Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Don’t Focus on Headlines: Worry About More Common Attacks, Says Expert

Although Groups Like LulzSec and Anonymous Have Created Headlines with Very High Profile Attacks, They Represent a Tiny Fraction of the Online Crime that Happens Around the World Each Day

The amount of new malware being created shot up 60 percent during the first half of 2011, according to a new report from Sophos.

Although Groups Like LulzSec and Anonymous Have Created Headlines with Very High Profile Attacks, They Represent a Tiny Fraction of the Online Crime that Happens Around the World Each Day

The amount of new malware being created shot up 60 percent during the first half of 2011, according to a new report from Sophos.

In their Mid-Year 2011 Security Threat Report, Sophos researchers stated they are identifying an average of 150,000 malware samples each day – a number that breaks down to one unique malware file being created every half-second. That figure represents a 60 percent increase over the number analyzed by Sophos in 2010, the company said. Additionally, some 19,000 malicious URLs are identified daily, with 80 percent of those being legitimate sites that were compromised.

“The percentage of malicious URLs hosted on legitimate sites has risen slightly since we compiled data for our last report back in January,” Richard Wang, manager of SophosLabs US, told SecurityWeek. “Then over 70 percent of malicious URLs were hosted on legitimate sites, (and) now it’s over 80 percent. The increase is probably the result of a couple of factors. First is the ongoing lack of security applied to many websites, often something as simple as keeping your blogging software up to date…The second factor is the continued appetite for compromised sites from the attackers themselves. As sites are found and cleaned they must add more to their armory… continue to do so in a highly automated manner.”

One of the main fronts in the fight against malware is social networks. These attacks have varying degrees of success, but once such scams are released they spread themselves, meaning there is little or no cost difference to the scammer between targeting 100 or one million people, Wang said.

Meanwhile, e-mail-based attacks seem to be on the decline. Just .16 percent of e-mail attachments contained threats in the first quarter of 2011, compared to .27 percent of e-mail attachments in the first quarter of 2010. Interestingly, a comScore report released in February found that e-mail use by people between the ages of 12-17 years old dropped 59 percent in 2010, Sophos noted in its report.

“As use of email declines the attackers will undoubtedly increase their efforts in other communications channels,” Wang said. “To make money they need to find victims and that means following the crowds. At the moment the Web is still the primary means of attack but the criminals are exploring more ways to make money from social network-based attacks and translating their old scams to newer forms.”

Malware Hosting Countries 2011

The U .S. still holds the top spot on the list of countries hosting malware, although the total percentage of malware hosted by the U.S. dropped to 37.9 percent during the first half of 2011, down nearly 1 .5 points from 39 .39 percent in 2010. The Russian Federation now claims the number two spot, a position held last year by France, Sophos reported.

“Although (LulzSec has) grabbed headlines with very high profile activities they represent a tiny fraction of the online crime that happens daily around the world,” Wang said, adding that “organizations must not become so preoccupied with defending against LulzSec et al that they forget to protect themselves from the much more common attacks that are less newsworthy but much more likely to strike.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.