Security threats are coming from all sides. Now Sophos is outlining some of them in its Security Threat Report 2013, which details IT security trends in 2012 and what to expect in 2013.
As Sophos describes it, 2012 was a year of new platforms and modern malware. What was once a homogeneous world of Windows systems is now a landscape of diverse platforms. Modern malware is taking advantage of these trends, the security firm said, creating new challenges for IT security professionals.
"Two of the defining terms of 2012 are 'empower' and 'evolve.' Attacks and threats -- on PCs, Macs and mobile devices -- continue to evolve as does the technology to combat them," said Gerhard Eschelbeck, CTO at Sophos.
"As users demand more and better ways to do their jobs, IT continues to evolve, bringing forth a new set of operating systems and other advancements, replete with different security models and attack vectors, making it crucial for security technology to evolve, ensuring that end users are protected and empowered -- no matter what platform, device, or operating system they choose."
Sophos also reports that malware authors now attack Android devices more often than PCs. Nearly 10 percent of Android devices in the U.S. have seen a malware attack, compared with only about 6 percent of PCs. We asked Michael Disabato, managing vice president of Network and Telecom at Gartner , for his take on the revelation.
"Google Play is not curated as well as iOS. Android is designed to be a very flexible operating system so it's easy to root. Why do people rob banks? That's where the money is. Why are people going after Android? Because they can, because there's money in it, and because you can't get to iOS without a lot of work," Disabato told us.
"Why aren't malware authors going after Windows? Windows gets defended just as quickly as possible. But very few people are installing malware detection and mitigation software on their smartphones."
Beware Legitimate Websites
Beyond smartphones, more than 80 percent of attacks were redirects, the majority of which were from legitimate Websites that were hacked, according to Sophos. Most of the exposure is still coming from clicking links in e-mails and browsing Web pages that are carrying malicious code. (continued...)