• Advertise
  • Subscribe
  • Forums
  • Buyer's Guide
  • Contact Us
  • Connect on LinkedIn
    1. Cybersecurity

    ImmuniWeb launches Global Internet Security Statistics Center for Research and Analysis

    Nov. 27, 2024
    ImmuniWeb's new resource of data from nearly 350 million security scans of Internet-facing assets is now freely accessible for industry and academic research.
    674738b7e6831de14be647cb Untitled Design 1

    ImmuniWeb has today announced that the global cybersecurity community, educational institutions, government agencies, and even individual researchers can access historical data on the security of Internet-accessible resources. To support this, the following dynamic statistics are now publicly available:

    Global SSL Security Statistics for visibility of SSL/TLS encryption, vulnerabilities, and weaknesses in web applications, APIs, email servers, and network appliances. From Q1 2024 to date, there have been 1,421,781 SSL/TLS events. In Q3, 2024, the US has the most instances with 53.7%, with Germany (7.8%), Ireland (7.2%), and Canada (6.1%) following far behind. With data on aspects like website security grade and compliance with GDPR, NIST, HIPAA, and PCI DSS, readers can see progress over each quarter. In Q3, while GDPR compliance stands at a healthy 94.9%, NIST sees just 14.2% compliance; however, there is an upward trend.

    Global Email Security Statistics for visibility of the most frequent email misconfigurations that facilitate spam, phishing, and business email compromise (BEC) attacks. The most frequent misconfigurations in Q3 came from the Anycast Network (30.32%), which routes user requests to the nearest or best-performing server using a single shared IP address. However, the top three countries were Brazil (12.1%), the US (7%), and Canada (3.8%). Based on the figures from Q1 to today, findings include a decline in good configuration across key metrics. Many categories, such as DKIM, DMARC, SPF, and PTR status, show a decline in "good configuration" by Q4 2024; e.g., DKIM fell from 25.3% in Q1 to 20.3% in Q3. Additionally, a high percentage of servers are listed in blacklists, with 65.6% in Q3 2024, indicating a problem with reputation and email deliverability.

    Global Website Privacy Statistics for visibility of trackers and other privacy-invasive technologies used on websites to spy on users, sometimes in violation of the law. In Q3, the most frequently found privacy-invasive technologies were in the US (33.4%), Anycast Network (26.6%), Germany (4.2%), and the Netherlands (3.3%). In Q3, 68.4% of websites had a privacy policy, while only 18.41% of websites had a cookie consent banner.

    Global Website Security Statistics for visibility of website vulnerabilities and weaknesses, outdated software, and web server misconfigurations leading to data breaches. The most vulnerable websites in Q3 were found in the US (53.4%), Germany (7.1%), Ireland (3.9%), and Canada (3.9%). In Q3, a significant majority, 82.9%, equivalent to 736,533 websites, do not have WAF protection. This is an increase from the previous quarter (67.2%). Also, 38.8% of websites were using outdated software, which is a slight decrease from 40.1% in Q2.

    Global Dark Web Exposure & Phishing Detection Statistics for visibility of cyber-attacks and malicious activities on the Dark Web, as well as tracking of phishing campaigns. The country with the highest dark web and phishing exposure across all quarters was the US, with 40.8% in Q3. The number of total incidents escalated dramatically to 901,816,735 in Q3 from 1,998,174 in Q2, while the instances of compromised access credentials reached 133,783,881 in Q3, up from 114,191 in Q2.

    Global Mobile App Security Statistics for visibility of the most common iOS and Android vulnerabilities in modern mobile apps that facilitate data or mobile device compromise. In Q3 2024, two of the most interesting statistics from the OWASP Mobile Top 10 Vulnerabilities report were the significant increase in vulnerabilities associated with the "Use of Hidden UI Elements," rising from 0.7% in Q1 to 5.4% in Q3. Additionally, the relatively high warning rates of “Usage of Intent Filter” and "Missing Tapjacking Protection" both remained consistent at around 6.1%.

    Global Cloud Security Statistics for visibility of misconfigured or exposed cloud storage at the most popular public cloud service providers (CSP) around the globe. From Q1 to Q3 2024, there was a significant decrease in the number of public files stored in cloud storage, dropping from 218,509 files to 45,782 files. The percentage of cloud storage classified as secure was 93.6% in Q3 2024, maintaining a high level of security compliance. This stayed close to the 94.8% seen in Q2.

    Each of the statistics above is freely available both in real time and in historical view, accessible either via an interactive dashboard or downloadable in a PDF. The figures in this release were based on data analyzed on 25 November 2024. Each statistic has a direct link for the convenience of citations in research and other publications.

    thumbnail_image
    Credit: Matic Grmek
    Ransomware-as-a-service — known as RaaS — operators such as LockBit rely on networks of other malicious hackers known as affiliates to carry out attacks. RaaS operators provide the malware and infrastructure to affiliates, and the two sides share the ransom paid.
    tyronechambliss