What can happen in one malicious minute online?
The latest security intelligence report from RiskIQ has the somewhat provocative title of Evil Internet Minute 2020. However, by analyzing its own global intelligence as an attack surface management company, along with third-party research, RiskIQ has put together an interesting overview of what can happen in just 60 malicious seconds online.
The headline numbers, and it really is all about the numbers as you will probably have already guessed, make for sobering reading. In just the single minute, RiskIQ suggests that a staggering 375 new cybersecurity threats will emerge. Primarily, it would appear, as a result of the COVID-19 threat surface, which has seen a surge in attacks that leverage the pandemic in one way or another.
Three new phishing sites will be launched every minute, and 14.6 COVID-related hosts created. When it comes to actual attacks, rather than threats, the numbers drop considerably: in that malicious minute there will be 1.5 attacks on internet-connected computers.
Unfortunately, all of that is enough to see 16,172 records compromised every 60 seconds, according to the RiskIQ analysis.
Not all the statistics from this analysis fit neatly into the single minute container. A mobile app is blacklisted every 3 minutes, an internet-of-things (IoT) device is attacked every 7.5 minutes, a COVID-19 phishing domain is blacklisted every 15 minutes, and a new vulnerability is disclosed every 24 minutes.
Which is all well and good for putting things into some kind of perspective, I guess, but looking at a single minute isn't that useful when considering your security posture. Or is it?
"These stats show threat activity is widespread, but also show the power of threat intelligence in defending the enterprise," RiskIQ CEO, Lou Manousos, said. "More knowledge, greater awareness, and an increased effort to implement necessary security controls make a huge difference in stopping these threat actors in their tracks."
None of which I'll argue with, and if some shocking single-minute numbers prompt a single person to step up their security efforts, then it's a job well done.
