB thumb drives are still commonplace.
The characteristics of local and online attacks are rather different, particularly in terms of geography. Local threats are prevalent in countries with low internet penetration, while online threats prevail in countries where online access is available to the majority of the population. What defines the threat level for each country, though, is not only the affordability of always being online. It is the attitude of users and businesses towards security, and cybercriminals’ interest to attack people in particular a country that matters most.
2012 Evaluation of threat levels by country
Kaspersky Lab uses two different scales to measure threat levels, respectively for ‘online’ and ‘local attacks’ on users. The highest level of online attacks was registered in Russia, but a total number of 31 countries joined in in the highest risk group (41-60% of users attacked in 2012), including UK, Australia, United States, India, Indonesia and Canada. Another 110 countries are in the medium risk group (21-40%), including France, Switzerland, The Netherlands, Brazil and Egypt. Only 10 countries were deemed to have safer online environments (less than 20% of users attacked in 2012), most of them with significantly low online penetration. For example, Democratic Republic of Congo (16.7% of user attacked online in 2012, which is the lowest share worldwide) had only 1.2% of population connected to the Internet in 2011, according to the data from International Telecommunications Union. Examples of countries with high internet penetration, but comparably low intensity of web attacks are Japan (22.8%) and Denmark (21.6%).
Absence of internet connectivity does not mean a lower threat level though. That is the key outcome of the Local Threats statistics, which looks rather different. The leaders in terms of local malware attacks are Bangladesh (with an astounding 99.7% share of users attacked), Sudan, Malawi, and Tanzania. Notable members of the Top 20 list are Bangladesh, Sudan and India: these countries are rated with the highest threat level for both online and local attacks and represent the countries with the most dangerous digital environment in the world. Overall, 7 countries are in the highest risk group (with 75% or more users attacked in 2012). Another 41 countries are in the high risk group (56-75%), including Indonesia, Ethiopia and Kenya. 67 countries were designated as “medium risk”, including China, Russia, Brazil and Spain. 38 countries are in the lowest risk group, with 35% or less users attacked in 2012. The lowest number of local incidents is recorded in Denmark (15%).
While the number of users attacked online grows every year, there is a slow declining trend for local threats. The number of countries with the lowest risk of a local infection grew from 14 in 2011 to 38. These changes are mostly due to cybercriminals less frequently using classic methods of attacks via traditional malware and infected storage.
The 2012 Kaspersky Security Bulletin showed that even in the countries with relatively low intensity of attacks, the risk of being attacked via web or infected storage is still too high. Even in the safest countries one out of every five users encounters some form of cybercriminal activity, which means that using an unprotected computer puts your personal files and even your bank account at high risk. The best advice is to keep your computer guarded by a comprehensive security suite, which is able to repel all kinds of modern cyber threats. It is also necessary to ensure that your system and software is up-to-date, and take precautions when using others’ external storage and going online via public Wi-Fi hotspots or internet cafes.
Costin Raiu, Director of Global Research & Analysis Team
"The most important outcome of our regular analysis of the threat level is that there is no safe place on Earth for computer users. Even in the safest countries every fifth user was attacked at least once by a local or online threat. It means that users and businesses in any country have to understand that there is a need for the proper protection against modern threats".