Criminals increase attacks on social networking sites

(14/08/2009)

Sophos has published new research into the first six months of cybercrime in 2009. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals have increased the focus of attacks on social networking sites. At the same time, the first half of 2009 has seen an explosion in hackers exploiting scareware tactics to con computer users in to paying for bogus anti-virus protection.

The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are doubly exploiting social networks, using them first to identify potential victims and then to attack them, both at home and at work. In Sophos's opinion, Web 2.0 companies are concentrating on growing their user bases at the expense of properly defending their existing customers from internet threats.

The firm's report reveals that IT teams are worried that employees share too much personal information via social networking sites, putting their corporate infrastructure - and the sensitive data stored on it - at risk. The findings also indicate that a quarter of organisations have been exposed to spam, phishing or malware attacks via sites such as Twitter, Facebook, LinkedIn and MySpace.

"What's needed is a period of introspection - for the big Web 2.0 companies to examine their systems and determine how, now they have gathered a huge number of members, they are going to protect them from virus writers, identity thieves, spammers and scammers," said Graham Cluley, senior technology consultant at Sophos. "The honeymoon period of these sites is over, and personally identifiable information is at risk as a result of constant attacks that the websites are simply not mature enough to protect against."

Another worrying finding of the report is the huge increase in scareware being encountered online. Cybercriminals are creating scam websites, offering fake, paid-for anti-virus protection, at an alarming rate. Sophos now discovers fifteen such sites each day, a three-fold increase over the same period in 2008.

"Novice computer users are clearly falling foul of this under-handed tactic to capitalise on their fear from infection," continued Cluley. "Your aunt Mabel may be aware that viruses and malware exist and that they're bad, but probably won't be savvy enough to distinguish between legitimate and phony anti-virus protection."

Key findings:
* 22.5 million different samples of malware - almost double the level of June 2008
* Two thirds of businesses fear that social networking endangers corporate security
* New web infections - one new infected webpage discovered by Sophos every 3.6 seconds (four times faster than in first half of 2008)
* 40,000 new suspicious files examined by SophosLabs every day
* USA hosts the most malware on the web (39.6 percent)
* USA computers relay the most spam (15.7 percent)
* 89.7 percent of all business email is spam

In 2007, China was responsible for hosting more than 50 percent of all web-based malware. However, this position has been stolen by the USA.

The top ten list of malware-hosting countries in 2009 reads as follows:
1. United States 39.6%
2. China (incl HK) 14.7%
3. Russia 6.3%
4. Peru 4.3%
5. Germany 3.5%
6. S Korea 2.7%
7. Turkey 2.5%
8. Thailand 2.4%
9. Poland 2.3%
10. United Kingdom 2.0%
Others 19.7%

Related topics:  Internet and Web security   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources