Symantec has issued its July 2011 intelligence report which cites “aggressive use of rapidly changing malware lead[ing] to [a] rise in sophisticated socially engineered attacks.”
Different strains of malware involved in individual attacks have increased dramatically in recent months by a factor of 25 times, when compared to the figures for the previous six months, researchers found.
This poses a significant risk to companies and individuals who use traditional forms of protection, such as anti-virus software, which the malware is designed to avoid.
The start-up code contained in the malware subtly alters the code in almost every version of the malicious software, making it harder for security products to identify it as potentially harmful.
Mobile phones are also at risk from infection as phishing attacks have emerged that seek to exploit vulnerabilities.
Paul Wood, Senior Intelligence Analyst, Symantec.cloud, commented: “Two key areas in which we can see this trend are, firstly, the increase in phishing against wireless application protocol (WAP) pages, which are lightweight Web pages designed for smaller mobile devices such as cell phones; and secondly, the use of compromised domain names that have been registered for mobile devices, for example, using the .mobi top-level domain.”
Security experts have been monitoring phishing sites and say that social networking and information services brands were “frequently observed in these phishing sites.” By targeting smartphone users, phishers are implementing a new strategy for the primary motive of identity theft.
The UK overtook South Africa as the most targeted country in the world, with one in 129.3 emails identified as phishing attacks.
The report also found that the ratio of spam in global email traffic is up 77.8% and phishing emails now affects every one in 319.3, a rise of 0.01% this month. Malicious websites are also on the up since last month, with an estimated 6,967 sites per day harbouring some form of malware or spyware.
The most spammed industry in the UK remains the Automotive sector, followed by Education, Pharmaceutical and IT sectors with Retail and Finance not far behind. However, the Public Sector remained the most targeted sector for cyber-criminals with 62.1 emails being blocked as malicious.