Cisco Global Threat Report – 2Q10
For the first time since tracking began in 2007, the number of unique web-based malware hosts and malware URLs didn’t increase, according to Cisco’s Quarterly Global Threat Report just issued for the second quarter of 2010.
However, the average daily encounter rate with malware did increase month-over-month throughout the quarter, due primarily to improved efforts by black hats to drive traffic to infested sites.
In the first quarter of 2010, 7.4 percent of all web-based malware encounters resulted from search engine queries.
The good news is that 65 percent of all web-based malware encounters were blocked prior to exploit code or “involved encounters.”
SQL injection events staged a come-back beginning in April and culminating with the re-emergence of Asprox in June. Asprox was entirely absent from the picture in the first quarter. Reconnaissance sweeps also increased throughout the second quarter, as did “wormable risks” using P2P file sharing networks.
The regions most at risk for encountering web-based malware during the second quarter of 2010 were Eastern Europe (33 percent), South America (14 percent), and China (11 percent). The Nordic Region had the lowest level of risk, at 4 percent. From an industry sector perspective, pharmaceuticals/chemicals and energy, oil and gas had the highest risks. with risk ratings of 543 percent and 446 percent respectively.
Cisco Global Threat Report 2010