Sophos Security Threat Report 2013 - the safest and riskiest countries revealed

Filed Under: Botnet, Data loss, Denial of Service, Fake anti-virus, Featured, Malware, Phishing, Privacy, Ransomware, Security threats, Social networks, SophosLabs, Spam, Vulnerability

It's December, which means it's time for security vendors to start rolling out their annual round-ups, making predictions about what we can expect in the next 12 months.

Sophos Security Threat Report

The latest edition of the Sophos Security Threat Report has just been published, and is well worth a read.

Topics included in the Sophos Security Threat Report 2013 include:

  • New platforms and changing threats
  • Blackhole exploit kit: Today's malware market leader
  • Java attacks reach critical mass
  • Android malware
  • The unrelenting rise of ransomware
  • OS X and the Mac: More users, emerging risks
  • High profile arrests and take downs
  • Polymorphic attacks become more troublesome
  • Targeted attacks
  • What we can expect in 2013

Threat reportAmongst the many interesting sections of the report is a discusson of the notorious Blackhole exploit kit, which we have written about frequently on Naked Security.

The Blackhole exploit kit has become the most successful malware kit operating on the internet - combining technical dexterity with a business model that would make Harvard Business School MBA students salivate.

The Blackhole exploit kit is a pre-packaged software tool that can be used on a malicious web server to sneak malware onto computers without their users realising. By taking advantage of vulnerabilities and security holes, exploit kits like Blackhole can silently install malware onto computers without the victim seeing any warnings.

Sophos's research reveals where in the world most Blackhole exploit sites are being hosted.

Location of Blackhole exploit kit sites

Another section of the Sophos Security Threat Report 2013 attempts to determine the levels of malware attacks (successful or otherwise) experienced by different countries, with - perhaps - surprising results:

Threat Exposure Rate by country

SophosLabs calculated that Norway had the lowest TER (Threat Exposure Rate) at 1.81%, while computers in Indonesia are at the greatest risk of malware infection (23.54%). (Note: An earlier version of this article claimed that Hong Kong computers were at the greatest risk of malwar infection - our apologies for this error).

There's lots more information in the full Sophos Security Threat Report, which can be downloaded for free right now. (No registration required).

So, why not take a look at the Security Threat Report 2013 for yourself? And let us know what you think by leaving a comment.

In addition, you can sign-up for a web seminar about the security threat report that we will be holding on Tuesday December 11th 2012, at 2pm ET / 11am PT.

If you attend the web seminar you can hear SophosLabs expert Richard Wang describe what 2013 might bring, and how attackers extended their reach to new platforms like cloud services and mobile devices, adopted malware toolkits to build smarter attacks and targeted badly-configured websites in the last year.

, ,

You might like

5 Responses to Sophos Security Threat Report 2013 - the safest and riskiest countries revealed

  1. The chart in the first image doesn't seem to match the the legend. For the colors on the chart to remain the same, all the colors on the legend from Brazil down to Chile need to be put into reverse order, and Russia and Other need to swap colors.

  2. Magda · 1036 days ago

    Something is not right, in the report the most risky country is Indonesia and in here it's Hong Kong....

    • Well, time for us to eat humble pie again. You are quite correct. Turns out the graphics I was given for the article were.. umm.. incorrect.

      They have now been fixed. Apologies to everyone - especially the residents of Hong Kong!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley