Sophos Security Threat Report 2013, today … tomorrow

Pierluigi Paganini December 06, 2012

Sophos was one of the first security firms that has published a report, Sophos Security Threat Report 2013, on current status of security landscape making predictions for incoming year. The document propose an interesting overview on most common and dangerous cyber threats attempting to determine the level of penetration by different countries.

The factors that have primary contributed to the diffusion of new cyber threats are the increasing in use of social networks platforms and mobility of data in corporate environments. Paradigms of cloud and mobility have pushed technologic changes without compensating with a proper optimization under security perspective, this has led that new powerful vectors of attack have been available for cyber criminals and hackers.

Android OS will be the most attacked mobile platform, more of 100 million Android devices shipped in the Q2 2012 alone with a 52.2% market share, lack of defense systems and user awareness on cyber threat make them privileged targets for cybercrime. In Australia and the U.S., Sophos is now reporting Android threat exposure rates exceeding those of PCs showing the urgency to implement proper countermeasures.

In 2012 private enterprise advantages of cloud services attracting cybercrime attention, but incidents such as the one occurred to Dropbox service raise question on user’s security. The private sector doesn’t want to give up to the cloud paradigm that’s why has also begun investing more heavily in private clouds built with virtualization technology. New paradigms require new security approaches for data management, security compliance and incident response.

Another significant trend is the changing nature of the endpoint device, the diffusion of multiple OS in the same environments has produced as effect the diffusion of new multi-platform malware that targeting governments and private businesses.

Continuous and increasing attention will be devoted to MAC OS platforms whose users are careless, it must be also considered that Macs are increasing their market share that’s why malware authors are paying attention on the popular platform.

Unique confirmation is the dominance of internet as source of distribution for malware, it has been observed a sensible increase of malicious code that exploits the browser and associated applications. Java attacks reach critical mass, last year was considered fateful for Java in the browser, the platform has been hit several time due the presence of major new vulnerabilities encouraging many organizations to get rid of Java in the browser if possible.

This has been possible thanks to the discovery of zero day vulnerabilities in this category of application but also to the simplicity in recovering exploit kits in the underground. Package such as Backhole contains a huge collection of exploits that allows the attackers to target multiple OS, in different context with various scope.

Blackhole is considered most popular and notorious malware exploit kit that could benefit of a remarkable business model able to undermine the actions undertaken by the police to curb the criminal activities. Authors of Blackhole profit by delivering multi-platform payloads for different cyber threats  from fake antivirus and ransomware to Zeus and the infamous TDSS and ZeroAccess rootkits

The report states:

“Protecting data in a world where systems are changing rapidly, and information flows freely, requires a coordinated ecosystem of security technologies at the endpoint, gateway, mobile devices and in the cloud. IT security is evolving from a device-centric to a user-centric view, and the security requirements are many. A modern security strategy must focus on all the key components—enforcement of use policies, data encryption, secure access to corporate networks, productivity and content filtering, vulnerability and patch management, and of course threat and malware protection.”

Four stages of the Blackhole life cycle are:

  1. Sending users to a Blackhole exploit site
  2. Loading infected code from the landing page
  3. Delivering the payload
  4. Tracking, learning and improving


The fight against exploits is hard, SophosLabs is committed in tracking of principal exploit packages, a cyber threat that rapidly evolves, anyway it suggests to quickly patching operating systems and applications, to reduce the attack surface disabling vulnerable applications from systems when users don’t need them, to block compromised legitimate websites and exploit sites through a combination of reputation filtering and content detection technologies and being aware of social engineering attacks that originate with spam.

The report highlighted the active participation of law enforcement in security scenario, efficient operations have made possible in 2012 malware arrests and takedowns, for first time there has been a fruitful collaboration between private and law enforcement.

Another phenomenon that has characterized 2012 is the increase of state sponsored operation, governments have improved their cyber capabilities and in many cases they have spread malicious agents to hit foreign states. Cyber espionage and sabotage the purposes of the attacks, Flame, Shamoon, Gauss are just few samples of malicious code used to offend a foreign state or its private companies.

The number of this type of attacks will surely increase in the next year, for this reason every government is defining a proper cyber strategy to improve its capabilities and to defend critical assets from offensive originated in the cyberspace.

Very interesting the analysis proposed in the report on level of security perceived by different countries, Sophos  revealed that Norway had the lowest Threat Exposure Rate (TER) at 1.81%, while computers in Hong Kong are at the greatest risk of malware infection (23.54%).


What expect for 2013?

According Sophos cybercrime and state sponsored offensive will be the principal menaces for both private and public sectors. The attacks will have a high impact on businesses and on national security of many countries, the five trends suggested by Sophos are:

  1. Basic web server mistakes
  2. More “irreversible” malware
  3. Attack toolkits with premium features
  4. Better exploit mitigation
  5. Integration, privacy and security challenges

Are we ready to the challenge?

Pierluigi Paganini

you might also like

leave a comment