High-profile hacks distract attention from serious threats: Sophos

Search engine poisoning, social networking scams and fake anti-virus have been the top security threats in 2011 so far, according to security vendor Sophos. All three rely on social engineering to achieve their aims.

quot;High-profile hacking attacks against governments and corporations have dominated the security landscape in 2011,quot; says the company#39;s Security Threat Report: Mid-Year 2011 (PDF), but security issues that could pose a greater threat to businesses, governments and consumers are receiving far less attention.

quot;Web threats -- such as fake antivirus and SEO poisoning -- continue to be the top vehicle for malware attacks this year,quot; the report says.

Search engine poisoning is the label for various search engine optimisation (SEO) techniques used to manipulate search engine results with malicious intent.

quot;Black Hat SEO techniques stuff legitimate websites with content designed to rank highly in search engine results and then silently redirect users to malicious sites,quot; says the report. quot;The compromised results appear not just on regular web searches, but also on image searches.quot;

quot;Black Hat SEO attacks are extremely effective,quot; says Sophos. quot;A snapshot of the top malware we block on our customer web appliances shows that Black Hat SEO accounts for more than 30 percent of all detections.quot;

The technique#39;s success depends on a user#39;s uncritical use of search engines to look for current news.

quot;The search engine is our gateway to the web. Thatrsquo;s why cybercriminals manipulate search results from sites such as Google, Bing and Yahoo to lure victims to their malicious pages,quot; the report says.

Fake anti-virus remains a threat in 2011 after being one of the more persistent threats of 2010, says Sophos. quot;These attacks are now actively targeting Mac users,quot; the company says.

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful cybersecurity companies