Intersections’ Consumer Security Adviser, Neal O’Farrell joins us again today with his take on the recent mid-year cybercrime report by the security firm Sophos. Enjoy, but be careful out there!
Hard to believe the year is already half over. Seems like only yesterday we were talking about a spike in identity theft over the Christmas holidays, and warning consumers to be extra vigilant as tax time approaches.
But it's been such a busy year for scammers and hackers, it almost becomes a blur. To sort through the fog, security firm Sophos recently published their half year summary of threats and trends, and it should stand as a stark warning of the need to be constantly vigilant.
For example, Sophos claims that since the start of 2011 they have recorded an average of 150,000 new malware samples every single day. That’s works out to one piece of malicious software being discovered every single second, and a 60% increase over 2010.
Sophos has also identified an average of 19,000 new malicious URLs each single day in the first half of this year. That's a stunning 4.5 new web threats detected every second. And, according to Sophos, 80% of those URLs are legitimate websites that were hacked or compromised by crooks.
The two top exploits favored by these crooks were fake anti-virus software and SEO poisoning — manipulating search engine results to drive users to malicious or infected web sites — and it might surprise you that the majority of these malware sites are hosted in the United States. The U.S. accounts for a whopping 37% of malware hosting web sites, while the next nearest culprit is Russia at just 13 percent.
There has also been a big change in the way people communicate, a change that now works even more in the favor of hackers. Sophos recorded a 59% decline in the use of email among 12-17 year olds, and a 34% decline in email use amongst 24-34 year olds. This is mainly due to a switch to texting and social networks as a way to communicate. And hackers love social networks because they make it much easier that email to launch more targeted and effective attacks. Hardly surprising that 81% of computer users surveyed by Sophos believe that Facebook presents the greatest security risk.
On the subject of social networking risks, Sophos also conducted a poll of nearly 2,000 people on their social media habits and worries. 71% reported that they, or one of their colleagues, had been spammed on a social networking site, 46% had been phished and 45% were sent malware.
"Social networking privacy issues have dominated the headlines in the first half of 2011. With most social networks, the default settings share everything and users have to reset their options to make their accounts more private. This opens up a host of security issues because so many people — both friends and not — have access to your information," according to Sophos.
The report also highlighted a study by the FBI about how one cyber gang was able to dupe 1 million users into buying fake software, and could have made as much as $72 million from the scam. This is a problem for a lot of reasons. It means that not only were 1 million people duped into paying for something fake, they may also believe they have real virus protection on their computers when in reality they have no protection at all.
And that $72 million will be recycled by these gangs into even more sophisticated scams that will entrap even more victims and continue the cycle. Some of this money may even end up in the hands of terrorists who have the skills and resource to launch their own fake virus scams, or partner with organizations that can manage them on their behalf.
Links to videos that hide malware are also on the increase, especially on Facebook and Twitter. According to Sophos, nearly 69 million people have viewed the now-infamous YouTube music video Chocolate Rain, a clear sign that curiosity still trumps caution for most users.
The Mac is no longer a safe haven, and scammers are now firmly focusing on all things Apple to take advantage of the surge in use and adoption of Apple products, driven by the huge popularity of the iPhone and iPad. Apple's success with these products obviously has a very dark side to it, and yet another reminder that wherever the crowds go, so will follow the crooks. You only have to look over your shoulder to spot one. But if you never bother looking, then don't be surprised if you don't spot the scam until it's too late.