The Threat LandscapeJan 2013

2013 Threat Report

2

4

1. Threat VolumeSophosLabs see 250,000 new files each day

250,000previously unseen files

received each day within SophosLabs

2. The malicious webWeb servers are under constant attack. A new malicious URL every couple of seconds

20-30kmalicious URLs seen each day. This is almost a new

malicious URL every 2 secs

6

3. Professionalism, crimeware‘Monetization’ : the bulk of today’s threats are automated, coordinated & professional

Case study 1: Drive-by downloads

7

Controlling user traffic

• Inject redirects into legitimate sites

Web threats are all about controlling user web traffic

80%of malicious URLs are actually legitimate sites

that have been compromised

It’s all about trafficDistribution of today’s web threats (2012 H1)

Drive-by downloadsCompromising legitimate websites to drive user traffic to malware

Drive-by downloadsCompromising legitimate websites to drive user traffic to malware

Drive-by downloadsCompromising legitimate websites to drive user traffic to malware

“Monetizatio

n”

Drive-by downloadsCompromising legitimate websites to drive user traffic to malware

URL filtering

Content detection

Case study 2: Ransomware

14

RansomwareMulti-lingual!

15

Ransomware

• Malware that locks/encrypts user data• Pay ransom to access files

16

Simple• Password

protected archives

Medium• XOR• shift

Complex• RC4• Public key crypto

Recover data?

Blackhole payloads

Zbot25%

Ransomware18%PWS

12%Sinowal11%

FakeAV11%

Backdoor6%

ZeroAccess6%

Downloader2%

Other9%

Payload distribution (late 2012)

17

Case study 3: Android Threats

18

19

Mobile OS market (US)What will mobile malware target?

Android ApplicationsSignificant growth

2009 2010 2011 20120

100000

200000

300000

400000

500000

600000

700000

800000

Apps available Customer downloads

Android malwareHuge growth in 2012 (x40, just in September!)

21

1000Android samples analyzed

each day within SophosLabs

Android vs PC

22

SophosLabs

23

SophosLabsKey differentiators

24

1. Integrated threat analysis

2. Fast response time

3. Global presence 24/7/365

4. Updates issued from any lab location at any time

5. 100% in-house technology

6. Pre-configured intelligence

Top Facts

25

1,000Android samples analysed

each day within SophosLabs

80%of malicious URLs are actually legitimate sites

that have been compromised

250,000previously unseen files

received each day within SophosLabs

20-30kmalicious URLs seen each day. This is almost a new

malicious URL every 2 secs

Top Facts

26

Mitigating Risks

27

Complete Security Solutions designed to mitigate risks

Questions?

28