Firms must prepare for an increase in security threats from
targeted e-mail attachments in 2009, says security firm
Sophos.
Attachment-based threats were in decline, but suddenly
increased from a low of one in over 3,000 at the start of 2008 to
one in 200 by September, according to Sophos's
latest threat
report.
This trend will continue, but hackers will begin to use
legitimate-looking business data files, said Graham Cluley, senior
technology consultant at Sophos.
Hackers will pass on malware by exploiting vulnerabilities in
documents that are not normally blocked by security filters, such
as MS Word and
Adobe Acrobat files, he said.
According to Cluley, attacks are becoming highly targeted, with
hackers gathering corporate information to create infected
documents that look legitimate.
"Businesses need to educate staff to be wary of unsolicited
attachments, to protect against these attacks that could bypass
filtering systems," he said.
Data leakage is another trend that is likely to increase in
2009, said Cluley, with an increasing number of people storing
sensitive data on removable media.
"Research has shown that around 30% of USB memory sticks contain
sensitive information," he said.
The most important step in stopping data leakage is to use
encryption so that if all other security measures fail, data
still cannot be read, the threat report said.
"All companies need to properly restrict their access to data
and begin to use encryption. Not enough are [doing this] with their
sensitive data," said Cluley.
"Customers will not want to do business with any organisation
they feel is unable to look after their data," he added.
Securing company websites will remain a priority in 2009, with
malicious code planted on legitimate sites the main way
criminals use to infect computers.
Sophos detects over 19,500 new infected web pages every day, or
one every four-and-a-half seconds, the report said. High profile
victims in 2008 have included Sony Playstation, ITV.com, Adobe and
The World Bank.
"Businesses need to realise their websites are pieces of
software that can have vulnerabilities that can be used to pass
infections on to site visitors," said Cluley.
The threat report also highlights that malware is no longer
confined to the Microsoft Windows operating system.In 2008 there
was an increase in attacks aimed at vulnerabilities in other
operating systems such as Apple's Mac OS X and software for mobile
devices.
This trend is likely to continue in 2009, the report said, with
the increasing popularity of portable devices such as the iPhone,
Google Android phone and ultra-mobile netbooks.
The threat report concludes that the number, complexity and
variety of attacks will continue to escalate, demanding defence at
all levels of the business.