Traditional malware attacks dominate 2012
2012 was a retro year driven by a resurgence in traditional malware attacks, specifically malware distributed via the Web.
This is according to the Sophos Security Threat Report 2013, which details an assessment of what happened in IT security in 2012, and what is expected for 2013.
The report notes that 2012 was characterised by the ever-growing bring your own device (BYOD) movement and the increasing adoption of (and uncertainty around) the cloud, as well as countless other security challenges faced by organisations of all sizes.
This year saw new platforms and modern malware emerge, says Sophos. What was once a homogeneous world of Windows systems is now a landscape made up of diverse platforms, it notes, adding that modern malware is taking advantage of these trends, creating new challenges for IT security professionals.
According to the security solutions vendor, the increasing mobility of data in corporate environments has also forced IT staff to become even more agile.
More than 80% of attacks were redirects, the majority of which were from legitimate Web sites that were hacked.
The company also states that unprotected computers are vulnerable to different kinds of malware attack. Exposure to the majority, but not all, comes from simply clicking on links in e-mails or browsing Web pages that happen to be carrying malicious code, it points out.
Although some Web sites are created with the intention of infecting visitors, legitimate Web sites continue to be popular targets for cyber criminals, as once they are compromised, they will infect completely unsuspecting Internet users, Sophos explains.
The report also notes that the top five riskiest countries in regards to IT security are Hong Kong, Taiwan, UAE, Mexico and India, respectively, while the safest states are Norway, Sweden, Japan, the UK and Switzerland.
To compile the lists, Sophos measured the percentage of PCs that experienced malware attacks, whether successful or failed, over a three-month period in 2012.
While a large proportion of cyber crime continues to be opportunistic, Sophos believes that, in 2013, increased availability of malware testing platforms - some even providing criminals with money-back guarantees - will make it more likely that malware will slip through traditional business security systems.
As a result, it expects to see an increase in the number of incidents where attackers have gained and sustained surreptitious access to corporate networks.
"Attacks and threats - on PCs, Macs and mobile devices - continue to evolve, as does the technology to combat them," says Brett Myroff, CEO of Sophos distributor, NetXactics.
"As users demand more and better ways to do their jobs, IT continues to evolve, bringing forth a new set of operating systems and other advancements, replete with different security models and attack vectors, making it crucial for security technology to evolve, ensuring end-users are protected and empowered - no matter what platform, device or operating system they choose."