P2P increasingly favored by malware attackers
Cisco released its 2Q10 Global Threat Report, which is an aggregation of data and insights on threats from Cisco Security Intelligence Operations. The report merges the most current threat analysis from Cisco IPS, Cisco IronPort, and Cisco ScanSafe data.
Key highlights include:
- Eastern Europe encountered the highest rate of web-based malware in 2Q10, followed by South America and China
- IPS SQL injection signature firings increased substantially in 2Q10, coinciding with outbreaks of SQL-injection-compromised websites
- Asprox SQL injection attacks made a reappearance in June of 2010, after nearly six months of inactivity
- Gumblar-compromised websites continued to be the most frequently encountered sources of web-based malware in 2Q10
- 7.4 percent of all web-based malware encounters in 1Q10 resulted from search engine queries and nearly 90 percent of all Asprox encounters in June of 2010 were the results of links in search engine results pages
- Companies in the Pharmaceutical and Chemical vertical were the most at risk for web malware encounters, experiencing a heightened risk rating of 400 percent in 1Q10 and 543 percent in 2Q10
- Increases in peer-to-peer (P2P) activity were observed across the top three P2P networks (eDonkey, Gnutella, and BitTorrent) throughout the first quarter of 2010, with the strongest increase in March of 2010
- Continuous high saturation in 2Q10, coupled with recent P2P malware developments, suggest that peer-to-peer file shares are becoming increasingly favored by users and malware attackers alike.