While no company's statistics are or will be the same — as the numbers are gathered based on telemetry from different systems — all reports show an increase of activity during the months of April, May, and June.
Not coincidentally, the biggest rise in activity came from the ransomware category, whose numbers were without doubt boosted by two global outbreaks — WannaCry and NotPetya.
WannaCry in particular sits atop rankings from Check Point and Kaspersky Lab. NotPetya is ranked lower, but this outbreak was far smaller then the WannaCry attacks, being localized mainly in the Ukraine, and affecting even smaller number of users when compared to day-to-day ransomware operations such as Jaff and Locky, both active in Q2 2017.
The Check Point and Kaspersky charts above relate to global ransomware detections. The chart below, courtesy of Proofpoint, shows ransomware payloads spread via email attachments on a daily basis.
WannaCry and NotPetya did not use email, but as expected, Jaff and Locky were heads above everyone else, mainly because these two ransomware families were spread via Necurs, today's largest spam botnet.
Proofpoint also breaks down malicious email threats based on the category of malware they were carrying. Again, ransomware was by far the favorite payload, followed closely by banking trojans.
When it comes to overall email threats, in a report provided to Bleeping Computer before publication, Cyren says it detected a 586% rise in malicious email attachments and a 3% rise in generic global email spam.
In an activity report for the month of July 2017, Symantec claims that the upward trend continued, and global spam levels for last month reached the highest since March 2015.
The rise in malicious email attachments was also recorded and confirmed by fellow cyber-sec firm Proofpoint.
As once more expected, Dridex — who is also distributed via the Necurs botnet — was the most prevalent banking trojan spread via malicious emails.
But when it comes to overall detections, including banking trojans delivered via other methods, Zeus-based strains account for most infections, while Dridex is only sixth, according to Check Point data.
The same Check Point research also includes data for the most popular Android malware. The most prevalent threat is called Hiddad, a basic infostealer and malware downloader for Android devices.
Overall, malware detections for both Android and desktop systems were up 57% and 23% respectively, according to Cyren.
On the web malware scene, activity was up just like in the other categories. Cyren reports a 16% rise in malware-hosting URLs, and a 13% rise in phishing URLs.
As for exploit kits, it's already common knowledge among industry professionals that exploit kit activity has continued to go down after the demise of several high-profile actors, such as Angler, Nuclear, Neutrino, and Sundown.
Nonetheless, the RIG exploit kit has stepped in to fill the void and provide the means for malvertising campaigns such as AdGholas or RoughTed to target users via malicious ads and sneaky drive-by downloads.
The fact that exploit kits continue to remain relevant also explains why browsers and web-related plugins remained the favorite target of exploit packages.
Below are some of the other key findings recorded in the reports detailing malware activity in Q2 2017.
Article updated with link to Cyren report.