High-profile hacks distract attention from serious threats: Sophos

As always you, Human, are the weakest link

Search engine poisoning, social networking scams and fake anti-virus have been the top security threats in 2011 so far, according to security vendor Sophos. All three rely on social engineering to achieve their aims.

"High-profile hacking attacks against governments and corporations have dominated the security landscape in 2011," says the company's Security Threat Report: Mid-Year 2011 (PDF), but security issues that could pose a greater threat to businesses, governments and consumers are receiving far less attention.

"Web threats -- such as fake antivirus and SEO poisoning -- continue to be the top vehicle for malware attacks this year," the report says.

Search engine poisoning is the label for various search engine optimisation (SEO) techniques used to manipulate search engine results with malicious intent.

"Black Hat SEO techniques stuff legitimate websites with content designed to rank highly in search engine results and then silently redirect users to malicious sites," says the report. "The compromised results appear not just on regular web searches, but also on image searches."

"Black Hat SEO attacks are extremely effective," says Sophos. "A snapshot of the top malware we block on our customer web appliances shows that Black Hat SEO accounts for more than 30 percent of all detections."

The technique's success depends on a user's uncritical use of search engines to look for current news.

"The search engine is our gateway to the web. That’s why cybercriminals manipulate search results from sites such as Google, Bing and Yahoo to lure victims to their malicious pages," the report says.

Fake anti-virus remains a threat in 2011 after being one of the more persistent threats of 2010, says Sophos. "These attacks are now actively targeting Mac users," the company says.


Join the CSO newsletter!

Error: Please check your email address.

Tags sophosSecurity threat report 2011governmentmalwarehackingSEO poisoning

More about GoogleSophosYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stilgherrian

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts