Sophos Security Threat Report Update reveals 2011’s top threats so far

Mid-year threat reportSophos has just published its Mid-Year 2011 Security Threat Report [PDF].

Highlights of the report include the following:

  • a 60% increase in malware over 2010, with Sophos seeing more than 150,000 new malware samples every day – that is one every 0.5 seconds.
  • 19,000 malicious webpages are now identified daily, with 80% being pages on legitimate websites that have been hacked or compromised.
  • 81% of people surveyed by Sophos said Facebook posed the biggest social networking risk.

High-profile hacking attacks against governments and corporations have dominated the security landscape in 2011, drowning out attacks that target consumers – such as fake anti-virus, search engine poisoning and social networking scams.

Key threats identified in the report include search engine poisoning, also known as Black Hat SEO.

Search engine poisoning attacks account for more than 30% of all malware detected by Sophos’s Web Appliance.

How do they work? By manipulating search results from search engines like Google, Bing and Yahoo, cybercriminals attempt to lure web surfers to malicious pages. They usually hijack keywords relating to breaking news or other popular search terms. Users are then redirected to malicious sites that attempt to install malware, including fake anti-virus, on computers.

Fake anti-virus

Another malicious trend mentioned in the report concerns social networking sites. Threats such as scam attacks, cross-site scripting, click-jacking, bogus surveys and identity theft, have sharply escalated.

Facebook users in particular are weary of the social network’s safety, with 81% of respondents to a recent Sophos poll say Facebook posed the biggest security threat of all social networks – up from 60% in 2010.

The full Sophos Mid-Year 2011 Security Threat Report includes additional details of these and many other current and growing security threats.