Spring months continue to bring a significant decrease in Total and Unique Incidents
MATTHEW ROSTICK, ECONOMICS B.A. & PUBLIC POLICY B.A. AT THE UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL
The Duke University and The Media Trust research team have continued to track malware activity from undesired third-party code against internet users. This blog aims to update our readers on the activity and trends observed from March and April. Previous updates and more on the Media Trust project are on our website here.
As a reminder, you can find definitions for the types of attacks described in this article under the Access to Information Technical Definitions page located here. The Media Trust continues to run scans on synthetic profiles interacting with the internet. The first is Duke University’s private network. The others fall under the “Work from Home” category on Spectrum (IP2) and Google (IP3) networks. Found in an earlier blog is a further description of the datasets and project information. The narrative is located here.
As we come to the end of the spring season, the months of April and March provided little memorable changes in the data sets. Through the fall and winter months, there was some continuity in terms of total and unique incident scans. However, the continuity in the winter changed gradually during the mid-spring months, with a decrease in the number of both Unique Incidents and Total Incidents scanned.
The Total Incidents reported dropped by 70% from February to March on the Duke profiles. That number then dropped by another 30% from March to April. The Work from Home Spectrum and Google fiber profiles reported similar numbers dropping 55% and 85% from February to March, respectively.
Similarly, the number of unique incidents also dropped, however less significantly, with a 22% drop in the number of work-from-home Unique Incidents and a 15% drop in Duke Unique Incidents. Although essential to note, this trend is not unusual. It is hard to say what caused such a significant drop in the number of attacks. However, last spring, the data displayed a similar reduction in total and unique incidents in March, April, and May. This trend in the data has been observed since 2020, when The Media Trust first collected data. It appears to be a seasonally occurring trend. We will continue to monitor over the coming years if the data follows similar yearly patterns, such as a lull in attacks during the spring months. A chart providing a summary of the reduction in numbers is provided below. Graphs displaying changes over time in all data collected can also be found on our monthly data updates page.
Setting aside the total number of incidents between March and April, there are a few more minor updates worth mentioning. The new data provided some updates on the trends highlighted during the winter months. First, it was recorded previously that compromised content scans had disappeared throughout the winter months. This changed come February and March, with slight increases in the total and unique compromised content scans. During December and January, Unique attacks on the work-from-home profiles were higher than those of the Duke profiles. The data for March and April show that this trend continued.
Another important observation is the emergence of two new types of malicious activity. In April, both Malicious Code: E – skimming and Out of Browser re-direct appeared in The Media Trust scans. New types of malware are occasionally found, and although neither E – Skimming nor Out of Browser re-direct appear in significant numbers, it is vital to acknowledge and track the use of new malware types. It will be interesting to see the scale to which previously new attack vectors are now being used. We will continue to closely track this trend to determine the magnitude of these new ways of enacting malware.
The most important takeaway from the spring months is the total, and unique incidents decline. This affected nearly every aspect of the data collected and is a noteworthy trend to keep track of moving forward. We will closely watch the decline and emergence of new malicious activity types and provide updates on trends observed.