Australian Android users are world’s most frequently attacked: Sophos

Australia has some of the world’s safest websites – but the world’s highest rate of attacks against Android mobile devices, according to figures in a new report on malware activity during 2012.

Fully 80 per cent of malware attacks this year were the result of a legitimate website being hacked and redirecting visitors to malware-spreading sites, security firm Sophos alleged in its newly released lt;igt;Security Threat Report 2013lt;/igt;.

Drawing on figures from its SophosLabs analysis arm, Sophos named Hong Kong, Taiwan, the UAE, Mexico and India as the five countries where web users are most likely to stumble upon a compromised website.

The high prevalence of such attacks was largely attributed to the popularity of the Blackhole exploit kit, a for-profit Russian-developed application that peppers web sites with code designed to exploit flaws in nearly any client browser.

Blackhole-generated attacks accounted for 27 per cent of exploits in 2012, according to Sophos figures, with non-Blackhole drive-by redirects generating 58.5 per cent of attacks and payload-based attacks just 7.5 per cent of exploits. Non-Blackhole exploit sites (1.8 per cent), SEO (1.1 per cent), fake antivirus (0.4 per cent) and other (3.4 per cent) attacks rounded out the figures.

Overall, Australia was ranked 15 out of 20 countries surveyed, based on TER (Threat Exposure Rate), a measure of the percentage of PCs that experienced a malware attack in 2012. That makes it the sixth safest destination for web hosts. The safest countries were Norway, Sweden, Japan, the UK, and Switzerland.

Increased utilisation of automated malware platforms is expected to drive “an increase in the number of incidents where attackers have gained and sustained surreptitious access to corporate networks,” the report’s authors concluded.

Also expected is an increase in basic web server mistakes – enabling a surge in attacks with compromised credentials; an increase on ‘irreversible’ malware that drives a review of corporate data backup and restore procedures; more feature-packed exploit toolkits with scriptable Web services, APIs, and malware quality-assurance platforms; better mitigation of exploits, driving an increase in social-engineering attacks; and challenges as new attacks capitalise on new and pervasive technologies like GPS and near field communication (NFC).

Mobile devices running Google’s Android software were named as the biggest target for malware attacks – and Australia is leading the world, with the world’s highest TER against Android devices. Around 12% of Android devices in Australia had been attacked, compared with 9 per cent of PCs. This was an even bigger margin than in the US, and much less than in countries like Brazil, Malaysia and India, where desktops were attacked four or more times as often.

Such figures reinforce the need for viable mobile device management (MDM) tools, but they’re not the only security-related issue that companies will face in 2013. Sophos also flags the need for changes such as the use of two-factor authentication for increasingly-vulnerable online services; strategies for stopping ‘information leakage’ as employees email sensitive data outside of the company; policies for vetting employees with access to critical information; control over snapshotting of virtual servers that could compromise security controls; implementing application and Web-based access controls; and encrypting files before they are uploaded to a cloud service.