Less Malware, more blended Threats from Legit Domains – says Cisco
January 28, 2009 Computer News
Cisco released its annual Security Report the other day, tracking the notable trends and threats across the world wide web. Here are the highlights:
The Annual Cisco Security Report: Notable Trends
* The overall number of disclosed vulnerabilites grew by 11.5% over 2007.
* Vulnerabilities in virtualization technology nearly tripled from 35 to 103 year over year.
* Attacks are becoming increasingly blended, cross-vector and targeted.
* Cisco researchers saw a 90% growth in threats orginiating from legitimate domains, nearly double what was seen in 2007.
* Volume of malware successfully propagated via e-mail attachments is declining.
Specific Threats Across the Web
* Accorinding to Cisco, spam accounts for nearly 200 billion messages each day, approximately 90% of worldwide e-mail.
* While targeted spear-phishing represents about 1% of all phishing attacks, it’s expected to become more prevalent as criminals personalize spam and make messages appear more credible.
* Botnets have become a connection of criminal activity on the Internet. Web sites were infected with Iframes, malicious code injected by botnets that redirect visitors to malware-downloading sites.
* The use of social engineering to entice victims to open a file or click links continue to grow. Cisco expects that in 2009, social engineering techniques will increase in number, vectors and sophistication.
* More online criminals are using real e-mail accounts with large, legitimate Web mail providers to send spam. This”reputation hijacking” offers increased deliverablity because it makes spam harder to detect and block.
