The report reveals that fake anti-virus and search engine poisoning have become more commonplace and, since the beginning of 2011, Sophos has identified an average of 150,000 malware samples every day. This equates to a unique malware file being created every half-second, a 60% increase since 2010. In addition, around 19,000 malicious website addresses (URLs) are now identified daily, with 80% of those URLs being pages on legitimate websites that have been hacked or compromised.
According to Sophos, high-profile hacking attacks against governments and corporations have dominated the security landscape in 2011 and the result is that other security issues which could pose a greater threat to businesses, governments and consumers – such as fake anti-virus, search engine poisoning and social networking scams – have received less attention. With a new unique malware threat seen almost every half second, it’s vital for businesses to build the proper defences, the company added.
“2011 has seen a continued massive increase in the volume of malware in which the Web is the dominant vector for both targeted and mass-scale attacks,” said Mark Harris, VP of SophosLabs. “The virulence of attacks such as fake anti-virus requires a prompt move by IT organisations and consumers to employ more layered Web protection and defences to reduce the attack surface of the devices they use.”
The Sophos Mid-Year 2011 Security Threat Report focuses on new types of threats that have dominated the information security landscape since the start of 2011. The report also offers advice on how organisations can properly defend themselves against the new wave of malware and scams.
One of the key threats pointed out by the report is Search engine poisoning, also known as Black Hat SEO, threatening businesses of all sizes. Cybercriminals manipulate search results from Google, Bing and Yahoo to lure web surfers to malicious pages. These criminals usually hijack key words relating to breaking news or other popular search terms. Hackers redirect users to malicious sites that place viruses, worms, Trojans or fake anti-virus software on computers. Search engine poisoning attacks are extremely effective, and account for more than 30 percent of all malware detected by Sophos’s Web Appliance (SWA).
The report by Sophos also points to the sharp escalation in Social media threats while mass scale email-focused attacks are diminishing. Facebook users in particular are weary of the social network’s safety, with 81 percent of respondents to a Sophos poll saying Facebook posed the biggest security threat of all social networks – up from 60% in 2010. As Facebook holds so much personal information on users, scam attacks have been severe in 2011. The scams include cross-site scripting, clickjacking, bogus surveys and identity theft.