What happens in an Evil Internet Minute (c) 2017 RiskIQ
What happens in an Evil Internet Minute


Colin Verrall, VP EMEA, RiskIQ
Colin Verrall, VP EMEA, RiskIQ

Threat management company RiskIQ has warned of the evil that happens every 60 seconds on the Internet. It has used data from insurance company Hiscox and an article in Forbes. The result is what it calls the inaugral “Evil Internet Minute” where:

  • £656,393 lost to cybercrime
  • 1,080 people fall victim to some form of cybercrime
  • £109.942 spent to protect against cybercrime

According to Colin Verrall, VP EMEA, RiskIQ: “As the Internet and its community continues to grow at pace, some people have been trying to make the vast numbers associated with it more accessible by framing them in the context of an ‘Internet Minute’. As the same growth applies to cybercrime, similarly, we have framed malicious Internet activity, leveraging the latest research as well as our own intelligence to define the darker happenings across the web in 60 seconds.”

Reality or more security related FUD?

An interesting question. Is it really possible to take data from two different sources and scale it to encompass everything that happens on the Internet? Not really. If the data was drawn from a wide enough number of countries then maybe. In this case it isn’t. It doesn’t, for example, use numbers for cybercrime in China, India, Brazil or several other countries with large populations.

Does that mean that this is yet more marketing FUD? (Fear, uncertainty and doubt) Again, not really. There are some useful numbers hidden inside the details of what is going on in every evil Internet minute. Those numbers come from data gathered independently by RiskIQ from its customers, telemetry and partners.

That research shows an Internet full of nasty stuff including:

  • New blacklisted mobile apps: 0.3 per minute
  • New phishing pages: 100 per minute
  • Malvertising: 14.5 incidents per minute
  • Pirate content: 4,300 people globally exposed to malware from content theft sites per minute
  • Malware: 818 unique samples of malware detected per minute
  • Ransomware: 1,214 ransomware attacks attempted per minute
  • Phishing: Over 100,000 phishing emails including targeted Business Email Compromise emails per minute

Is the Internet becoming unusable?

Compared to the total volume of traffic on the Internet these numbers are relatively small. That does not diminish their importance. It shows the need for better security policies, user education and security software. What is important is the areas around malvertising, malicious mobile apps and pirate content.

Malvertising is on the rise and the major advertising networks seem powerless to protect themselves. This means that users are exposed to malicious adverts even when visiting large sites. The increase in malicious mobile apps shows why the app stores need to do more to detect and block these apps before they get onto users devices.

One of the biggest concerns is the increase in infections through pirate content. Illegal streaming of content is on the rise. This is not just about video and audio theft. The number of cracking utilities that allow users to steal software has also increased. Ironically one of the most commonly seen types of cracked software available illegally is anti-virus software. The irony is that the software people are stealing to protect themselves is actually doing the opposite.

What does this mean?

There will always be bad stuff on the Internet. Most of it is hidden from users via the Dark Web. Protecting users from most of what RiskIQ has highlighted is about better user education and policies. Companies need to have policies to detect illegal content being downloaded over their networks. They also need to block machines using software without valid software licences.

Enterprises also need to consider blocking any devices where the user has disabled security to install apps from outside the app stores. Such actions also stop the device from getting security updates direct from the device vendor. It makes those devices a major risk to the enterprise.

The Evil Internet Minute is only about external threats to users and devices. It does not account for actions taken by insiders. This is something that is not accounted for by the losses RiskIQ identifies.

RiskIQ says that it will update these numbers on a regular basis. It will be interesting to see how the losses and attacks change over time.


Please enter your comment!
Please enter your name here