It appears that Web 2.0 companies could be focused on growing their user bases at the expense of properly defending their existing customers from internet threats.
Sophos has published new research into the first six months of cybercrime in 2009. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are doubly exploiting social networks, using them first to identify potential victims and then to attack them, both at home and at work.
The report reveals that IT teams are worried that employees share too much personal information via social networking sites, putting their corporate infrastructure – and the sensitive data stored on it – at risk. The findings also indicate that a quarter of organisations have been exposed to spam, phishing or malware attacks via sites such as Twitter, Facebook, LinkedIn and MySpace.
"The big Web 2.0 companies need to examine their systems and determine how, now they have gathered a huge number of members, they are going to protect them from virus writers, identity thieves, spammers and scammers," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
Another worrying finding of the report is the huge increase in scareware being encountered online. Cybercriminals are creating scam web sites, offering fake, paid-for anti-virus protection, at an alarming rate. Sophos now discovers fifteen such sites each day, a three-fold increase over the same period in 2008.
"Novice computer users in particular are falling foul to under-handed tactics to capitalise on their fear from infection," Myroff says. "Some users may be aware that viruses and malware exist, but probably won't be savvy enough to distinguish between legitimate and phony anti-virus protection."
Stats and findings include:
* There were 22,5-million different samples of malware – almost double the level of June 2008;
* Two-thirds of businesses fear that social networking endangers corporate security;
* There was an increase in new web infections – one new infected webpage discovered by Sophos every 3,6 seconds (four times faster than in first half of 2008);
* 40 000 new suspicious files were examined by SophosLabs every day;
* The US hosts the most malware on the web (39,6%);
* US computers relay the most spam (15,7%);
* 89,7% of all business e-mail is spam.
In 2007, China was responsible for hosting more than 50% of all web-based malware. However, this position has been taken by the US.