Posts Tagged ‘threat report’

McAfee has released the Q1 threat report for 2009 indicating that cybercriminals have taken over almost 12 million new IP addresses since January, a 50% increase over 2008. The report also indicates a shift in botnet activity, with the US now hosting the largest percentage of botnet-infected computers (80% of all zombie machines – those machines controlled by spammers and others).

Key Findings from the Threat Report:

• Spam levels are still 30% below their peak levels (due to the November 2008 McColo shutdown), though spam volumes have recovered about 70% so far and are rising (the increase in zombie computers will trend this upward)
• The US accounts for 35% of global spam output
• Servers hosting legitimate content have increased in popularity with malware writers as a means for distributing malicious and illegal content.
• Cybercriminals are increasing their use of URL redirects and Web 2.0 sites to disguise their locations.
• Compared with the overall landscape, the Conficker worm represents a small subset of all threat reports. AutoRun-based malware is detected in far greater numbers than Conficker so far.

McAfee predicts that social networks will continue to offer attackers a popular means for social-entineering attacks, as we saw in Q1 with the Koobface variants being distributed on Facebook. Among other trends, customizing attacks and using fear tactics are also on the rise.

Download the report here.

Sophos has published its Security Threat Report 2009 [PDF], which examines the threat landscape from the last 12 months and tries to predict emerging cybercrime trends for 2009.

As the third quarter Sophos report indicated earlier, the U.S. led the way in malware. More malware was hosted on U.S. websites (37%), and more spam is relayed from U.S. computers (17.5%), than any other country. When one U.S. company accused of collaborating with spammers and hackers disconnected from the Internet in November, 2008, spam went down by 75%.

“Not only is the USA relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it’s also carrying the most malicious webpages.” – Graham Cluley, senior technology consultant for Sophos

Graham goes on to say that U.S.-based computers are making a “disturbingly large contribution to the problems of viruses and spam” today. The report also indicated that most malicious code is now found on innocent websites, mainly because corporations have secured their email gateways to prevent attacks and spam (though one in every 714 email messages contains a malicious email attachment).

Highlights from the study:

• Biggest malware threats – SQL injection attacks against websites and the rise of scareware
• New web infections – 1 new infected webpage discovered every 4.5 seconds
• Malicious email attachments – 5x more at the end of 2008 than at the beginning
• Spam-related webpages – 1 new webpage discovered every 15 seconds
• New scareware websites – 5 identified every day
• Amount of business email that is spam – 97%

The report indicates that 2009 will see growing attacks on Mac computers and cross-platform software, as well as mobile devices such as the iPhone and Google Android. The report suspects that data leaking will be a larger concern in 2009, especially given the use of mobile technologies, from laptops to thumb drives to phones. As Sophos notes, the problems are not insurmountable:

“Sound security practices, up-to-date protection and an active commitment to keep informed can all help defend business networks in the year ahead.”

In other news, the Pentagon has banned the use of thumb drives because of a virus threat detected on defense networks. I was kind of hoping it was to prevent data breaches, but perhaps this will force the government to update their security policy to be more comprehensive of new data devices – be they thumb drives or iPhones.