
"...and around every three months"
Who knew, even malware writers have end of quarter quotas to meet!
Ransomware dominated the threat landscape last year even though file-encrypting nasties made up less than one in a hundred examples of different Windows malware during 2016. The mode of action and damage created by file-encrypting trojans makes them a much greater threat than implied by a consideration of the numbers, …
even malware writers have end of quarter quotas to meet!
Quite possibly they do. The higher end of organised crime would have to be run on very tight commercial lines, with good accounting, decent MI and KPIs. I would suspect that the big drug barons can identify their total "production", sales, losses from distribution fraud or police interception, the volume and value of work-in-progress and so forth. I would guess that there's crossover between drugs, malware (and other forms of crime) so that the same principles will be applied.
Malware is parasitic from of crime - it needs to not kill the host, to generate what at eco-system level is a recurring output, and to evolve against countermeasures. To be successful you need to be organised, to create diverse revenue streams from selling code you no longer need to hoard, selling botnets, ransomware, or simple botnet services pumping spam or delivering DDOS. All of that means that it really lends itself to organised crime, and once it gets into those hands, the black hats become armed and dangerous black hats.
Plenty of issues with plugins, but I would think that Drupal, Wordpress and others are also quite often victim of the "set it and forget it" line of thinking. Customer wants website, gets website with Drupal as a CMS, customers website gets compromised 2 years later because nobody thought of patching the frigging thing.
"The overall number of malware exceeds 640 million
seven out of ten newly programmed malware programs targeted Windows.
= 192 million non windows"
Note the phrase "newly programmed". 640 million is the total ever written, while the 7/10 for Windows refers only to new stuff written (or at least released or detected) in the last year. In fact, the report notes that there are over 600 million known malware programs targetting Windows, which puts it at something like 94% overall. Unfortunately the report doesn't give enough detail to figure out exactly which OSes get exactly what proportion either overall or just for the new stuff.
Monitoring all Internet traffic and using reversible (but only for the good guys...) is all well and good, but the bad guys will start avoiding those communications channels.
I favour a Matrix style approach where all the people actually sit in little beds wired up to reality so that we can monitor EVERYTHING, EVERYWHERE!!!!
You think this is a bad idea G489089890121-2? * zaps you with enough electricity to power a small town * Bwahahahaha!!!!! Re-education completed....
According to the PDF, with the authors claiming the reason is because Android attacks are profitable and iOS attacks are not. They say it has "dropped below meaningful percentage points" and thus don't even list the number of iOS attacks. I wish they'd have expanded on this, because it is interesting.
Obviously iOS is a minority of smartphones - a bit less than 15% worldwide by sales - but since they cost significantly more on average, the average iOS user comes from a richer country and is richer. Presumably a better target for malware, right? macOS has an even smaller percentage of PCs than iOS does of smartphones, and a lesser degree of cost difference from Windows PCs, but attacks there are rising. Why the difference?
Maybe it is because when a working attack on iOS is found, Apple can and will patch it very quickly, and it is applied quite quickly and widely, meaning that working attack is really only useful for targeted attacks (i.e. I want to break into Trump's Twitter phone) rather than trying to infect many people. A targeted attack can stay under Apple's radar and keep the exploit secret, but once it is released very widely it will become known and be fixed almost immediately.
While Google probably responds as quickly with Android patches, those fixes will never reach a majority of phones in the wild at the time the fix is made, so a working Android exploit may be thousands of times more effective due to its far longer useful life. Even if the average Android user has less money (worldwide, most are buying phones for $100 and under) the fact the exploit will be able to work for years means it will easily outearn iOS exploits that would have mere days to earn before they're shut down.
On PCs, Windows and Mac are probably about equal in how quickly fixes are developed and applied by end users. The fact most Mac users don't have AV software should mean they're easier to infect given a working exploit and therefore profitable enough to attack despite having something like 5% market share worldwide.