Subscribe
  • Home
  • /
  • Computing
  • /
  • Hackers attack businesses, Sophos security report reveals

Hackers attack businesses, Sophos security report reveals

Cybercrime gangs target corporate networks through unsuspecting company executives, as global brands put at risk through Web site infection

Johannesburg, 24 Jul 2008

IT security and control firm Sophos has published new research into the first six months of cybercrime in 2008. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals have honed their attacks to take advantage of weaknesses in the corporate workplace. At the same time, 2008 has seen unprecedented numbers of attacks against company Web sites, designed to infect visiting customers.

The firm's report - available from http://www.sophos.com/securityreportjul2008 -reveals that corporate executives have been put at risk during the first six months of 2008 with targeted attacks, known as spear-phishing, designed to steal information from individuals at specific corporations rather than the internet community at large. In April there was a specifically targeted malware campaign emailed to CEOs of various companies, all pretending to be subpoenas from US federal courts, trying to frighten the hand-picked recipients into opening the dangerous attachment.

Sophos experts note that with the continuing popularity of social networking sites, including Facebook and LinkedIn, among business users, cybercriminals who have already gained access to user profiles may begin to use these as corporate directories, noting new employees and launching spear-phishing attacks specifically aimed at stealing information from new and unsuspecting members of staff. "To guard against this risk, all organisations should ensure employees are fully educated about the dangers of posting too much information on these sites, and of accepting unsolicited friend requests," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.

Business Web sites attacked, office workers at risk

Meanwhile, the first half of 2008 has seen total amount of malware samples in existence to exceed 11 million, with Sophos currently receiving approximately 20 000 new samples of suspicious software every single day - one every four seconds. The greatest explosion has been in malware spread via the Web, the preferred vector of attack for financially-motivated cybercriminals. On average, Sophos detects 16 173 malicious Web pages every day - or one every five seconds. This is three times faster than the rate seen during 2007. Ninety percent of the infections are on legitimate Web sites that have been successfully attacked by hackers.

Thousands of Web sites belonging to Fortune 500 companies, government agencies and schools have been infected, putting visiting surfers at risk of infection and identity theft. High profile entertainment Web sites such as those belonging to Sony PlayStation, Euro 2008 ticket sales companies, and UK broadcaster ITV are amongst the many to have suffered from the problem.

"Businesses need to take better care of securing their computers, networks and Web sites. They are not only risking having their networks broken into, but are also putting their customers in peril by passing on infections," says Myroff. "But office workers must also realise that visiting an infected Web site from your work PC, or sharing too much personal or corporate information on sites like Facebook, could lead to you being the criminal's route into your company."

Nicole Kidman and Angelina Jolie endanger safety of computer users via e-mail

Although most attacks are now taking place via infected Web sites, e-mail continues to present a danger. It is common for cybercriminals to spam out links to compromised Web sites, often using a subject line and message to tempt computer users into clicking through the promise of a breaking news story or a sensationalist topic.

Malicious e-mail attachments, although less frequently used than in previous years by hackers, still pose a threat. The Pushdo Trojan dominated the chart of most widespread malware spreading via e-mail, accounting for 31% of all reports. Pushdo has been spammed out during the year with a variety of disguises, including claiming to contain nude photographs of Hollywood stars Nicole Kidman and Angelina Jolie.

"Can any company honestly say that none of its staff would click on an email claiming to contain nude photos of a Hollywood celebrity? Workers often put an organisation at risk, and that's why companies must protect themselves with a solid multi-tier defence against the latest net threats," Myroff adds.

More information about the latest trends in malware, spyware and spam can be found in the latest Sophos Security Threat Report, which can be downloaded from: http://www.sophos.com/securityreportjul2008. A journalist-specific edition of the report is available from: http://www.sophos.com/secrepjul2008. To listen to the latest Sophos podcast, which discusses the report and the threat landscape for 2008, please visit: http://www.sophos.com/podcasts.

Share

Sophos South Africa

NetXactics, trading as Sophos South Africa, is a South African-based company focused on the provision of security solutions. It is the Master Distributor for UK-based Sophos, one of the leaders in the provision of Network Access Control and Endpoint, Email and Web Security and Control solutions for the corporate environment. For more information, visit Sophos South Africa at www.sophos.co.za.

Sophos

Sophos enables enterprises worldwide to secure and control their IT infrastructure. Our network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, we protect over 100 million users in nearly 150 countries with our reliably engineered security solutions and services. Recognized for our high level of customer satisfaction, we have an enviable history of industry awards, reviews and certifications. Sophos is headquartered in Boston, MA and Oxford, UK.

Editorial contacts

Adriaan du Plessis
Me Talk Pretty
(011) 447 3785
metalkpretty@telkomsa.net