It's December, which means it's time for security vendors to start rolling out their annual round-ups, making predictions about what we can expect in the next 12 months.
The latest edition of the Sophos Security Threat Report has just been published, and is well worth a read.
Topics included in the Sophos Security Threat Report 2013 include:
- New platforms and changing threats
- Blackhole exploit kit: Today's malware market leader
- Java attacks reach critical mass
- Android malware
- The unrelenting rise of ransomware
- OS X and the Mac: More users, emerging risks
- High profile arrests and take downs
- Polymorphic attacks become more troublesome
- Targeted attacks
- What we can expect in 2013
Amongst the many interesting sections of the report is a discusson of the notorious Blackhole exploit kit, which we have written about frequently on Naked Security.
The Blackhole exploit kit has become the most successful malware kit operating on the internet - combining technical dexterity with a business model that would make Harvard Business School MBA students salivate.
The Blackhole exploit kit is a pre-packaged software tool that can be used on a malicious web server to sneak malware onto computers without their users realising. By taking advantage of vulnerabilities and security holes, exploit kits like Blackhole can silently install malware onto computers without the victim seeing any warnings.
Sophos's research reveals where in the world most Blackhole exploit sites are being hosted.
Another section of the Sophos Security Threat Report 2013 attempts to determine the levels of malware attacks (successful or otherwise) experienced by different countries, with - perhaps - surprising results:
SophosLabs calculated that Norway had the lowest TER (Threat Exposure Rate) at 1.81%, while computers in Indonesia are at the greatest risk of malware infection (23.54%). (Note: An earlier version of this article claimed that Hong Kong computers were at the greatest risk of malwar infection - our apologies for this error).
There's lots more information in the full Sophos Security Threat Report, which can be downloaded for free right now. (No registration required).
So, why not take a look at the Security Threat Report 2013 for yourself? And let us know what you think by leaving a comment.
In addition, you can sign-up for a web seminar about the security threat report that we will be holding on Tuesday December 11th 2012, at 2pm ET / 11am PT.
If you attend the web seminar you can hear SophosLabs expert Richard Wang describe what 2013 might bring, and how attackers extended their reach to new platforms like cloud services and mobile devices, adopted malware toolkits to build smarter attacks and targeted badly-configured websites in the last year.Follow @gcluley