Vulnerabilities / Threats
12/4/2012
12:22 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

80 Percent Of Attacks In 2012 Were Redirects From Legitimate Sites

This and more in the new Sophos Threat Report -- outlining the changing threats and new platforms challenging IT security

BOSTON, MA – December 4, 2012 – Sophos today released its Security Threat Report 2013, a detailed and interactive assessment of what’s happened in IT security for 2012 and what’s expected for 2013–from the ever-growing bring your own device (BYOD) movement to the increasing adoption of (and uncertainty around) the cloud to countless other security challenges faced by organizations of all sizes. The full report is available for download here.

Year in Review 2012 was a year of new platforms and modern malware—what was once a homogeneous world of Windows systems, is now a landscape made up of diverse platforms. Modern malware is taking advantage of these trends, creating new challenges for IT security professionals.

The increasing mobility of data in corporate environments has forced IT staff to become even more agile. 2012 was also a retro year driven by resurgence in traditional malware attacks, specifically malware distributed via the web. For example, more than 80 percent of attacks were redirects, the majority of which were from legitimate websites that were hacked.

Malware Attacks: Riskiest and Safest Countries

Unprotected computers are vulnerable to different kinds of malware attack. Exposure to the majority, but not all, comes from simply clicking on links in emails or browsing web pages that happen to be carrying malicious code. Although some websites are created with the intention of infecting visitors, legitimate websites continue to be a popular target for cybercriminals, as once they are compromised, they will infect completely unsuspecting internet users. Based on analyzed traffic, SophosLabs, Sophos’ global network of threat intelligence centers, has ranked the riskiest and safest countries for experiencing a malware attack:

Top 5 Riskiest Countries

Rank Country TER*

1 Hong Kong 23.54%

2 Taiwan 21.26%

3 UAE 20.78%

4 Mexico 19.81%

5 India 17.44%

Top 5 Safest Countries

Rank Country TER*

1 Norway 1.81%

2 Sweden 2.59%

3 Japan 2.63%

4 UK 3.51%

5 Switzerland 3.81%

*Threat Exposure Rate (TER): Measured as the percentage of PCs that experienced a malware attack, whether successful or failed, over a three month period in 2012.

A Look Ahead

While a large proportion of cybercrime continues to be opportunistic, Sophos believes that, in 2013, increased availability of malware testing platforms — some even providing criminals with money back guarantees – will make it more likely for malware to slip through traditional business security systems. As a result, we can expect to see an increase in the number of incidents where attackers have gained and sustained surreptitious access to corporate networks. Additional trends expected in the year ahead include:

· More basic web server mistakes

Due to an uptick in credential-based extractions, IT professionals will need to pay equal attention to protecting both their computers as well as their web server environment.

· More “irreversible” malware

More attacks will place a greater focus on the need for behavioral protection mechanisms as well as system hardening and backup/restore procedures.

· Attack toolkits with premium features

A continued evolution in the maturation of exploit kits, including premium features such as built in scriptable web services, APIs, and malware quality assurance platforms that appear to make access to high quality malicious code even simpler.

· Better exploit mitigation

Enhanced exploit mitigation will not mean the end of exploits, instead, the market will see a decrease in vulnerability exploits offset by a sharp rise in social engineering attacks across a wide array of platforms.

· Integration, privacy and security challenges

With GPS and near field communication (NFC) becoming more integrated into mobile platforms, expect to see a convergence in our digital and physical lives. This trend is identifiable not just for mobile devices, but for computing in general. In the coming year, watch for new examples of attacks built on these technologies.

“Two of the defining terms of 2012 are ‘empower’ and ‘evolve.’ Attacks and threats—on PCs, Macs and mobile devices—continue to evolve as does the technology to combat them,” said Gerhard Eschelbeck, CTO, Sophos. “As users demand more and better ways to do their jobs, IT continues to evolve, bringing forth a new set of operating systems and other advancements, replete with different security models and attack vectors, making it crucial for security technology to evolve, ensuring that end users are protected and empowered—no matter what platform, device, or operating system they choose.”

The full Security Threat Report 2013 contains more information and statistics on cybercrime in 2012, as well as top tips and predictions for emerging trends. The report can be viewed at http://www.sophos.com/threatreport and supplemental videos can be found here.

About Sophos

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at http://www.sophos.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8015
Published: 2014-12-22
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

CVE-2014-8017
Published: 2014-12-22
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

CVE-2014-8018
Published: 2014-12-22
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur1...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.