There has been a continued increase in the number of malicious URLs, IP addresses, malware, and mobile applications used to enable cybercriminals to steal data, disrupt services, or cause other harm, according to a just released report from Webroot.
The Webroot 2015 Threat Brief provides an overview of the threats against a wide range of organizations and individuals during 2014.
Among the findings, every day, 85,000 new malicious IP addresses are launched, and the top phishing targets are technology companies and financial institutions, according to the report. Further, over the past year Webroot found tens of millions of instances of malware and potentially unwanted applications, monitored billions of IP addresses and URLs, analyzed millions of new and updated mobile apps for malicious behavior, and studied major malware trends based on data from millions of endpoints.
With more breaches at major retailers, financial institutions and technology companies in the headlines and scores of other, smaller breaches in 2014, the report found this trend does not seem to be slowing down.
“Webroot has seen a continued rise in the number of malicious URLs, IP addresses, malware, and mobile applications used to enable cybercriminals to steal data, disrupt services, or cause other harm,” said Hal Lonas, chief technology officer at Webroot, in a statement. The United States accounts for 31% of malicious IP addresses, followed by China with 23% and Russia with 10%. Overall, half of malicious IP addresses are based in Asia, he noted.
Other key findings of the Webroot 2015 Threat Brief report include:
- The top 10,000 malicious IP addresses are reused quite often, on average dropping off and reappearing on the blacklist (list of IPs sending email that could be considered spam or malicious) nearly four times a month.
- Less than 55% of URLs are trustworthy. Some categories that might be assumed suspicious or unwanted due to their nature are relatively reputable. For example, URLs tied to cheating (85%); hate and racism (82%); violence (77%); adult and pornography (65%); and nudity (65%) are relatively reputable when compared to the average scores.
- There is a 30% chance that Internet users will fall for a zero-day phishing attack in the course of a year. In December 2014, there was an increase in phishing activity of more than 50%, most likely due to the holiday season.
- On average, there are nearly 900 phishing attempts detected per financial institution, but over 9,000 attempts detected per technology company. The top five technology companies impersonated by phishing sites are: Google, Apple, Yahoo, Facebook and Dropbox.
- The United States is by far the largest host of phishing sites – over 75% of sites are within the US.
- On average, only 28% of apps on the Android platform are trustworthy or benign, which fell from 52% in 2013; almost 50% are moderate or suspicious; more than 22% are unwanted or malicious. Trojans make up the vast majority of malicious threats, averaging 77% for 2014.
Webroot also documented an increase in new techniques to infect PCs in 2014, including Poweliks, a powerful Windows registry exploit that was fully contained in the registry and did not require a file component to deliver a new infection such as crypto ransomware, according to the report.
Lonas said accurate and timely threat intelligence can help organizations “assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks.”
Source: http://ift.tt/1AtTUI9
from cyber security caucus http://ift.tt/1FG51nq
via IFTTT
No comments:
Post a Comment