The report, from Blue Coat Systems, which tapped the data pool generated by its WebPulse security service, says that hackers are developing broader attack strategies, including complex blended threats, faster malware lifecycles and search engine manipulation.
According to to Blue Coat, malware is starting to be adapted by hackers in relatively rapid lifecycles – the average lifespan of a typical piece of malware dropped from seven hours in 2007 to just two in 2009, notes the report.
As a result of this faster malware lifecycle, the study says that defences that require patches and downloads are simply unable to keep pace.
Increased reliance on social networking for communication, says Blue Coat, means there is less reliance on web-based email, which dropped in popularity from fifth place in 2008 to ninth place in 2009.
And, the report adds, exploiting user trust drives most common threats. The two most common web-based threats in 2009 – the fake antivirus software and the fake video codec – both exploited user trust on the internet, search engines and social networks.
According to Blue Coat, these were not the 'drive-by' attacks of recent years, nor did they require a vulnerability to exploit other than human behaviour.
Chris Larsen, senior malware researcher at Blue Coat, said that the increasing use of link farms to manipulate search engine results and prey on the trust users have in their internet experience drove many of the malware exploits his researchers saw in 2009 and are continuing to see in 2010.
"To provide comprehensive protection in the face of these threats, enterprises need not only a layered defence but also better user education", he said.
"The web is growing too fast in all directions for human raters or even web crawlers to manage. It is turning into a war of machines, and the best defences are able to leverage the strength-in-numbers principle to protect users", he added
The information in the report is based on an analysis of data collected from the Blue Coat WebPulse service, a cloud-based collaborative defence facility that is billed as having 62 million users around the world.