{"id":109917,"date":"2023-06-07T08:00:18","date_gmt":"2023-06-07T08:00:18","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/securelist\/?p=109917"},"modified":"2023-06-15T15:40:00","modified_gmt":"2023-06-15T15:40:00","slug":"it-threat-evolution-q1-2023-pc-statistics","status":"publish","type":"post","link":"https:\/\/securelist.com\/it-threat-evolution-q1-2023-pc-statistics\/109917\/","title":{"rendered":"IT threat evolution in Q1 2023. Non-mobile statistics"},"content":{"rendered":"<ul>\n<li><a href=\"https:\/\/securelist.com\/it-threat-evolution-q1-2023\/109838\/\" target=\"_blank\" rel=\"noopener\">IT threat evolution in Q1 2023<\/a><\/li>\n<li><strong>IT threat evolution in Q1 2023. Non-mobile statistics<\/strong><\/li>\n<li><a href=\"https:\/\/securelist.com\/it-threat-evolution-q1-2023-mobile-statistics\/109893\/\" target=\"_blank\" rel=\"noopener\">IT threat evolution in Q1 2023. Mobile statistics<\/a><\/li>\n<\/ul>\n<p><em>These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.<\/em><\/p>\n<h2 id=\"quarterly-figures\">Quarterly figures<\/h2>\n<p>According to Kaspersky Security Network, in Q1 2023:<\/p>\n<ul>\n<li>Kaspersky solutions blocked 865,071,227 attacks launched from online resources across the globe.<\/li>\n<li>Web Anti-Virus detected 246,912,694 unique URLs as malicious.<\/li>\n<li>Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 106,863 unique users.<\/li>\n<li>Ransomware attacks were defeated on the computers of 60,900 unique users.<\/li>\n<li>Our File Anti-Virus detected 43,827,839 unique malicious and potentially unwanted objects.<\/li>\n<\/ul>\n<h2 id=\"financial-threats\">Financial threats<\/h2>\n<h3 id=\"financial-threat-statistics\">Financial threat statistics<\/h3>\n<p>In Q1 2023, Kaspersky solutions blocked the launch of at least one piece of banking malware on the computers of 106,863 unique users.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/9LSpBeIFg6mHgO4eX31H\" data-type=\"interactive\" data-title=\"01 EN Malware report Q1 2023 PC statistics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of unique users attacked by financial malware, Q1 2023 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2023\/06\/06161548\/01-en-malware-report-q1-2023-pc-statistics.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h3 id=\"geography-of-financial-malware-attacks\">Geography of financial malware attacks<\/h3>\n<p><em>To evaluate and compare the risk of being infected by banking Trojans or ATM\/POS malware worldwide, for each country and territory, we calculated the share of Kaspersky users who faced this threat during the reporting period as a percentage of all users of our products in that country or territory.<\/em><\/p>\n<p><strong>TOP 10 countries\/territories by share of attacked users<\/strong><\/p>\n<table width=\"100%%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"50%\"><strong>Country\/territory*<\/strong><\/td>\n<td width=\"45%\"><strong>%**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Turkmenistan<\/td>\n<td>4.7<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Afghanistan<\/td>\n<td>4.6<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Paraguay<\/td>\n<td>2.8<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Tajikistan<\/td>\n<td>2.8<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Yemen<\/td>\n<td>2.3<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Sudan<\/td>\n<td>2.3<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>China<\/td>\n<td>2.0<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Switzerland<\/td>\n<td>2.0<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Egypt<\/td>\n<td>1.9<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Venezuela<\/td>\n<td>1.8<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Excluded are countries\/territories with relatively few Kaspersky users (under 10,000).<\/em><br \/>\n<em>** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country\/territory.<\/em><\/p>\n<p><strong>TOP 10 banking malware families<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"30%\"><strong>Name<\/strong><\/td>\n<td width=\"50%\"><strong>Verdicts<\/strong><\/td>\n<td width=\"15%\"><strong>%*<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Ramnit\/Nimnul<\/td>\n<td>Trojan-Banker.Win32.Ramnit<\/td>\n<td>28.9<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Emotet<\/td>\n<td>Trojan-Banker.Win32.Emotet<\/td>\n<td>19.5<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Zbot\/Zeus<\/td>\n<td>Trojan-Banker.Win32.Zbot<\/td>\n<td>18.3<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Trickster\/Trickbot<\/td>\n<td>Trojan-Banker.Win32.Trickster<\/td>\n<td>6.5<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>CliptoShuffler<\/td>\n<td>Trojan-Banker.Win32.CliptoShuffler<\/td>\n<td>5.9<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Danabot<\/td>\n<td>Trojan-Banker.Win32.Danabot<\/td>\n<td>2.3<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>IcedID<\/td>\n<td>Trojan-Banker.Win32.IcedID<\/td>\n<td>1.9<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>SpyEyes<\/td>\n<td>Trojan-Spy.Win32.SpyEye<\/td>\n<td>1.6<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Gozi<\/td>\n<td>Trojan-Banker.Win32.Gozi<\/td>\n<td>1.1<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Qbot\/Qakbot<\/td>\n<td>Trojan-Banker.Win32.Qbot<\/td>\n<td>1.1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Unique users who encountered this malware family as a percentage of all users attacked by financial malware.<\/em><\/p>\n<h2 id=\"ransomware-programs\">Ransomware programs<\/h2>\n<h3 id=\"quarterly-trends-and-highlights\">Quarterly trends and highlights<\/h3>\n<h4 id=\"attacks-on-linux-and-vmware-esxi-servers\">Attacks on Linux and VMWare ESXi servers<\/h4>\n<p>An increasing number of ransomware families are extending their attack surfaces by adding support for operating systems other than Windows, which they have targeted traditionally. In Q1 2023, we discovered builds from several ransomware families intended for running on Linux and VMWare ESXi servers, namely: ESXiArgs (new family), Nevada (a rebranding of Nokoyawa, which is written in Rust), Royal, IceFire.<\/p>\n<p>Thus, the arsenals of most professional extortion groups today include ransomware builds designed for several platforms, thus maximizing the damage they can cause to their victims.<\/p>\n<h4 id=\"progress-in-combating-cybercrime\">Progress in combating cybercrime<\/h4>\n<p><a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/cybercriminals-stung-hive-infrastructure-shut-down\" target=\"_blank\" rel=\"noopener\">Europol<\/a> and the <a href=\"https:\/\/www.justice.gov\/opa\/pr\/us-department-justice-disrupts-hive-ransomware-variant\" target=\"_blank\" rel=\"noopener\">U.S. Department of Justice<\/a> announced that as a result of a joint operation with the FBI that started in July 2022, the FBI penetrated networks belonging to the Hive group and obtained decryption keys for more than 1,300 victims. The law enforcement agencies also obtained information about 250 Hive affiliates and seized several servers belonging to the group.<\/p>\n<p>The Netherlands Police <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/dutch-police-arrest-three-ransomware-actors-extorting-25-million\/\" target=\"_blank\" rel=\"noopener\">arrested<\/a> <a href=\"https:\/\/www.politie.nl\/nieuws\/2023\/februari\/23\/05-drie-mannen-aangehouden-in-onderzoek-naar-grootschalige-internationale-datadiefstal-en-datahandel.html\" target=\"_blank\" rel=\"noopener\">three individuals<\/a> suspected of stealing confidential data and extorting \u20ac100,000 to \u20ac700,000 from each victim company.<\/p>\n<p>Europol <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/germany-and-ukraine-hit-two-high-value-ransomware-targets\" target=\"_blank\" rel=\"noopener\">announced<\/a> it had arrested two suspected core members of DoppelPaymer during a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/core-doppelpaymer-ransomware-gang-members-targeted-in-europol-operation\/\" target=\"_blank\" rel=\"noopener\">joint operation<\/a> with the FBI and the law enforcement agencies of Germany, Ukraine, and the Netherlands. The team also seized hardware, which the law enforcement agencies will inspect during further investigation.<\/p>\n<h4 id=\"conti-based-trojan-decrypted\">Conti-based Trojan decrypted<\/h4>\n<p>Kaspersky analysts <a href=\"https:\/\/usa.kaspersky.com\/about\/press-releases\/2023_kaspersky-releases-tool-for-decrypting-conti-based-ransomware\" target=\"_blank\" rel=\"noopener\">released<\/a> a utility for decrypting files affected by a Trojan known to researchers as MeowCorp. The malware was compiled from Conti source code, which was published last year. An archive containing the secret keys, 258 in all, was posted on an online forum. We added these, along with data decryption code, to the <a href=\"https:\/\/support.kaspersky.com\/common\/disinfection\/10556\" target=\"_blank\" rel=\"noopener\">latest version of RakhniDecryptor<\/a>.<\/p>\n<h2 id=\"most-prolific-groups\">Most prolific groups<\/h2>\n<p>This section looks at ransomware groups that engage in so-called &#8220;double extortion&#8221;, that is stealing confidential data in addition to encrypting it. Most of these groups target large companies, and many maintain a DLS (data leak site), where they publish a list of organizations they have attacked. The diagram below reflects the most prolific extortion gangs, that is, the ones that added the largest numbers of victims to their DLSs.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/JTSFtkEc35aedGSQQbsm\" data-type=\"interactive\" data-title=\"02 EN Malware report Q1 2023 PC statistics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Most prolific ransomware gangs. The diagram shows each group&#8217;s share of victims out of the total number of victims published on all the groups&#8217; DLSs in Q1 2023 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2023\/06\/06161701\/02-en-malware-report-q1-2023-pc-statistics.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h3 id=\"number-of-new-modifications\">Number of new modifications<\/h3>\n<p>In Q1 2023, we detected nine new ransomware families and 3089 new modifications of the malware of this type.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/bVZUIiy5GvqeHkZ0N7dP\" data-type=\"interactive\" data-title=\"03 EN-RU-ES Malware report Q1 2023 PC statistics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of new ransomware modifications, Q1\u00a02022\u00a0\u2014 Q1\u00a02023 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2023\/06\/06161738\/03-en-ru-es-malware-report-q1-2023-pc-statistics.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h3 id=\"number-of-users-attacked-by-ransomware-trojans\">Number of users attacked by ransomware Trojans<\/h3>\n<p>In Q1 2023, Kaspersky products and technologies protected 60,900 users from ransomware attacks.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/XXvc8wFslSWpyW96dF7Y\" data-type=\"interactive\" data-title=\"04 EN Malware report Q1 2023 PC statistics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of unique users attacked by ransomware Trojans, Q1 2023 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2023\/06\/06161811\/04-en-malware-report-q1-2023-pc-statistics.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h3 id=\"geography-of-attacked-users\">Geography of attacked users<\/h3>\n<p><strong>TOP 10 countries\/territories attacked by ransomware Trojans<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"50%\"><strong>Country\/territory*<\/strong><\/td>\n<td width=\"45%\"><strong>%**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Yemen<\/td>\n<td>1.50<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Bangladesh<\/td>\n<td>1.47<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Taiwan<\/td>\n<td>0.65<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Mozambique<\/td>\n<td>0.59<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Pakistan<\/td>\n<td>0.47<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>South Korea<\/td>\n<td>0.42<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Venezuela<\/td>\n<td>0.32<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Iraq<\/td>\n<td>0.30<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Nigeria<\/td>\n<td>0.30<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Libya<\/td>\n<td>0.26<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Excluded are countries\/territories with relatively few Kaspersky users (under 50,000).<\/em><br \/>\n<em>** Unique users whose computers were attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country\/territory.<\/em><\/p>\n<h3 id=\"top-10-most-common-families-of-ransomware-trojans\">TOP 10 most common families of ransomware Trojans<\/h3>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"30%\"><strong>Name<\/strong><\/td>\n<td width=\"50%\"><strong>Verdicts*<\/strong><\/td>\n<td width=\"15%\"><strong>Percentage of attacked users**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Magniber<\/td>\n<td>Trojan-Ransom.Win64.Magni \/ Trojan-Ransom.Win32.Magni<\/td>\n<td>15.73<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>WannaCry<\/td>\n<td>Trojan-Ransom.Win32.Wanna<\/td>\n<td>12.40<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>(generic verdict)<\/td>\n<td>Trojan-Ransom.Win32.Gen<\/td>\n<td>12.27<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>(generic verdict)<\/td>\n<td>Trojan-Ransom.Win32.Encoder<\/td>\n<td>8.77<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>(generic verdict)<\/td>\n<td>Trojan-Ransom.Win32.Agent<\/td>\n<td>6.65<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>(generic verdict)<\/td>\n<td>Trojan-Ransom.Win32.Phny<\/td>\n<td>6.52<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Stop\/Djvu<\/td>\n<td>Trojan-Ransom.Win32.Stop<\/td>\n<td>5.90<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>PolyRansom\/VirLock<\/td>\n<td>Trojan-Ransom.Win32.PolyRansom \/ Virus.Win32.PolyRansom<\/td>\n<td>3.74<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>(generic verdict)<\/td>\n<td>Trojan-Ransom.Win32.Crypren<\/td>\n<td>3.52<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>(generic verdict)<\/td>\n<td>Trojan-Ransom.Win32.CryFile<\/td>\n<td>2.06<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Statistics are based on detection verdicts of Kaspersky products. The information was provided by Kaspersky product users who consented to providing statistical data.<\/em><br \/>\n<em>** Unique Kaspersky users attacked by specific ransomware Trojan families as a percentage of all unique users attacked by ransomware Trojans.<\/em><\/p>\n<h2 id=\"miners\">Miners<\/h2>\n<h3 id=\"number-of-new-miner-modifications\">Number of new miner modifications<\/h3>\n<p>In Q1 2023, Kaspersky solutions detected 1733 new modifications of miners.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/v7PtIuz3Q41femrC6HrF\" data-type=\"interactive\" data-title=\"05 EN Malware report Q1 2023 PC statistics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of new miner modifications, Q1 2023 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2023\/06\/06161841\/05-en-malware-report-q1-2023-pc-statistics.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h3 id=\"number-of-users-attacked-by-miners\">Number of users attacked by miners<\/h3>\n<p>In Q1, we detected attacks using miners on the computers of 403,211 unique users of Kaspersky products worldwide.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/EBjeATbxRorPNVKim4F1\" data-type=\"interactive\" data-title=\"06 EN Malware report Q1 2023 PC statistics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of unique users attacked by miners, Q1 2023 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2023\/06\/06161916\/06-en-malware-report-q1-2023-pc-statistics.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h3 id=\"geography-of-miner-attacks\">Geography of miner attacks<\/h3>\n<p><strong>TOP 10 countries\/territories attacked by miners<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"50%\"><strong>Country\/territory*<\/strong><\/td>\n<td width=\"45%\"><strong>%**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Tajikistan<\/td>\n<td>2.87<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Kazakhstan<\/td>\n<td>2.52<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Uzbekistan<\/td>\n<td>2.30<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Kyrgyzstan<\/td>\n<td>2.18<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Belarus<\/td>\n<td>1.80<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Venezuela<\/td>\n<td>1.77<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Ethiopia<\/td>\n<td>1.73<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Ukraine<\/td>\n<td>1.73<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Mozambique<\/td>\n<td>1.63<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Rwanda<\/td>\n<td>1.50<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Excluded are countries\/territories with relatively few users of Kaspersky products (under 50,000).<\/em><br \/>\n<em>** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country\/territory.<\/em><\/p>\n<h2 id=\"vulnerable-applications-used-in-cyberattacks\">Vulnerable applications used in cyberattacks<\/h2>\n<h3 id=\"quarterly-highlights\">Quarterly highlights<\/h3>\n<p>Q1 2023 saw a number of Windows vulnerabilities remediated and published. Some of those were the following:<\/p>\n<ul>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2023-23397\" target=\"_blank\" rel=\"noopener\">CVE-2023-23397<\/a>: probably the most high-profile vulnerability, which provoked much online debate and discussion. This Windows vulnerability allows starting automatic authentication on behalf of the user on a host running Outlook.<\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2023-21674\" target=\"_blank\" rel=\"noopener\">CVE-2023-21674<\/a>: a vulnerability in the ALPC subsystem that allows a malicious actor to escalate their privileges to system level.<\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2023-21823\" target=\"_blank\" rel=\"noopener\">CVE-2023-21823<\/a>: a Windows Graphics Component vulnerability that allows running commands in the system on behalf of the user. This can be reproduced both in Windows desktop versions of Microsoft Office and in mobile (iOS and Android) versions.<\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2023-23376\" target=\"_blank\" rel=\"noopener\">CVE-2023-23376<\/a>: a Common Log File System Driver vulnerability that allows escalating privileges to system level.<\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2023-21768\" target=\"_blank\" rel=\"noopener\">\u0421VE-2023-21768<\/a>: a vulnerability in the Ancillary Function Driver for WinSock that allows obtaining system privileges.<\/li>\n<\/ul>\n<p>A Microsoft fix for each of the vulnerabilities is out, and we strongly encourage you to install all the relevant patches.<\/p>\n<p>The main network threats in Q1 2023 were <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/brute-force\/?utm_source=securelist&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"noopener\">brute-force<\/a> attacks on MSSQL and RDP services. EternalBlue and EternalRomance remained popular exploits for operating system vulnerabilities. We detected notably large numbers of attacks and scans that targeted log4j-type vulnerabilities (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve-2021-44228\" target=\"_blank\" rel=\"noopener\">CVE-2021-44228<\/a>).<\/p>\n<h3 id=\"vulnerability-statistics\">Vulnerability statistics<\/h3>\n<p>In Q1 2023, Kaspersky products detected more than 300,000 exploitation attempts, most of these using Microsoft Office exploits. Their share was 78.96%, down by just 1\u00a0p.p. from the previous quarter. The most-exploited vulnerabilities in that category were the following:<\/p>\n<ul>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-11882\" target=\"_blank\" rel=\"noopener\">CVE-2017-11882<\/a> and <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-0802\" target=\"_blank\" rel=\"noopener\">CVE-2018-0802<\/a>: Equation Editor vulnerabilities that allow corrupting application memory during formula processing to then run arbitrary code in the system.<\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-0199\" target=\"_blank\" rel=\"noopener\">CVE-2017-0199<\/a> that allows using MS Office to load malicious scripts.<\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-8570\" target=\"_blank\" rel=\"noopener\">CVE-2017-8570<\/a> that allows loading malicious HTA scripts into the system.<\/li>\n<\/ul>\n<p>The second most-exploited category were browser vulnerabilities (7.07%), their share growing by 1 p.p. We did not discover any new browser vulnerabilities exploited by malicious actors in the wild. Q2 2023 might bring something new.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/9HVK9GhSHeL2W5bJfrsm\" data-type=\"interactive\" data-title=\"07 EN Malware report Q1 2023 PC statistics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Distribution of exploits used by cybercriminals by type of attacked application, Q1 2023 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2023\/06\/06162000\/07-en-malware-report-q1-2023-pc-statistics.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>Android (4.04%) and Java (3.93%) were third and fourth, respectively. Android exploits lost 1 p.p. during the period, whereas the share of Java exploits remained unchanged. The fifth- and sixth-place scores \u2014 Adobe Flash (3.49%) and PDF (2.52%) \u2014 were very close to the previous quarter&#8217;s figures as well.<\/p>\n<h2 id=\"attacks-on-macos\">Attacks on macOS<\/h2>\n<p>The first quarter&#8217;s high-profile event was a <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/3cx-supply-chain-attack\" target=\"_blank\" rel=\"noopener\">supply-chain attack on the 3CX app<\/a>, including the macOS version. Hackers were able to embed malicious code into the libffmpeg media processing library to download a payload from their servers.<\/p>\n<p>Worth noting is the <a href=\"https:\/\/www.uptycs.com\/blog\/macstealer-command-and-control-c2-malware\" target=\"_blank\" rel=\"noopener\">MacStealer spy program<\/a>, also discovered in Q1 2023, which stole cookies from the victim&#8217;s browser, as well as account details and cryptowallet passwords.<\/p>\n<p><strong>TOP 20 threats for macOS<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"60%\"><strong>Verdict<\/strong><\/td>\n<td width=\"35%\"><strong>%*<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>AdWare.OSX.Pirrit.ac<\/td>\n<td>11.87<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>AdWare.OSX.Amc.e<\/td>\n<td>8.41<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>AdWare.OSX.Pirrit.j<\/td>\n<td>7.98<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>AdWare.OSX.Agent.ai<\/td>\n<td>7.58<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Monitor.OSX.HistGrabber.b<\/td>\n<td>6.64<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>AdWare.OSX.Bnodlero.ax<\/td>\n<td>6.12<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>AdWare.OSX.Pirrit.ae<\/td>\n<td>5.77<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>AdWare.OSX.Agent.gen<\/td>\n<td>4.98<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Hoax.OSX.MacBooster.a<\/td>\n<td>4.76<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Trojan-Downloader.OSX.Agent.h<\/td>\n<td>4.66<\/td>\n<\/tr>\n<tr>\n<td>11<\/td>\n<td>AdWare.OSX.Pirrit.o<\/td>\n<td>3.63<\/td>\n<\/tr>\n<tr>\n<td>12<\/td>\n<td>Backdoor.OSX.Twenbc.g<\/td>\n<td>3.52<\/td>\n<\/tr>\n<tr>\n<td>13<\/td>\n<td>AdWare.OSX.Bnodlero.bg<\/td>\n<td>3.32<\/td>\n<\/tr>\n<tr>\n<td>14<\/td>\n<td>AdWare.OSX.Pirrit.aa<\/td>\n<td>3.20<\/td>\n<\/tr>\n<tr>\n<td>15<\/td>\n<td>Backdoor.OSX.Twenbc.h<\/td>\n<td>3.14<\/td>\n<\/tr>\n<tr>\n<td>16<\/td>\n<td>AdWare.OSX.Pirrit.gen<\/td>\n<td>3.14<\/td>\n<\/tr>\n<tr>\n<td>17<\/td>\n<td>Downloader.OSX.InstallCore.ak<\/td>\n<td>2.37<\/td>\n<\/tr>\n<tr>\n<td>18<\/td>\n<td>Trojan-Downloader.OSX.Lador.a<\/td>\n<td>2.03<\/td>\n<\/tr>\n<tr>\n<td>19<\/td>\n<td>RiskTool.OSX.Spigot.a<\/td>\n<td>1.92<\/td>\n<\/tr>\n<tr>\n<td>20<\/td>\n<td>Trojan.OSX.Agent.gen<\/td>\n<td>1.88<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Unique users who encountered this malware as a percentage of all users of Kaspersky security products for macOS who were attacked.<\/em><\/p>\n<p>Adware remained the most widespread threat to macOS users. In addition to that, we frequently came across all kinds of system &#8220;cleaners&#8221; and &#8220;optimizers&#8221;, many of these containing highly annoying ads or classic scams, where users were offered to buy solutions to problems that did not exist.<\/p>\n<h3 id=\"geography-of-threats-for-macos\">Geography of threats for macOS<\/h3>\n<p><strong>\u0422\u041e\u0420 10 countries\/territories by share of attacked users<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"60%\"><strong>Country\/territory*<\/strong><\/td>\n<td width=\"35%\"><strong>%**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Italy<\/td>\n<td>1.43<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Spain<\/td>\n<td>1.39<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>France<\/td>\n<td>1.37<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Russian Federation<\/td>\n<td>1.29<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Mexico<\/td>\n<td>1.20<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Canada<\/td>\n<td>1.18<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>United States<\/td>\n<td>1.16<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>United Kingdom<\/td>\n<td>0.98<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Australia<\/td>\n<td>0.87<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Brazil<\/td>\n<td>0.81<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Excluded from the rankings are countries\/territories with relatively few users of Kaspersky security solutions for macOS (under 10,000).<\/em><br \/>\n<em>** Unique attacked users as a percentage of all users of Kaspersky macOS security products in the country\/territory.<\/em><\/p>\n<p>Italy (1.43%) and Spain (1.39%) became the leaders by number of attacked users, as France (1.37%), Russia (1.29%) and Canada (1.18%) lost a few percentage points. Overall, the percentage of attacked users in the TOP 10 countries did not change much.<\/p>\n<h2 id=\"iot-attacks\">IoT attacks<\/h2>\n<h3 id=\"iot-threat-statistics\">IoT threat statistics<\/h3>\n<p>In Q3\u00a02023, a majority of the devices that attacked Kaspersky honeypots still used the Telnet protocol, but its popularity decreased somewhat from the previous quarter.<\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"50%\">Telnet<\/td>\n<td width=\"50%\">69.2%<\/td>\n<\/tr>\n<tr>\n<td>SSH<\/td>\n<td>30.8%<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center\"><em>Distribution of attacked services by number of unique IP addresses of attacking devices, Q1 2023<\/em><\/p>\n<p>In terms of session numbers, Telnet accounted for the absolute majority.<\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"50%\">Telnet<\/td>\n<td width=\"50%\">97.8%<\/td>\n<\/tr>\n<tr>\n<td>SSH<\/td>\n<td>2.2%<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center\"><em>Distribution of cybercriminal working sessions with Kaspersky traps, Q1 2023<\/em><\/p>\n<p><strong>TOP 10 countries\/territories as sources of SSH attacks<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"40%\"><strong>Country\/territory<\/strong><\/td>\n<td width=\"30%\"><strong>%* (Q4 2022)<\/strong><\/td>\n<td width=\"30%\"><strong>%* (Q1 2023)<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Taiwan<\/td>\n<td>1.60<\/td>\n<td>12.13<\/td>\n<\/tr>\n<tr>\n<td>United States<\/td>\n<td>19.11<\/td>\n<td>12.05<\/td>\n<\/tr>\n<tr>\n<td>South Korea<\/td>\n<td>3.32<\/td>\n<td>7.64<\/td>\n<\/tr>\n<tr>\n<td>Mainland China<\/td>\n<td>8.45<\/td>\n<td>6.80<\/td>\n<\/tr>\n<tr>\n<td>Brazil<\/td>\n<td>5.10<\/td>\n<td>5.08<\/td>\n<\/tr>\n<tr>\n<td>India<\/td>\n<td>6.26<\/td>\n<td>4.45<\/td>\n<\/tr>\n<tr>\n<td>Germany<\/td>\n<td>6.20<\/td>\n<td>4.00<\/td>\n<\/tr>\n<tr>\n<td>Vietnam<\/td>\n<td>2.18<\/td>\n<td>3.95<\/td>\n<\/tr>\n<tr>\n<td>Singapore<\/td>\n<td>6.63<\/td>\n<td>3.63<\/td>\n<\/tr>\n<tr>\n<td>Russian Federation<\/td>\n<td>3.33<\/td>\n<td>3.36<\/td>\n<\/tr>\n<tr>\n<td>Other<\/td>\n<td>37.81<\/td>\n<td>36.91<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Unique IP addresses located in a country\/territory as a percentage of all unique IP addresses where SSH attacks on Kaspersky honeypots originated.<\/em><\/p>\n<p>The APAC countries\/territories and the U.S. remained the main sources of SSH attacks in Q1 2023.<\/p>\n<p><strong>TOP 10 countries\/territories as sources of Telnet attacks<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"40%\"><strong>Country\/territory<\/strong><\/td>\n<td width=\"30%\"><strong>%* (Q4 2022)<\/strong><\/td>\n<td width=\"30%\"><strong>%* (Q1 2023)<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Mainland China<\/td>\n<td>46.90<\/td>\n<td>39.92<\/td>\n<\/tr>\n<tr>\n<td>India<\/td>\n<td>6.61<\/td>\n<td>12.06<\/td>\n<\/tr>\n<tr>\n<td>Taiwan<\/td>\n<td>6.37<\/td>\n<td>7.51<\/td>\n<\/tr>\n<tr>\n<td>Brazil<\/td>\n<td>3.31<\/td>\n<td>4.92<\/td>\n<\/tr>\n<tr>\n<td>Russian Federation<\/td>\n<td>4.53<\/td>\n<td>4.82<\/td>\n<\/tr>\n<tr>\n<td>United States<\/td>\n<td>4.33<\/td>\n<td>4.30<\/td>\n<\/tr>\n<tr>\n<td>South Korea<\/td>\n<td>7.39<\/td>\n<td>2.59<\/td>\n<\/tr>\n<tr>\n<td>Iran<\/td>\n<td>1.05<\/td>\n<td>1.50<\/td>\n<\/tr>\n<tr>\n<td>Pakistan<\/td>\n<td>1.40<\/td>\n<td>1.41<\/td>\n<\/tr>\n<tr>\n<td>Kenya<\/td>\n<td>0.06<\/td>\n<td>1.39<\/td>\n<\/tr>\n<tr>\n<td>Other<\/td>\n<td>18.04<\/td>\n<td>19.58<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Unique IP addresses located in a country\/territory as a percentage of all unique IP addresses where Telnet attacks on Kaspersky honeypots originated.<\/em><\/p>\n<p>Mainland China (39.92%) remained the largest source of Telnet attacks, with India&#8217;s (12.06%) and Kenya&#8217;s (1.39%) contributions increasing significantly. The share of attacks that originated in South Korea (2.59%) decreased.<\/p>\n<p><strong>TOP 10 threats delivered to IoT devices via Telnet<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"65\"><strong>Verdict<\/strong><\/td>\n<td width=\"30%\"><strong>%*<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Trojan-Downloader.Linux.NyaDrop.b<\/td>\n<td>41.39%<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Backdoor.Linux.Mirai.b<\/td>\n<td>18.82%<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Backdoor.Linux.Mirai.cw<\/td>\n<td>9.63%<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Backdoor.Linux.Mirai.ba<\/td>\n<td>6.18%<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Backdoor.Linux.Gafgyt.a<\/td>\n<td>2.64%<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Backdoor.Linux.Mirai.fg<\/td>\n<td>2.25%<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Backdoor.Linux.Mirai.ew<\/td>\n<td>1.89%<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Trojan-Downloader.Shell.Agent.p<\/td>\n<td>1.77%<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Backdoor.Linux.Gafgyt.bj<\/td>\n<td>1.24%<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Trojan-Downloader.Linux.Mirai.d<\/td>\n<td>1.23%<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Share of each threat delivered to infected devices as a result of a successful Telnet attack out of the total number of delivered threats.<\/em><\/p>\n<h2 id=\"attacks-via-web-resources\">Attacks via web resources<\/h2>\n<p><em>The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious\/infected web pages. Cybercriminals create these sites on purpose; they can infect hacked legitimate resources as well as web resources with user-created content, such as forums.<\/em><\/p>\n<h3 id=\"countries-territories-that-serve-as-sources-of-web-based-attacks-top-10\">Countries\/territories that serve as sources of web-based attacks: TOP 10<\/h3>\n<p><em>The following statistics show the distribution by country\/territory of the sources of internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites hosting malicious programs, botnet C&amp;C centers, etc.). Any unique host could be the source of one or more web-based attacks.<\/em><\/p>\n<p><em>To determine the geographic source of web attacks, the GeoIP technique was used to match the domain name to the real IP address at which the domain is hosted.<\/em><\/p>\n<p>In Q1 2023, Kaspersky solutions blocked 865,071,227 attacks launched from online resources across the globe. A total of 246,912,694 unique URLs were detected as malicious by Web Anti-Virus.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/eMlSJZdxtyMiRMuLOXWa\" data-type=\"interactive\" data-title=\"08 EN Malware report Q1 2023 PC statistics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Distribution of web-attack sources across countries, Q1 2022 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2023\/06\/06162039\/08-en-malware-report-q1-2023-pc-statistics.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h3 id=\"countries-territories-where-users-faced-the-greatest-risk-of-online-infection\">Countries\/territories where users faced the greatest risk of online infection<\/h3>\n<p>To assess the risk of online infection faced by users in various countries\/territories, we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered at least once during the quarter in each country\/territory. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in various countries.<\/p>\n<p>Note that these rankings only include attacks by malicious objects that fall under the <em><strong>Malware<\/strong> class;<\/em> they do not include Web Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware.<\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"50%\"><strong>Country\/territory*<\/strong><\/td>\n<td width=\"45%\"><strong>%**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Turkey<\/td>\n<td>16.88<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Taiwan<\/td>\n<td>16.01<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Algeria<\/td>\n<td>15.95<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Palestine<\/td>\n<td>15.30<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Albania<\/td>\n<td>14.95<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Yemen<\/td>\n<td>14.94<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Serbia<\/td>\n<td>14.54<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Tunisia<\/td>\n<td>14.13<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>South Korea<\/td>\n<td>13.98<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Libya<\/td>\n<td>13.93<\/td>\n<\/tr>\n<tr>\n<td>11<\/td>\n<td>Sri Lanka<\/td>\n<td>13.85<\/td>\n<\/tr>\n<tr>\n<td>12<\/td>\n<td>Greece<\/td>\n<td>13.53<\/td>\n<\/tr>\n<tr>\n<td>13<\/td>\n<td>Syria<\/td>\n<td>13.51<\/td>\n<\/tr>\n<tr>\n<td>14<\/td>\n<td>Nepal<\/td>\n<td>13.10<\/td>\n<\/tr>\n<tr>\n<td>15<\/td>\n<td>Bangladesh<\/td>\n<td>12.92<\/td>\n<\/tr>\n<tr>\n<td>16<\/td>\n<td>Georgia<\/td>\n<td>12.85<\/td>\n<\/tr>\n<tr>\n<td>17<\/td>\n<td>Morocco<\/td>\n<td>12.80<\/td>\n<\/tr>\n<tr>\n<td>18<\/td>\n<td>Moldova<\/td>\n<td>12.73<\/td>\n<\/tr>\n<tr>\n<td>19<\/td>\n<td>Lithuania<\/td>\n<td>12.61<\/td>\n<\/tr>\n<tr>\n<td>20<\/td>\n<td>Bahrein<\/td>\n<td>12.39<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Excluded are countries\/territories with relatively few Kaspersky users (under 10,000).<\/em><br \/>\n<em>** Unique users targeted by <strong>Malware<\/strong>-class attacks as a percentage of all unique users of Kaspersky products in the country\/territory.<\/em><\/p>\n<p>On average during the quarter, 9.73% of internet users&#8217; computers worldwide were subjected to at least one <strong>Malware<\/strong>-class web attack.<\/p>\n<h2 id=\"local-threats\">Local threats<\/h2>\n<p><em>In this section, we analyze statistical data obtained from the OAS and ODS modules of Kaspersky products. It takes into account malicious programs that were found directly on users&#8217; computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.).<\/em><\/p>\n<p>In Q1 2023, our File Anti-Virus detected 43,827,839 malicious and potentially unwanted objects.<\/p>\n<h3 id=\"countries-and-territories-where-users-faced-the-highest-risk-of-local-infection\">Countries and territories where users faced the highest risk of local infection<\/h3>\n<p>For each country\/territory, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries\/territories.<\/p>\n<p>These rankings only include attacks by malicious programs that fall under the <strong>Malware<\/strong> class; they do not include File Anti-Virus triggerings in response to potentially dangerous or unwanted programs, such as RiskTool or adware.<\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"5%\"><\/td>\n<td width=\"50%\"><strong>Country\/territory*<\/strong><\/td>\n<td width=\"45%\"><strong>%**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Yemen<\/td>\n<td>45.38<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Turkmenistan<\/td>\n<td>44.68<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Afghanistan<\/td>\n<td>43.64<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Tajikistan<\/td>\n<td>42.57<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Cuba<\/td>\n<td>36.01<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Burundi<\/td>\n<td>35.20<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Syria<\/td>\n<td>35.17<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Bangladesh<\/td>\n<td>35.07<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Myanmar<\/td>\n<td>34.98<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Uzbekistan<\/td>\n<td>34.22<\/td>\n<\/tr>\n<tr>\n<td>11<\/td>\n<td>South Sudan<\/td>\n<td>34.06<\/td>\n<\/tr>\n<tr>\n<td>12<\/td>\n<td>Rwanda<\/td>\n<td>34.01<\/td>\n<\/tr>\n<tr>\n<td>13<\/td>\n<td>Algeria<\/td>\n<td>33.94<\/td>\n<\/tr>\n<tr>\n<td>14<\/td>\n<td>Guinea<\/td>\n<td>33.74<\/td>\n<\/tr>\n<tr>\n<td>15<\/td>\n<td>Cameroon<\/td>\n<td>33.09<\/td>\n<\/tr>\n<tr>\n<td>16<\/td>\n<td>Sudan<\/td>\n<td>33.06<\/td>\n<\/tr>\n<tr>\n<td>17<\/td>\n<td>Chad<\/td>\n<td>33.06<\/td>\n<\/tr>\n<tr>\n<td>18<\/td>\n<td>Tanzania<\/td>\n<td>32.50<\/td>\n<\/tr>\n<tr>\n<td>19<\/td>\n<td>Benin<\/td>\n<td>32.42<\/td>\n<\/tr>\n<tr>\n<td>20<\/td>\n<td>Malawi<\/td>\n<td>31.93<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Excluded are countries\/territories with relatively few Kaspersky users (under 10,000).<\/em><br \/>\n<em>** Unique users on whose computers <strong>Malware<\/strong>-class local threats were blocked, as a percentage of all unique users of Kaspersky products in the country\/territory.<\/em><\/p>\n<p>On average worldwide, Malware-class local threats were registered on 15.22% of users&#8217; computers at least once during Q3.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>PC malware statistics for the Q1 2023 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.<\/p>\n","protected":false},"author":2487,"featured_media":109921,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[919],"tags":[113,1037,561,556,458,86,932,37,933,121,544,219,41,117],"banners":"","hreflang":[{"hreflang":"x-default","url":"https:\/\/securelist.com\/it-threat-evolution-q1-2023-pc-statistics\/109917\/"},{"hreflang":"ru","url":"https:\/\/securelist.ru\/it-threat-evolution-q1-2023-pc-statistics\/107526\/"},{"hreflang":"es","url":"https:\/\/securelist.lat\/it-threat-evolution-q1-2023-pc-statistics\/97924\/"}],"_links":{"self":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts\/109917"}],"collection":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/users\/2487"}],"replies":[{"embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/comments?post=109917"}],"version-history":[{"count":13,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts\/109917\/revisions"}],"predecessor-version":[{"id":110027,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts\/109917\/revisions\/110027"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/media\/109921"}],"wp:attachment":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/media?parent=109917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/categories?post=109917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/tags?post=109917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}