My company’s analysis of 2009 threat stats has revealed some worrying trends:

  • Three million new threats were identified in 2009 (which equates to almost one every 10.8 seconds).
  • 2,905,697 threat signatures were released to protect against new or variant threats (and increase of 6.9 per cent from 2008).
  • Most spam and malware originates from botnets and compromised hosts.
  • There’s been a move away from mass-mailed spam and malware of old, to more targeted vulnerability exploits (ones specific to applications, web browsers and servers for example) as cyber-criminals look towards more efficient means of carrying out their attacks.
  • Organised gangs continue to dominate the threat landscape, a trend which is expected to continue into 2010.
  • 2009 also saw more security patches from providers other than Microsoft, as these providers begin to realise the Microsoft are not the only target of cyber-crime.

Examples include:

  • Adobe, who announced multiple vulnerabilities in its PDF and Acrobat software systems; and in its SWF Flash software.
  • WordPress blogs, which have been susceptible to multiple vulnerabilities, leading to passwords being compromised.
  • Several major web frameworks (including the popular Drupal web content management system) have had vulnerabilities leading to remote code execution and SQL injection.
  • Web browsers such as Apple Safari, Mozilla Firefox and Opera have all announced critical vulnerabilities.

These examples highlight the need for all companies to review security policies for the applications and software that they permit people to access via their corporate networks or work computers. Most of us use some form of internet-facing application or collaboration software for work, especially those who work from home, and these applications must be secured, otherwise corporations leave themselves vulnerable to attack.