Contributor: Sean Hittel
In the latest edition of the Threat Intelligence Report, we take a look at how Web attack toolkits are one of the largest risks to Internet security out there today. But unlike viruses, Trojans, and worms, they’re not a threat to an end-user in the traditional sense. Attack toolkits are more akin to a pizza delivery service. Only in this case the “pizza” is malicious code and the “customer” is the unsuspecting, and often unpatched, user.
Attack toolkits are a means of delivery for malicious code, and a very effective one at that. As we mentioned in volume 17 of the Internet Security Threat Report, Web attack toolkits made up almost two-thirds of all malicious activity on malicious websites in 2011. And that number continues to rise—there are currently three times as many Web attacks occurring right now than there were on average during the last half of 2011.
While the numbers are up across the board, the players in the game have changed somewhat. We still have our heavy hitters, such as Blackhole and Phoenix, but some of the bigger toolkits have all but disappeared since last year—NumDir and QQK for instance.
By far, the undisputed champion of attack toolkits is Blackhole, responsible for close to half of all recorded attacks. At some point in the last six months various toolkits have challenged, but Blackhole remained on top almost the entire time—at one point making up for close to 80 percent of all attacks.
It’s not just the end-user who is impacted by attack toolkits. In the Threat Intelligence Report, we highlight how personal and small business websites—if your webserver isn’t properly patched and secured—could play host to an attack toolkit. In fact, just last week reports surfaced of attackers compromising unpatched servers and installing the Blackhole attack toolkit on these systems.
This month’s Threat Intelligence Report also discusses how attack toolkit exploitation mechanisms have evolved over time, along with many other topics. You can download a copy of the report now.
Have you ever lost your mobile phone? I have. Four times last year.
And I am not alone. According to a recent Sophos survey, 22% of people admitted to losing theirs. Thank God my devices were all encrypted and can be remotely wiped of data.
Maybe because I lose stuff all the time, I was rather shocked that a whopping 70% of mobile phone users apparently don’t password protect their phones.
And mobiles and tablets aren’t just used by consumers; businesses are also adopting these devices to get more out of their employees.
Gone are the days of people doing all their work while in the office. Who doesn’t work from home and on the road – on planes, trains and automobiles?
As businesses groan under today’s financial pressures, companies can at least rest assured that their employees are not limited to working only at their desks.
Children sick or car won’t start? No problem – you can log in from the house. But these wonderful technological advances come with a cost. The cloud within this sparkly silver lining is THE business concern du jour: how do companies keep data secure?
If an employee joins an insecure WiFi hotspot, there could be a problem with the data being sniffed by an unauthorised third party. If someone leaves their business iPhone, Android or BlackBerry in the back of a cab, how can they be sure that private emails and documents won’t be accessed?
For those worried about this quagmire of risks, in gallops a free Mobile Security Toolkit to save you. Its purpose? To help advise businesses on mobile security risks and offer practical advice to secure them.
Check out the following promo video Sophos made:
(Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)
So what’s included in this Mobile Security Toolkit?
- Mobile Security Threats and How to Stay Safe (Presentation)
- Why You Should Always Lock Your Phone (Video)
- What Senior Managers Need to Know About Mobile Device Security (Article)
- Mobile Security–What’s Coming Next? (Whitepaper)
- Safe Passcodes for Mobile Devices (Tips)
- Example Mobile Security Policy (Template)
- Seven Tips for Securing Mobile Workers (Whitepaper)
While these goodies are all free of charge, there is a gate to fill in. This helps our marketing people understand what type of companies download the Mobile Security Toolkit.
And our guys would be really interested in your feedback. Did you download this toolkit? Was it useful? Did you think anything was missing?