Australian Android users are world's most frequently attacked: Sophos

Australia has some of the world's safest websites – but the world's highest rate of attacks against Android mobile devices, according to figures in a new report on malware activity during 2012.

Fully 80 per cent of malware attacks this year were the result of a legitimate website being hacked and redirecting visitors to malware-spreading sites, security firm Sophos alleged in its newly released <i>Security Threat Report 2013</i>.

Drawing on figures from its SophosLabs analysis arm, Sophos named Hong Kong, Taiwan, the UAE, Mexico and India as the five countries where web users are most likely to stumble upon a compromised website.

The high prevalence of such attacks was largely attributed to the popularity of the Blackhole exploit kit, a for-profit Russian-developed application that peppers web sites with code designed to exploit flaws in nearly any client browser.

Blackhole-generated attacks accounted for 27 per cent of exploits in 2012, according to Sophos figures, with non-Blackhole drive-by redirects generating 58.5 per cent of attacks and payload-based attacks just 7.5 per cent of exploits. Non-Blackhole exploit sites (1.8 per cent), SEO (1.1 per cent), fake antivirus (0.4 per cent) and other (3.4 per cent) attacks rounded out the figures.

Overall, Australia was ranked 15 out of 20 countries surveyed, based on TER (Threat Exposure Rate), a measure of the percentage of PCs that experienced a malware attack in 2012. That makes it the sixth safest destination for web hosts. The safest countries were Norway, Sweden, Japan, the UK, and Switzerland.

Increased utilisation of automated malware platforms is expected to drive "an increase in the number of incidents where attackers have gained and sustained surreptitious access to corporate networks," the report's authors concluded.

Also expected is an increase in basic web server mistakes – enabling a surge in attacks with compromised credentials; an increase on 'irreversible' malware that drives a review of corporate data backup and restore procedures; more feature-packed exploit toolkits with scriptable Web services, APIs, and malware quality-assurance platforms; better mitigation of exploits, driving an increase in social-engineering attacks; and challenges as new attacks capitalise on new and pervasive technologies like GPS and near field communication (NFC).

Mobile devices running Google's Android software were named as the biggest target for malware attacks – and Australia is leading the world, with the world's highest TER against Android devices. Around 12% of Android devices in Australia had been attacked, compared with 9 per cent of PCs. This was an even bigger margin than in the US, and much less than in countries like Brazil, Malaysia and India, where desktops were attacked four or more times as often.

Such figures reinforce the need for viable mobile device management (MDM) tools, but they're not the only security-related issue that companies will face in 2013. Sophos also flags the need for changes such as the use of two-factor authentication for increasingly-vulnerable online services; strategies for stopping 'information leakage' as employees email sensitive data outside of the company; policies for vetting employees with access to critical information; control over snapshotting of virtual servers that could compromise security controls; implementing application and Web-based access controls; and encrypting files before they are uploaded to a cloud service.

Join the CSO newsletter!

Error: Please check your email address.

Tags sophosAndroid

More about ExposureGoogleNFCSophosSwitzerland

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place