New research just published by Sophos Security outlines the increase in sophistication of cyber attacks and the new vectors criminals are targeting for their exploits. It also points out that it is the US, not some foreign entity, that hosts more malware and distributes more spam than any other country – nearly 3 times the amount of China which ranks second on malware hosting, and 50% more than Brazil which ranks second in spam.
Sobering statistics from their report:
- 23,500 new infected web pages are discovered every day. That’s one every 3.6 seconds, 4 times worse than what it was in the same period in 2008.
- 15 new bogus anti-virus vendor websites are discovered every day. This number has tripled, up from an average of five detected per day, during 2008.
- Approximately 6,500 new spam-related websites are discovered every day – accounting for one new website every 13 seconds, 24 hours a day. This figure is almost double what it was in the same period in 2008.
- Over 99% of spam is sent from home computers that have become part of botnets because they were not properly protected with up-to-date anti-virus software, firewalls and security patches.
Existing exploits persist, and new threats emerge
Data loss/theft remains a top concern in 2009 as many corporations and government institutions have failed to protect employees and customers sensitive information.
Hacking legitimate websites so they distribute malware continues. Infected sites have included government and educational sites that consumers know and trust, yet simply visiting these sites, or downloading materials leaves users infected.
Email attacks continue and an even greater percentage of these come from the US in 2009 with 15.7% as compared to 14.9% in the same period in 2008.
Criminals have begun to leverage social networks in a concerted way to expand their methods of exploitation. Sophos found that 25% of businesses have been the victim of spam, phishing or malware attacks generated through networks like Twitter, Facebook, LinkedIn and MySpace.
2009 has also seen an increase in using USB sticks to spread malware, and hackers are moving beyond traditional programs to find and exploit security holes in programs and tools like Adobe Flash and PDFs.
Digital espionage in the first half of 2009 continued to expand in spite of governments increasing the shutdowns, arrests and harsher sentences for criminals involved in cybercrimes.
Sophos believes Web 2.0 sites like Facebook, Twitter and MySpace will become the primary battleground for malware authors, identity thieves and spammers. Cybercriminals will increase the number of legitimate, but hacked, web pages. The variety, and number of attacks will continue to increase, as criminals find new security holes, adopt new techniques, and create new disguises to infect the unsuspecting. Compromised computers will continue to be the primary source of spam. ID theft will become an even larger problem and will adversely affect customer trust. Email and web attacks will increasingly use Word Documents and PDFs to trigger unseen downloads of viruses and Trojans.
Prevention is better than a cure
The report concludes by noting the current path does not have to continue. Detection of new malware threats is at an all-time high, and with solid security practices, up-to-date security software, and a commitment to stay safe we can go a long way towards defending home computers and business networks.
Click here to read the full report.