IT security and control firm Sophos has published its latest
Security Threat Report, which looks at worldwide cybercrime during
the first quarter of 2008. The findings show a dramatic increase in
web-based threats compared to 2007 - the first three months of 2008
showed Sophos finding and blocking a new infected webpage every
five seconds, compared with one every 14 seconds last year.
Download
now:
Sophos Security Threat Report, Q1 2008
US now hosts more malware than any other country
The top ten countries hosting web-based malware in Q1
2008:
| Position |
Country |
Percentage |
| 1 |
United States |
|
| 2 |
China |
|
| 3 |
Russia |
|
| 4 |
Germany |
|
| 5 |
Ukraine |
|
| 6 |
Turkey |
|
| 7 |
United Kingdom |
|
| 8 |
Thailand |
|
| 9 |
Czech Republic |
|
| 10 |
Canada |
|
| Others |
8.4% |
Research into which countries host the most infected webpages
shows some interesting changes since the 2007 Sophos Security
Threat Report. The US in particular has experienced unprecedented
growth, from hosting less than 25 percent of all infected pages
overall in 2007, to almost half in the first three months of
2008.
China has demonstrated the biggest drop, from hosting more than
half of all the infected pages seen by Sophos in 2007, to just
under a third in the first quarter of 2008. Elsewhere in the chart,
newcomer Thailand was responsible for hosting 1 percent of all
malware infected webpages, while the UK hosted 1.1 percent, down
from 3 percent in the same period last year.
"The US and China are no strangers to this chart, with the two
countries long holding the top two spots in this hall of shame,"
notes Carole Theriault, senior security consultant at Sophos.
"However, the bottom half of the chart remains fluid, indicating
that users need to remain vigilant, and those hosting websites need
to ensure that they have patched against vulnerabilities that might
be lurking on their site to avoid becoming part of the
problem."
Hacked sites pose greatest risk to IT security
From January to the end of March 2008, Sophos identified an
average of more than 15,000 newly infected webpages each day. Most
worrying for computer users, is the fact that the majority of these
poisoned sites - 79 percent - are found on legitimate websites that
have been hacked. February saw the website of UK broadcaster ITV
fall victim to a poisoned web advert campaign which targeted both
Windows and Mac users, while in March a Euro 2008 football ticket
website was hacked by cybercriminals in an attempt to infect unwary
fans. In contrast, just one in every 2500 emails is now infected,
compared to one in every 909 in 2007.
The top ten malware found on the web in Q1 2008:
The top two web threats, Mal/Iframe and Mal/ObfJS, which are
together responsible for more than half of all the online malware
found by SophosLabs, are programmed by cybercriminals to infect
websites by taking advantage of vulnerabilities. Sophos experts
warn that companies can protect their network by investing in web
security that scans a webpage for malware before granting access,
while companies need to ensure that their web servers are protected
against hack attacks.
"About 1 percent of web requests now deliver an infected page,
most of which are legitimate websites belonging to people just
trying to earn a living," says Theriault. "Already in 2008 we've
been reminded that it's not just the small, independent sites that
are being hacked. With compromised websites of household names now
serving up malware, it's more important than ever for users to
ensure that they're using a fully protected machine, and for
businesses to protect their web servers from the risk of
attack."
Data leaks continue to cause embararassment
Data leakage continues to be a major concern for organizations,
with several high profile cases of businesses losing sensitive
customer information reported during the first three months of
2008. In March, the largest reported data breach this year involved
the credit card numbers of more than four million customers being
stolen from US supermarket chain Hannaford Bros. The credit card
details, taken by cybercriminals using malware installed on servers
at the chain's branches, have already been used in approximately
1800 fraud cases.
These incidents cause embarrassment to businesses and government
agencies and are a concern for all consumers. Sophos experts warn
that cybercriminals are now more experienced and better resourced
in the delivery of sophisticated attacks heightening the risks of
data leakage and reinforcing the need for businesses to put in
place up-to-date and extensive security policies, as well as
educating users on appropriate and acceptable computing
behavior.
As well as ensuring payment card industry (PCI) guideline
compliance, Sophos reminds businesses to consider employing further
measures to make their computer systems as secure and unattractive
a target for hackers as possible. "Several PCI compliant companies,
including Hannaford's, have fallen foul of enterprising
cybercriminals in recent months," adds Theriault. "With more
comprehensive solutions in place, businesses can make their data
unappetizing to greedy hackers who are only after a free
lunch."
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.