US major source of malware, report finds
22 May 2014, 13:49
Cape Town - A global security report has found that the US hosts the overwhelming majority of internet malware.
The 2014 Trustwave Global Security Report found that the US hosts 42% of malware, followed by Russia at 13% and Germany (9%).
The report is based on investigations that the firm carried out in the last year as the company focused on the state of global internet security.
According to Trustwave, criminals used malware to primarily target personal information.
"While payment card data continues to top the list of the types of data compromised, we saw a 33% increase in the theft of sensitive and confidential information such as financial credentials, internal communications, personally identifiable information and various types of customer records," Trustwave said.
The report shows that the US makes up 59% of victims of cybercrime, followed by the UK at 14% and Australia (11%).
The results though are not surprising, given the standing of the US in the world.
"With big houses like Microsoft, Adobe, Apple and Google, it wouldn't be any surprise that you've got the US at the forefront of a lot of these data breaches," Andrew Kirkland, Trustwave CEO told News24.
He added that the strength of the dollar as a global currency standard also made the US attractive to criminals intent on stealing money.
Cyber criminals primarily targeted the retail industry, making up 35% of attacks the company investigated.
Trustwave found that the primary method of delivering malware or attacking computers was through spam. Even though malicious spam dropped by 5%, it still made up 70% of inbound e-mail.
Kirkland said that criminals could likely exploit people who broadcasted their interests on social networks because they could tailor spam to a specific individual or group.
"If that e-mail that comes in talks to your interest, you are going to click on that link. It looks very legitimate because they've designed it that way."
Spam is the primary method of delivering malware. (Duncan Alfreds, News24)
At least 59% of spam contained malicious attachment and 41% contained links that were designed to compromise a computer.
Some of the most common subject lines include: "Some Important Information is missing"; "Bank Statement. Please read"; "Important - Payment Overdue", Trustwave said in its report.
The effectiveness of this kind of attack was revealed by US authorities who have indicted Chinese officials over cyber spying, saying that social engineering played a far greater role in gaining access to critical systems that superior programming.
Kirkland said that it people assume that incoming messages are relevant, and this makes it easy for attackers to take over their machines.
"The Chinese, the Russians and even the Americans - they know that human nature tends to kick in and as long as they can speak to it, people will be very naïve about it."
- Follow Duncan on Twitter