Sophos Security Threat Report reveals attitudes to cyberwarfare

Sophos Press Release

Poll reveals that 63% consider country vs country cyber-espionage acceptable

IT security and data protection firm Sophos has today published the mid-year 2010 Security Threat Report, revealing the findings of a survey into attitudes towards cyberwarfare and detailing other trends and developments in IT security for the first half of 2010.

Download Sophos Security Threat Report Mid-Year 2010"

Sophos's worldwide survey of 1077 computer users uncovers some alarming attitudes towards international cyber-espionage. Respondents were asked questions including whether they thought spying via hacking or malware attacks is an acceptable practice and if the computer networks of private companies in other countries are legitimate targets.

Some of the key findings of the survey indicate a relaxed attitude to state-sponsored cybercrime:

Spying on other countries via hacking and malware

63% of those polled believe that it is acceptable for their country to spy on other nations by hacking or installing malware (23% said yes at any time. 40% said only during wartime, 37% said no)

Survey results

Disrupting communications and financial systems through distributed denial-of-service attacks

A staggering 1 in 14 respondents believe that crippling denial of service attacks against another country's communication or financial websites are acceptable during peacetime (49% said only in wartime, 44% said never)

Survey results

Spying on foreign companies via hacking and malware

32% believe that countries should be allowed to plant malware and hack into private foreign companies in order to spy for economic advantage (23% said this was only acceptable in wartime, 9% said in peacetime, 68% said no)

Survey results

"It's perhaps surprising that so many people seem to think that using the internet as a tool for spying, or even as a weapon, is acceptable practice," said Graham Cluley, senior technology consultant at Sophos. "After all, by giving the green light to these kind of activities you'd also have to expect to be on the receiving end too. Maybe yours will be the next company probed by an overseas power?"

'Operation Aurora', which first came to light at the start of the year, resulted in Google accusing Chinese hackers of cyberwarfare, as its systems, and those of other companies, were hit with targeted attacks, potentially signaling the most obvious sign yet of a new age of malware.

"Hacking and virus-writing began as a hobbyist activity, often designed to prove how smart the programmer was, rather than to cause serious long-term harm," continued Cluley. "It evolved into organized criminal activity, with the lure of large amounts of money and now, in 2010, it could be argued that the third motivation is using malware and the internet to gain commercial, political and military advantage over others."

Sophos Security Threat Report

US remains super power of malware-hosting countries as European nations join top ten

The US is still the top country where malware-hosting websites can be found. These are websites that have been set up with the explicit intention of infecting visitors, or legitimate websites that have been compromised by hackers. Often, aggressive search engine optimisation (SEO) techniques are used to push infected websites to the top of search results, increasing the rate of traffic to malware-hosting pages, infecting more web users.

Top 10 malware-hosting countries, Jan-Jun 2010

1. USA 42.29%
2. China 10.75%
3. Russia 6.13%
4. Germany 4.08%
5. France 3.92%
6. United Kingdom 2.41%
7. Italy 2.09%
8. Netherlands 1.96%
9. Turkey 1.74%
10. Iran 1.53%
Other 23.3%

"Although website owners in the US clearly have a lot of cleaning up to do, France, Italy and the Netherlands have all joined this top ten since the start of the year, so it's far from an isolated problem," continued Cluley. "The biggest issue is that a lot of these websites are legitimate ones that have been targeted by hackers - businesses could end up infecting their customers, leaving them open to fraud."

The full mid-year 2010 Security Threat Report contains much more information on the latest social networking, malware and spam threats, as well as predictions for emerging trends, and can be downloaded free of charge.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at