According to data compiled and analyzed by Atlas VPN, threat actors attacked businesses more than 722 million times during the last 30 days worldwide. More than 73% of these hacking attempts were malware attacks.
Atlas VPN has retrieved and arranged data from Akamai, a cybersecurity behemoth that delivers real-time data on cyberattacks affecting their business clients. Being one of the world’s largest distributed computing platforms, Akamai catches a considerable number of threats. Currently, they are in charge of servicing between 15% and 30% of all web traffic worldwide. Hence, the real number of harmful threats enterprises face on a daily basis might be drastically higher.
The threat types in the report are divided into three categories: malware, phishing and command and control (C&C) attacks. Most internet users know what malware and phishing attacks are, but that is not necessarily the case for C&C threats.
In short, C&C attacks attempt to take over control of a system and then steal or delete data. C&C attacks can also be used as a part of a phishing scam or a way to infect the network with malware.
Analyzing the attacks
Now, let’s jump back into dissecting the data. As mentioned before, a total of 722 million attacks were mitigated in the last 30 days, which comes out to nearly 23 million threats daily.
Akamai mitigated more than 527 million malware threats in the last 30 days alone. Nearly three-fourths of all threats encountered by companies were malware attacks.
C&C cyberattacks are also a major concern. Threat actors dispatched a total of 157 million C&C attacks, which represents 22% of all threats. On average, enterprises encountered 4.9 million C&C threats daily.
Finally, phishing attacks were found least often, but they still total 28 million attacks per month, or 1.2 million hacking attempts daily. Phishing attacks comprised only 5% of the total volume of threats.
Apart from analyzing the data by totals, percentages and averages, we wanted to find out if global threats follow any type of trend.
Interestingly, it appears that fraudsters and organized crime groups have a similar schedule to the one in regular office jobs: five days on, two off. Yet, their days off are usually on Thursday and Friday. You can see this trend quite clearly by glancing at the second chart.
The highest number of threats mitigated appeared on Nov. 30, 2021, when organized crime groups dispatched 26.84 million hacking attempts.
In contrast, Nov. 11, 2021, was the least active day for threat actors, as mitigated cyberattacks stood at 17.64 million.
Finally, even though the figures are staggering, it only represents a small fraction of the attacks that actually occur on a day-to-day basis globally.
One of the most effective security practices before being attacked
We know that nearly all businesses will be hit by a variety of attacks at one point or another. For some enterprises, a barrage of attacks every single day is the norm.
We assume that most companies provide sufficient security training to their workers. However, we would like to share a less-known security practice that might be one of the most effective ways to increase security awareness within the organization and prevent being attacked.
The name of the game is internal phishing tests.
Don’t wait for your employees to fall for phishing threats. Carry out one or several tests to find out how cautious workers actually are.
Phishing tests can be run by either an in-house team or by hiring a cybersecurity company that specializes in this particular type of vulnerability testing.
Don’t be surprised if more than 10% of employees submit their login credentials to a well-crafted phishing campaign.
Interestingly, even workers who went through a cybersecurity training program are subject to getting duped.
This is why internal phishing tests are so powerful. Falling for a phishing attack is one of the experiences that leaves a long-lasting effect.