Cisco's 3QCY10 Global Threat Report Results

Adobe Reader/Acrobat, Sun Java, and Adobe Flash were the three most common exploit targets during 1H2010

Cisco recently released its third quarter 2010 Global Threat Report to the public. This report highlights the trends of Malware encounters, industry vertical risks breakdown, Stuxnet worm, Rustock Botnet, SQL inject attacks, Global Spam trends and the "Here you have" email worm. Here are the highlights from the report. Malware Encounter Rates: -Enterprise businesses experienced an average of 133 Web malware encounters per month in 3Q10. (source Cisco Scansafe) -Approximately 10% of Web malware was encountered via search engine traffic and/or services. -65 percent of all web-based malware encounters were blocked prior to exploit code or involved encounters which did not include exploit code. -Of exploits that are encountered, those targeting Adobe Reader/Acrobat, Sun Java, and Adobe Flash were the three most common during the first half of 2010. -Sun Java exploits increased throughout the quarter, from 5% of all Web malware blocks in July 2010 to 7% in September 2010. Conversely, PDF exploits targeting Adobe Reader and Acrobat declined over the quarter, from 3% of all Web malware blocks in July 2010 to 1% in September 2010. Vertical Industry Risk: -Companies in the Pharmaceutical & Chemical vertical were the most at risk for Web malware encounters in 3Q10, experiencing a heightened risk rating of 372%. Other higher risk verticals in 3Q10 included Energy, Oil, & Gas (209%), and Agriculture & Mining at 169%. -Notably Retail, IT and automotive verticals were all below the median 100% for Q3CY10 Stuxnet Worm and Rustock Botnet: -Stuxnet worm made up over 5% of events handled by Cisco ROS during the third quarter. This made it the 5th most frequently encountered event handled by Cisco ROS. -Here are the top 10 events handled by Cisco ROS during Q3CY10

-An analysis of Cisco ScanSafe Web traffic processed in the third quarter reveals that of those infected with Stuxnet, 50% were from the Energy & Oil sector and 50% from the Pharmaceutical & Chemical industry. -38% of those impacted by Stuxnet were in the UK, 25% in Hong Kong, and 13% each in Brunei, the Netherlands, and Australia. -Rustock Botnet was the highest occurring ROS event in 3Q10, at 21% of events handled during the report period. Global SPAM: -Spam volume fell from 326 billion spam per day in August 2010 to 257 billion per day in September 2010. -The Rustock botnet is believed to be one of the largest purveyors of spam, with the largest number of Rustock bots reportedly located in the U.S. -Graphic below shows spam volumes originating from the top ten spam senders in 3Q10. You can see that the U.S. originates the most spam.

-The "here you have" and "Fake LinkedIn" Email worms were active in September and made up a considerable portion of reported spam during that period. To read the full report go here www.cisco.com/go/sio Also check out the latest threat report for Nov 8-14 here http://www.cisco.com/web/about/security/intelligence/CRR_nov8-14.html

The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.

More from Jamey Heary: Credit Card Skimming: How thieves can steal your card info without you knowing it Google Nexus One vs. Top 10 Phone Security RequirementsWhy you should always shred your boarding pass Video rental records are afforded more privacy protections than your online dataThe truth about new SSL attacks 2009 Top Urban Legends in IT Security/a>Go to Jamey’s Blog for more articles on security.

*

*

*

*

*

*

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in