Security provider McAfee unveiled the Threats Report: Fourth Quarter 2011 assessment which provides a summary of the threat landscape from data collected in in the latter part of 2011.
The report covers a variety of security issues, including breaches, the prevalence of spam operations, breach reports, internet threats and malware related data - which the report indicates saw levels beyond the company's previous estimate of 75 million unique variants.
The report also noted that targeted attacks present a problem that no organization can expect to be immune to regardless of the level of effort and resources dedicated to securing critical systems, a refreshingly honest admission from a security vendor.
“The threat landscape continued to evolve in 2011, and we saw a significant shift in motivation for cyber attacks. Increasingly, we’ve seen that no organization, platform or device is immune to the increasingly sophisticated and targeted threats," said Vincent Weafer, senior vice president of McAfee Labs.
Of continued concern is the rapid pace of malware targeting mobile devices, according to the report. The proliferation of smartphones and tablets as a primary interface for individuals, government, and the private sector has made them a focal point for the development of malicious agents.
"On a global basis, we are conducting more of our personal and business transactions through mobile devices, and this is creating new security risks and challenges in how we safeguard our commercial and personal data,” Weafer said.
The following is a summary of the McAfee report's content as provided by the company:
The overall growth of PC-based malware actually declined throughout Q4 2011, and is significantly lower than Q4 2010. The cumulative number of unique malware samples in the collection still exceeds the 75 million mark. In total, both 2011 and the fourth quarter were by far the busiest periods for mobile malware that McAfee has seen yet, with Android firmly fixed as the largest target for writers of mobile malware.
Contributing to the rise in malware were rootkits, or stealth malware. Though rootkits are some of the most sophisticated classifications of malware, designed to evade detection and “live” on a system for a prolonged period, they showed a slight decline in Q4. Fake AV dropped considerably from Q3, while AutoRun and password-stealing Trojan malware show modest declines. In a sharp contrast to Q2 2011, Mac OS malware has remained at very low levels the last two quarters.
In the third quarter McAfee Labs recorded an average of 6,500 new bad sites per day; this figure shot up to 9,300 sites in Q4. Approximately one in every 400 URLs were malicious on average, and at their highest levels, approximately one in every 200 URLs were malicious. This brings the total of active malicious URLs to more than 700,000.
The vast majority of new malicious sites are located in the United States, followed by the Netherlands, Canada, South Korea and Germany. Overall, North America housed the largest amount of servers hosting malicious content, at more than 73 percent, followed by Europe-Middle East at more than 17 percent and Asia Pacific at 7 percent.
At the end of 2011, global spam reached its lowest point in years, especially in areas such as the United Kingdom, Brazil, Argentina and South Korea. Despite the drop in global levels, McAfee Labs found that the present spearphishing and spam are highly sophisticated.
Overall botnet growth rebounded in November and December after falling since August, with Brazil, Columbia, India, Spain and the United States all seeing significant increases. Germany, Indonesia and Russia declined. Of the botnets, Cutwail continues to reign supreme, while Lethic has been on a steady decline since last quarter. Grum made a significant comeback after a long decline, surpassing Bobax and Lethic by the end of Q4.
The number of reports of data breaches via hacking, malware, fraud and insiders more than doubled since 2009, according to privacyrights.org, with more than 40 breaches publicly reported this quarter alone. The leading network threat this quarter came via vulnerabilities in Microsoft Windows remote procedure calls. This was followed closely by SQL injection and cross-site scripting attacks. These remote attacks can be launched at selected targets around the globe.