Security Threat Report 2012 [Sophos]

viernes, 27 de enero de 2012

Security Threat Report 2012 [Sophos]

BOSTON, MA – January 25, 2012 – IT security and data protection company Sophos today unveiled its latest Security Threat Report 2012, a detailed assessment of the threat landscape—from hacktivism and online threats to mobile malware, cloud computing and social network security, as well as IT security trends for this coming year.

A Sophos poll, conducted online at the end of 2011, surveyed more than 4,300 global respondents about today’s biggest threats on the internet. Key findings from the research include:

61 percent feel that the biggest threat on the internet is users not doing enough to protect themselves
Nearly 20 percent believe social networking scams are the top threat
67 percent think that malware is on the rise compared to in 2010

Year in Review: Under Attack

2011 was characterized by a rise in cybercrime. The availability of commercial tools designed by and for cybercriminals made mass generation of new malicious code campaigns and exploits trivial and scalable. The net result was significant growth in the volume of malware and infections. Cybercriminals also diversified their targets to include new platforms, as business use of mobile devices accelerated. Politically motivated “hacktivist” groups took the media spotlight, even as the more common threats to cyber security grew.

Hype over Hacktivism

In 2011, the emergence of LulzSec and Anonymous marked a shift from hacking for financial gain to hacking as a form of protest. Hacktivists sowed chaos by leaking documents and attacking websites of high-profile organizations and even defense contractors. LulzSec dominated headlines in the first half of the year with attacks on Sony, PBS, the U.S. Senate, the CIA, FBI affiliate InfraGard and others, and then disbanded after 50 days.

Risky Business

Increasingly, corporate users weren’t just at home or at work, but somewhere else on the “everywhere network.” And the consumerization of IT, sometimes called “bring your own device” or BYOD, became one of the newer causes of data vulnerability. Employees accessed sensitive corporate information from their home computers, smartphones and tablets. Moreover, corporate-issued mobile devices increased risk, as did the rise of cloud services and the use of social media.

According to the Sophos online poll, which asked users if their company allows personal laptops, desktops or phones for work, nearly 50 percent of respondents said yes. Another 10 percent who said their company doesn’t allow personal devices for work preferred they did.

Changing Web Threats and Drive-by Downloads

Cybercriminals constantly launched attacks designed to penetrate digital defenses and steal sensitive data. Almost no online portal proved immune from threat or harm. SophosLabs identifies an average of 30,000 newly-infected web pages each day. More than 80 percent of these web pages are on innocent web servers, which have been hacked by cybercriminals to make them part of the problem.

Additionally, 85 percent of all malware, including viruses, worms, spyware, adware and Trojans, comes from the web, according to the Ponemon Institute. Today, drive-by downloads have become the top web threat, and in 2011, one crimeware kit, known as “Blackhole,” rose to the number one on that list.

In the Sophos online poll, users were asked about the prevalence of malware compared to 2010; 67 percent of respondents felt it was on the rise.

OS Oh My! And the Emergence of Mac Malware

Microsoft Windows may be the most attacked operating system (OS), but the primary vectors for hacking Windows have been through PDF or Flash. Despite Microsoft’s regular updates to patch Windows OS vulnerabilities, the content delivery systems remained the largest vulnerability on any OS. In 2011, the emergence of malware for the Mac upstaged Windows malware. There's no doubt that the Windows malware problem is much larger than the Mac threat, but the events of 2011 show Mac users that the malware threat is genuine.