Sophos, has published its Security Threat Report 2007, examining the threat landscape over the previous twelve months, and predicting malware and spam developments during 2007. The Sophos Security Threat Report 2007 examines the top ten malware threats of the last year, and also confirms that malware authors are continuing to turn their backs on large-scale attacks in favor of more focused strikes against computer users.
The top ten countries hosting web-based malware during 2006, according to the experts at SophosLabs, were:
"The US remains a hot spot for online criminal activity, and despite authorities' continued efforts to clamp down on cyber crime, too many US-hosted websites still have lax security measures in place," said Carole Theriault, senior security consultant for Sophos. "Given the effectiveness of web-based attacks, web hosting companies in the US and elsewhere need to step up their policing of published content, and ensure that malicious code is quickly removed, before innocent users get hit."
In addition to hosting the largest number of malicious websites, the US continues to top the list of worst spam-relaying nations. While the US has made good progress in its efforts to reduce spam-relaying statistics, there was still more spam sent from US computers in 2006 than any other single nation.
The top twelve spam-relaying countries during 2006 were:
Sophos notes that up to 90% of all spam is now relayed from zombie computers, hijacked by Trojan horses, worms and viruses under the control of hackers. This means that they do not need to be based in the same country as the computers being used to send the spam.
Sophos found that the most prolific e-mail threats during 2006 were the Mytob, Netsky, Sober and Zafi families of worms, which together accounted for more than 75% of all infected e-mail. However, Sophos predicts that 2007 is likely to see a significant shift away from the use of e-mail security threats, with cyber criminals instead looking to exploit the continued global growth in web use, as well as user-defined web content.
E-mail will continue to be an important vector for malware authors, though the increasing adoption of e-mail gateway security is making hackers turn to other routes for infection. The number of websites being infected with malware is on the rise SophosLabs is currently uncovering an average of 5,000 new URLs hosting malicious code each day.
"The internet now represents the easiest way for cyber criminals to gain entry to corporate networks, as more users are accessing unregulated sites, downloading applications and streaming audio/video, potentially jeopardising security in the process," continued Theriault. "A great many businesses aren't geared up to gain insight into users' online behaviour, let alone control it, and it's vital that they now begin to examine ways to incorporate web security into their overall IT security strategy."
|
