Symantec Global internet Security threat report
34% 7% 4% 4% 4% 4% 3% 2% 2% 2%
Table 8. Top countries of origin for Web-based attacks Source: Symantec
in 2009, 7 percent of Web attacks originated from computers in China, which is a decrease from 13 percent in 2008. As was discussed in the previous version of this report, the higher percentage in 2008 was likely due to compromised websites relating to the 2008 Beijing Olympic Games.56 it is reasonable to assume that the number of attacks from these websites has tapered off since the conclusion of the games and may be a significant factor in the decrease of Web attacks originating from computers in China in 2009.
Brazil was the third-ranked country of origin for Web-based attacks in 2009, accounting for 4 percent of the total. While there were no noteworthy high-profile Web-based attacks in Brazil in 2009, the amount of overall malicious activity increased significantly, particularly in regards to malicious code. Web-based attacks are an effective means of installing malicious code on the computers of unsuspecting users, indicating that the increase in malicious activity in Brazil may be closely related to increases in Web-based attacks originating there. Furthermore, the growth in bot-infected computers in Brazil may also have been a contributing factor because bots are commonly used to launch Web-based attacks.
Web-based attacks are a major threat to computer networks for both enterprises and consumers. the covert nature of these types of attacks (such as drive-by downloads) makes them very difficult to protect against because most users are unaware that they are being attacked. Organizations are thus confronted with the complicated task of having to detect and filter attack traffic from legitimate traffic. Since many organizations now rely on Web-based tools and applications to conduct business, it is likely that the Web will continue to be the primary conduit for attack activity favored by malicious code developers. to avoid the likelihood of threats, organizations can implement strong security policies and the latest software patches as well as educate staff about potential security issues and how to prevent becoming a victim.
h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - w h i t e p a p e r _ i n t e r n e t _ s e c u r i t y _ t h r e a t _ r e p o r t _ x i v _ 0 4 - 2 0 0 9 . e n - u s . p d f : p . 1 8