The number of infected PCs jumped some 106% during the holiday season’s first shopping weekend and 118% above normal on Cyber Monday.
‘Tis the season for gift-giving, snowfall – and cybercrime. The 2016 holiday shopping season has already proven risky, with malware infections in the US jumping 106% between Black Friday and Cyber Monday.
The data comes from Enigma Software Group (ESG), which compiled data on infections recorded in its SpyHunter program. ESG analyzed malware data in the month leading up to Thanksgiving and compared it with infections recorded between Nov. 25 and Nov. 28, 2016.
It’s worth noting this data only applies to malware infections recorded on PCs, and does not include activity from smartphones or Apple products.
The number of recorded infections has doubled year-over-year. This year’s 106% jump marks a significant increase from the same weekend in 2015, when malware was 84% above normal. Malware activity peaked on Cyber Monday, when instances were 118% higher than normal.
ESG believes there are multiple drivers behind the malware surge, says spokesperson Ryan Gerding.
“The biggest thing is that there are more people who are shopping online every year,” he explains. “What’s more, the bad guys are getting smarter in tricking people into accidentally clicking on links that install malware on their computers.”
Consumers are most likely to fall for emails that appear to come from legitimate companies. These messages may promise a free gift card or claim there is a problem with an order, but instead include a malicious link that will download malware onto the victim’s computers.
During the holidays, more people are shopping and anticipating these types of emails. They’re more likely to click on a money-saving coupon or wonder if there really is a problem with their order. As a result, malware infections continue to climb.
Emails aside, hackers also abuse social media accounts and post status updates containing malicious links. Others bundle malware with software downloaded from the Internet; for example, programs that promise to bypass location-specific restrictions on services like Netflix.
The vast majority of these infections are “nuisanceware,” says Gerding. They may slow down victims’ PCs or cause a spike in pop-up ads; things that are annoying but not necessarily dangerous.
However, the occasional dangerous attacks do take place. Ransomware makes up a tiny percentage of infections, but it can be devastating when it hits. ESG discovered about 0.5% of all infections include ransomware.
It’s a miniscule percentage, but Gerding notes the amount of infections made of ransomware has doubled since 2015. One year ago, ransomware made up about 0.25% of malware attacks. The trend promises ransomware will continue to grow as a consumer-facing threat in 2017.
“As long as the crooks are successful in getting people to pay a ransom, they’ll keep trying to get infections out there on as many computers as possible,” he says.