A freshly released report from Symantec about the state of malware risks identified in the month of May informs that cybercriminals were highly active, creating no less than 44.5 million new versions of threats.
The figure sets a new high this year and it represents an increase of more than 50% compared to the previous month, when the company’s system recorded 29.2 million new threats.
The time interval with the second largest number of malicious software seen by Symantec systems is March, the total amount reaching 35.8 million samples.
Since the beginning of the year, the months with the lowest activity as far as new malware creation is concerned were February (probably accounted by the fewer number of days), with 26.5 million, and April.
According to data from the company, the most commonly seen threat on OS X is a Trojan called OSX.RSPlug.A, which changes the DNS (domain name system) settings of the affected computer, driving traffic to sites controlled by the attacker. The detection frequency increased to 23.9% in May, up by 4%.
Following in, the top most commonly seen and driven off from the OS X environment is Keylogger, with 14% and Wirelurker, accounting for 9%.
The report from Symantec also informs that the number of spear-phishing attacks seen on a daily basis recorded a downward trend.
However, it was observed that attacks using this tactic focused more on organizations with less than 250 employees, 42.5% of the spear-phishing in May being aimed at them. The value represents an increase from 30.6% in April.
The type of files seen attached in most malicious emails is DOC and DOCX, associated with Windows Word documents. These accounted for a prevalence of 40% of the total.
Lately, cybercriminals include in this kind of files a malicious macro script with instructions for downloading malware from compromised websites or locations set up specifically for hosting threats.
Microsoft Office products defaulted to a disabled macro feature a long time ago, but crooks rely on social engineering to trick victims into enabling the functionality.