|
IT security and control firm Sophos has published new
research into the first six months of cybercrime in 2008. The Sophos
Security Threat Report examines existing and emerging security
trends and has identified that criminals are increasingly using
creative new techniques in their attempt to make money out of
internet users.
It is estimated that the total number of unique malware samples in
existence now exceeds 11 million, with Sophos currently receiving
approximately 20,000 new samples of suspicious software every single
day - one every four seconds.
The firm's report reveals that most attacks are now designed to try
and out-fox traditional security systems such as email-scanning.
Website infection rate three times faster than 2007
The first half of 2008 has seen an explosion in threats spread via
the web, the preferred vector of attack for financially-motivated
cybercriminals. On average, Sophos detects 16,173 malicious webpages
every day - or one every five seconds. This is three times faster
than the rate seen during 2007.
Over 90 per cent of the webpages that are spreading Trojan horses
and spyware are legitimate websites (some belonging to household
brands and Fortune 500 companies) that have been hacked through SQL
injection.
SQL injection attacks exploit security vulnerabilities and insert
malicious code into the database running a website. Companies whose
websites have been struck by such an attack often clean-up their
database, only to be infected again a few hours later. Users who
visit the affected websites risk having their computer taken over by
hackers, and their personal banking information stolen by identity
thieves.
Sophos has identified that the number one host for malware on the
web is Blogger (Blogspot.com), which allows computer users to make
their own websites easily at no charge. Hackers both set up
malicious blogs on the service, and inject dangerous web links and
content into innocent blogs in the form of comments. Blogspot.com
accounts for 2 per cent of all of the world's malware hosted on the
web.
Business websites attacked, office workers at risk, Web 2.0
introduces new threats
Thousand of webpages belonging to Fortune 500 companies, government
agencies and schools have been infected, putting visiting surfers at
risk of infection and identity theft. High profile entertainment
websites such as those belonging to Sony PlayStation, Euro 2008
ticket sales companies, and UK broadcaster ITV are amongst the many
to have suffered from the problem.
Sophos experts note that with the continuing popularity of Web 2.0
social networking sites, including Facebook and LinkedIn, among
business users, cybercriminals who have already gained access to
user profiles, may begin to use these as corporate directories,
noting new employees and launching spear-phishing attacks
specifically aimed at stealing information from new and unsuspecting
members of staff.
To guard against this risk, all organisations should ensure
employees are fully educated about the dangers of posting too much
information on these sites, and of accepting unsolicited friend
requests.
"Businesses need to bite the bullet and take better care of
securing their computers, networks and websites. They not only
risking having their networks broken into, but are also putting
their customers in peril by passing on infections," said Graham
Cluley, senior technology consultant at Sophos. "But office
workers must realise it's not just the business fat cats who need to
worry about this. Visiting an infected website from your work PC, or
sharing too much personal or corporate information on sites like
Facebook, could lead to you being the criminal's route into your
company."
Nicole Kidman and Angelina Jolie endanger safety of computer users
via email
Although most attacks are now taking place via infected websites,
email continues to present a danger. It is common for cybercriminals
to spam out links to compromised websites, often using a subject
line and message to tempt computer users into clicking through the
promise of a breaking news story or a lewd topic.
Attacks via email file attachments, however, have reduced in 2008.
Only one in every 2,500 emails examined in the first six months of
2008 was found to contain a malicious attachment, compared to one in
332 in the same period of 2007.
The Pushdo Trojan dominated the chart of most widespread malware
spreading via email, accounting for 31 per cent of all reports.
Pushdo has been spammed out during the year with a variety of
disguises. Some for example, have claimed to contain nude
photographs of Hollywood stars Nicole Kidman and Angelina Jolie.
Much more information about the latest trends in malware, spyware
and spam can be found in the latest Sophos Security Threat Report.
--Tech Times Online
|
