Have you been warning employees to stay clear of adult sites because they’re laden with malware?
Symantec Corp. suggests you might want to serve equal warning about Web sites in the opposite site of the moral spectrum.
In its Internet Security Threat Report released this week, the security software company said religious sites actually lead the pack of Web sites infected with malware. Porn sites still made it to number three, but online shopping sites were at the bottom of the list.
“Of course we’re not telling people to stay out of religious sites and go online shopping instead,” said Kevin Haley, director of security and technology response at Symantec.
“Our message to consumers is to always be careful where they surf. Our message to business owners is: If you don’t protect you site, you’ll lose your customers,” he said.
Haley explained that sites that ranked high on the list were targeted more because they employed less protection or where least likely to update anti-malware tools. About five or seven years ago, he said, porn sites were considered malware-havens.
“Shopping sites totally get it. They deploy ample protection because they know their reputation suffers when they take a hit,” the Symantec executive said.
Haley also said that recent numbers debunk widespread assumptions that cyber criminals set their sites on large companies and ignore small businesses.
He said Symantec figures show that 50 per cent of targeted attacks were aimed at businesses with 2,500 or more employees. The other 50 per cent of attacks were against businesses with less than 2,500 employees. “Two of the companies were studied with less than 250 employees, suffered 18 per cent of the attacks,” said Haley.
According to the Symantec report the top five malware targets are:
- Government & public sector
- IT services
- Chemical & pharmaceutical sectors
The bottom five targets are:
- Transport & utilities
- Non profit sector
- Marketing & media
The top causes of data breaches for 2011 were:
- Theft or loss (34.3 per cent
- Hacker attacks (29 per cent)
- Accidental release to public (24.2 per cent)
Insider threat only accounted for 6.8 per cent of the breaches followed by fraud instances at 2.9 per cent.
Section HeadingMobile vulnerabilities on the rise
Last year, Symantec blocked a total of 5.5 billion attacks. The figure represents a 81 per cent increase from the number of blocked attacks in 2010.
The company also identified 403 million unique variants of malware and 4,597 Web attacks per day, in 2011.
For the same period, new vulnerabilities went down by 20 per cent to 4,989, zero-day vulnerabilities were only eight, and spam rate was only 75 per cent.
Symantec, however, identified at least 315 new mobile vulnerabilities last year. Although the number may appear low, it signifies a 93 per cent increase from 2010.
“This shows that mobile malware is indeed on the rise,” said Haley.
The top three malicious mobile activities are:
- Unauthorized data collection (28 per cent)
- Unauthorized user activity tracking (25 per cent)
- Transmission of premium SMS messages (24 per cent)
Transmission of text-messages to predefined-rate numbers is a common mobile scam, according to a security researcher from Kaspersky Laps.
Last year the company found an Android-based Trojan that sends SMS messages or make calls to premium-rate numbers were first designed for Nokia’s Symbian and Java-powered mobile OSes and have existed for years in countries like China or Russia.
“The malware is advertised as an application for monitoring SMS messages and is distributed via a file hosting Web sites,” Denis Maslennikov, senior malware analyst at Kasperksy.
Once installed on a device, Maslennikov said, the fake app sends four text messages to pre-defined premium-rate numbers in France, Belgium, Switzerland, Luxembourg, Germany, Spain, the U.K. and Canada, depending on the country corresponding to the SIM card.
“Unfortunately, today SMS Trojans are one the easiest ways for cybercriminals to make easy money fast,” Maslennikov said.