As fast as companies guard their e-mail gateways and expand their defences against e-mail-carried malware and malicious spam, cyber criminals develop techniques to infect machines behind the scenes. They accomplish this by embedding malicious code on Web sites and luring users to them.
So says Brett Myroff, CEO of Sophos SA, talking about the company's recently released security threat report. “Malware is becoming more targeted, criminalised and harder to contain. There are definite connections these days between cyber crime groups and organised crime, one just has to look at phishing and the recent SMS cellphone banking saga to see that they are joining forces one way or another.”
He sees education as one way of fixing some of the problems we have with malware on the Internet. “An educated user is a protected user. Educated users are far less likely to fall for social engineering techniques or phishing scams. The Internet is becoming more and more integral to our lives, even for those who are not PC or Internet savvy.”
Myroff says 2009 has clearly illustrated how attacks are continuing to broaden. “While the amount of attacks over the Internet far outweighs attacks over e-mail, financially motivated cyber criminals are turning their attention to Web 2.0 platforms like Twitter and Facebook, as well as to alternative programs and tools like PDF files and Adobe Flash.”
According to Myroff, other developments giving hackers opportunities include the adoption of new technologies by businesses, and employees bringing devices and software into the workplace to aid communication and information-gathering.
He says the company receives 39 726 unique suspicious files every day, equating to 28 unique files every minute, 24 hours a day. “Moreover, 23 500 new infected Web pages are discovered on a daily basis, an astounding one every 3.6 seconds. This is four times worse than for the same period in 2008.”
The report also revealed that the US hosted more malware and relayed more spam than any other country, and that 89.7% of all business e-mail is spam. “Fifteen new, bogus anti-virus vendor Web sites are discovered every day, a number that has tripled since 2008.”
Myroff adds that 6 500 new spam-related Web sites are found each day, working out to one every 13 seconds, nearly double that of the previous year.
“It is clear that worldwide cyber crime has reached such a level that it is a true 'conveyor belt of crime',” says Myroff. “Organisations continue to face an extremely challenging threat landscape.”
Related stories:
Twitter feed spreads malware
Report leads to PC infection
Web surfers put security at risk using one password
Share