Sophos security threat report
Security threat report:
2008 at a glance
Biggest malware threats – SQL injection attacks againstwebsites and the rise o scarewareNew web inections – one new inected webpagediscovered by Sophos every 4.5 secondsMalicious email attachments – ve times more at theend o 2008 than at the beginningSpam-related webpages – one new webpage discoveredby Sophos every 15 secondsNew scareware websites – ve identied every dayTop malware-hosting country – US with 37 percentTop spam-relaying continent – Asia with 36.6 percentAmount o business email that is spam – 97 percent
On 2 November 1988 a 22-year old Cornell Universitystudent called Robert Morris released an internet wormcapable o exploiting vulnerabilities in the UNIX operatingsystem. It is estimated that it inected 10 percent o theinternet. Twenty years on, the scale o the malware problemhas grown astronomically. Today’s internet attacks areorganized and designed to steal inormation and resourcesrom consumers and corporations. Although there have beeninstances o attacks driven by politics and religion, the mainmotivation is nancial.The web is now the primary route by which cybercriminalsinect computers, mainly due to the act that increasingnumbers o organizations have secured their emailgateways. As a consequence, cybercriminals are plantingmalicious code on innocent websites. This code then simplylies in wait and silently inects visiting computers.The scale o this global criminal operation has reachedsuch proportions that Sophos discovers one new inectedwebpage every 4.5 seconds – 24 hours a day, 365 days ayear. In addition, SophosLabs, our global network o threatanalysis centers, is sent some 20,000 new samples osuspect code every single day.2008 proved that malware is more than just a Microsotproblem. Although the sheer number o Windowsthreats ar outweighs attacks against any other platorm,cybercriminals are turning their attention to other operatingsystems such as Apple Macintosh, and vulnerable cross-platorm sotware. This seems likely to continue in 2009,with the increasing popularity o portable devices such asthe iPhone, iPod Touch, Google Android phone and ultra-mobile netbooks.It remains paramount that organizations deend themselvesat all levels o their business, not just at the email and webgateways. Networks, desktops, laptops and mobile devicesmust be comprehensively secured to deend against themyriad threats posed by the criminal underground.