The study covers mobile, email, web-based and social threats
Websense Security Labs has released its 2013 Threat Report. The study details the most prevalent mobile, social, email and web-based threats from last year.As far as the web is concerned, experts say it has become “significantly more malicious” in 2012. The web is utilized by cybercriminals not only as an attack vector, but also as a support element for attacks launched via email, mobile devices or social networks.
As expected, popular social media websites have often been abused for malicious schemes. For instance, 32% of the shortened links posted on social networks hid malicious content.
Cybercriminals took advantage of the fact that many of the customers of such websites are not highly skilled. They also leveraged the confusion that surrounded the numerous new features and services.
When it comes to mobile security, there aren’t any surprises. Now that mobile phones are used more for social media and web surfing than they are for actually making calls, the risks have increased considerably.
In 2012, the most problematic were malicious apps that requested permission to use SMS communications.
The number of spam emails overcame the one of legitimate messages a long time ago. However, it has gotten to the point where only 1 in 5 emails are legitimate.
A 76% increase in spam traffic was recorded. In addition, of all the spam emails sent out last year, 92% of them contained links to potentially malicious content.
Websense reports that registry modification behavior in malware has declined to 7.7%. Interestingly, half of all the Internet-connected malware analyzed by experts downloaded additional components to enhance its attack capabilities in the first 60 seconds.
Finally, reports of intellectual property and theft of personally identifiable information increased. However, researchers note that some breaches also involved physical penetration of security, not just hacking and malware.
The results of the report are based on data provided by the company’s ThreatSeeker Network and the Advanced Classification Engine (ACE).
The complete report is available here.