"We're seeing tens of thousands different types of attack coming into our research labs every day, but, whilst the volume is quite vast, the numbers of truly new attack methods is quite low – last year we saw around ten", said the Symantec security analyst.
According to Cox, whilst there are many different ways of detecting the presence of malware in program code, signature analysis remains the number one method, but not because it's the most efficient.
The reason, she told Infosecurity, is that whilst IT security professionals see malware and hacking attempts on a day-to-day basis, and can spot them when they pop up, most consumer users of the internet do not have such experience.
And, she says, this means that you cannot expect them to know what to do when they have to deal with a security threat.
"Some attacks are quite good and can fool even quite experienced IT staff", she said, adding that web-based attacks are now becoming increasingly common.
The top attack vector, she went on to say is Adobe, and has been for the last four to five years. Yes, security software exists to spot this older malware, but she says, from the hacker's perspective, if it works, why change it?
"The last really big and new security threat was Downandup, since then there haven't been that many really innovative attack types", she said.
"It's also interesting to see how Firefox had the most reported vulnerabilities last year. It's now clear that hackers are targeting the most popular applications and then developing suitable attack methods", she added.