15% Fewer Russian Companies Affected by Malware in Late 2024

The number of Russian organizations impacted by malicious software dropped by about 15% in the fourth quarter of 2024 compared to the previous quarter, falling from 34,000 to 29,000 companies. This data comes from experts at the Solar 4RAYS cyber threat research center, part of the Solar group of companies. According to specialists, this decline is linked to a seasonal decrease in malware activity at the end of the year.

The report is based on data from the PDNS sensor network, one of the largest in Russia. These sensors detect various types of malware, including programs for covert cryptocurrency mining, remote access tools (RAT), ransomware, botnets, and more. The sensor data also helps identify which regions and industries are most frequently targeted by such threats.

The total number of malware detections in organizations dropped by a third over the quarter, reaching 1.2 million cases. On average, each company experienced 41 infection incidents in the last quarter, compared to 47 in the previous quarter.

Industries Most at Risk Remain the Same

The list of industries most frequently targeted by malware remained unchanged. The most vulnerable sectors were healthcare, government, food production, and education.

Most Common Threats

The ranking of the most widespread threats also saw little change. Remote access tools (RAT) accounted for 24% of all recorded incidents. Additionally, 23% of threats were linked to well-known professional cybercriminal groups conducting targeted attacks. Botnets and data-stealing malware (stealers) each made up 20% of the total threats detected.

Seasonal Decline Does Not Mean Less Risk

Experts emphasize that the drop in virus activity at the end of the year is a seasonal factor and does not indicate an overall improvement in the cybersecurity situation. Companies continue to face various types of malware on a regular basis. For example, in the fourth quarter, each organization was attacked an average of 19 to 80 times.

Therefore, it is important not only to use antivirus software but also to implement advanced security solutions (such as EDR, NTA, Sandbox, NGFW), monitor network events, and regularly train employees on cybersecurity best practices.