Although Groups Like LulzSec and Anonymous Have Created Headlines with Very High Profile Attacks, They Represent a Tiny Fraction of the Online Crime that Happens Around the World Each Day
The amount of new malware being created shot up 60 percent during the first half of 2011, according to a new report from Sophos.
In their Mid-Year 2011 Security Threat Report, Sophos researchers stated they are identifying an average of 150,000 malware samples each day – a number that breaks down to one unique malware file being created every half-second. That figure represents a 60 percent increase over the number analyzed by Sophos in 2010, the company said. Additionally, some 19,000 malicious URLs are identified daily, with 80 percent of those being legitimate sites that were compromised.
“The percentage of malicious URLs hosted on legitimate sites has risen slightly since we compiled data for our last report back in January,” Richard Wang, manager of SophosLabs US, told SecurityWeek. “Then over 70 percent of malicious URLs were hosted on legitimate sites, (and) now it’s over 80 percent. The increase is probably the result of a couple of factors. First is the ongoing lack of security applied to many websites, often something as simple as keeping your blogging software up to date…The second factor is the continued appetite for compromised sites from the attackers themselves. As sites are found and cleaned they must add more to their armory… continue to do so in a highly automated manner.”
One of the main fronts in the fight against malware is social networks. These attacks have varying degrees of success, but once such scams are released they spread themselves, meaning there is little or no cost difference to the scammer between targeting 100 or one million people, Wang said.
Meanwhile, e-mail-based attacks seem to be on the decline. Just .16 percent of e-mail attachments contained threats in the first quarter of 2011, compared to .27 percent of e-mail attachments in the first quarter of 2010. Interestingly, a comScore report released in February found that e-mail use by people between the ages of 12-17 years old dropped 59 percent in 2010, Sophos noted in its report.
“As use of email declines the attackers will undoubtedly increase their efforts in other communications channels,” Wang said. “To make money they need to find victims and that means following the crowds. At the moment the Web is still the primary means of attack but the criminals are exploring more ways to make money from social network-based attacks and translating their old scams to newer forms.”
The U .S. still holds the top spot on the list of countries hosting malware, although the total percentage of malware hosted by the U.S. dropped to 37.9 percent during the first half of 2011, down nearly 1 .5 points from 39 .39 percent in 2010. The Russian Federation now claims the number two spot, a position held last year by France, Sophos reported.
“Although (LulzSec has) grabbed headlines with very high profile activities they represent a tiny fraction of the online crime that happens daily around the world,” Wang said, adding that “organizations must not become so preoccupied with defending against LulzSec et al that they forget to protect themselves from the much more common attacks that are less newsworthy but much more likely to strike.”