In its most recent threat report, Sophos examines a wide range of topics including the problems and threats that emerged last year, and tying them into a list of predictions for 2012.
Among the findings was that more than 30,000 websites are infected daily, and 80 percent of them are legitimate sites, not setup by cyber-criminals but hacked or injected with code to host malware. In fact, Eighty-five (85) percent of all malware, including viruses, worms, spyware, adware and Trojans, comes from the web, with drive-by downloads marked as the top web threat.
Of the 30,000 websites that Sophos says are infected daily, 10 percent are infected with an exploit kit; in fact two-thirds of them were hijacked by the Blackhole kit itself.
According to Sophos, proactive defenses and faster detection rates helped deal with the explosive infection rate. Of the 5.5 million unique samples seen by their customers, 80 percent of them were mitigated with only 93 detection signatures. This is partly due to the fact that Web-based infections, such as those delivered by the Blackhole Exploit kit, started an upward trend last year, but the malware delivered was easily flagged.
Moreover, Sophos examined the nature of risk, both at home and the office, in its threat report.
The consumerization of IT, sometimes called “Bring Your Own Device” (BYOD), Sophos said, became one of the newer causes of data vulnerability, as employees accessed sensitive corporate information from their home computers, smartphones, and tablets.
Yet, when the users themselves were asked what the biggest threats were online, a majority of them called out the rise in malware, while others blamed themselves. Case in point, while 67 percent of the 4,300 people in the poll names malware as the largest threat, 61 percent of them also said individuals are not doing enough to protect themselves.
“As cybercriminals expand their focus, organizations are challenged to keep their security capabilities from backsliding as they adopt new technologies,” said Mark Harris, vice president of SophosLabs, Sophos.
“And as we continue to access information in different ways, from different devices in different locations, security tools must be able to ‘protect everywhere’—from desktops to mobile and smart devices and the cloud. But more importantly and oft-disregarded, cybercriminals will continue to stalk the easiest prey — security basics like patching and password management will remain a significant challenge.”
Trend wise, Sophos predicts that mobile payment services are going to be targets, as well as the fact that new Web and network technologies (HTML 5 and IPv6) can be expected to cause problems. Despite what the polled users think, Sophos suggested that 2012 will see an increase in threats that center on social media.
Finally, Sophos offers advice on one topic that seems to cause the most problems no matter what year it is:
“Security basics like patching and password management will remain a significant challenge to IT security. Keeping your devices healthy by identifying missing patches in areas commonly targeted by the bad guys will help significantly. Technologies like file and folder encryption will smooth the adoption of cloud services and new devices.”