BOSTON – August 1, 2011 – High-profile hacking attacks against governments and corporations have dominated the security landscape in 2011. The result is that other security issues which could pose a greater threat to businesses, governments and consumers such as fake anti-virus, search engine poisoning and social networking scams have received far less attention and therefore slipped beneath the radar. With a new unique malware threat seen almost every half second, it's vital to understand how these new threats work and how to build the proper defenses. IT security and data protection firm Sophos highlights those findings and more in the Sophos Security Threat Report Mid-Year 2011.
Malware attacks remain the biggest Internet threat to all computer users, as fake anti-virus and search engine optimization poisoning have become commonplace. Since the beginning of 2011, Sophos has identified an average of 150,000 malware samples every day. That breaks down to a unique malware file being created every half-second, an alarming 60 percent increase over 2010. Additionally, 19,000 malicious website addresses (URLs) have been identified daily, with 80 percent of those URLs being legitimate sites that have been hacked or compromised.
“2011 has seen a continued massive uptick in the volume of malware in which the Web is the dominant vector for both targeted and mass-scale attacks,” said Mark Harris, vice president of SophosLabs. “The virulence of attacks such as fake AV requires a prompt move by IT organizations and consumers to employ more layered Web protection and defenses to reduce the attack surface of the devices they use.”
The Latest 2011 Attacks, Techniques and Defenses
The report focuses on new types of threats and offers advice on how organizations can properly defend themselves against the new wave of malware and scams. The Sophos Mid-Year 2011 Security Threat Report has identified several issues of concern. They include:
Search engine poisoning, also known as Black Hat SEO, is on the rise, threatening businesses of all sizes. Cybercriminals manipulate search results from Google, Bing and Yahoo to lure web surfers to malicious pages. These criminals hijack popular search terms related to breaking news as well as mundane search terms that relate to home-repair services or personal health. Hackers redirect users to malicious sites that place viruses, worms, Trojans or fake anti-virus software on computers. Search engine poisoning attacks are extremely effective, and account for more than 30 percent of all malware detected by Sophos Web Appliance (SWA) according to SophosLabs.
- Social media threats have sharply escalated while mass scale email-focused attacks are diminishing:
- Facebook users in particular are weary of the social network’s safety, with 81 percent of respondents to a Sophos poll saying it posed the biggest security threat of all social networks - up from 60 percent last year. As Facebook holds so much personal information on users, scam attacks have been severe in 2011. The scams include cross-site scripting, clickjacking, bogus surveys and identity theft.
The full Sophos Security Threat Report Mid-Year 2011 includes additional details of these and many other current and growing security threats. The report can be downloaded free of charge from the Sophos website.