A recent Sophos threat report, Security Threat Report 2013, has found that 80% of malware attacks in 2012 were redirects from legitimate sites.
The security vendor highlighted some key observations for 2012 and what is expected for 2013.
It said that 2012 was a year of new platforms and modern malware - what was once a homogeneous world of Windows systems is now a landscape made up of diverse platforms. According to Sophos, modern malware is taking advantage of these trends, creating new challenges for IT security professionals.
"Two of the defining terms of 2012 are 'empower' and 'evolve.' Attacks and threats - on PCs, Macs and mobile devices - continue to evolve as does the technology to combat them," Sophos chief technology officer, Gerhard Eschelbeck, said.
Eschelbeck claimed that the increasing mobility of data in corporate environments has forced IT staff to become even more agile.
The study also ranked the riskiest and safest countries for experiencing a malware attack.
Hong Kong topped the list as the most risky country, with a 23.5% threat exposure rate.
Taiwan, UAE, Mexico and India followed respectively with 21.3%, 20.8%, 19.8% and 17.4% threat exposure rate.
Norway was named the safest country with a 1.81% threat exposure rate. Sweden followed with 2.59%; Japan with 2.63%; UK with 3.51%; and Switzerland with 3.81%. Australia made it into the top 20 safest countries, ranking at 15.
Sophos predicts that in 2013, increased availability of malware testing platforms will make it more likely for malware to slip through traditional business security systems.
Additional trends expected in the year ahead include an increase in basic Web server mistakes and a greater number of "irreversible" malware.
However it also predicted that the market will see a decrease in vulnerability exploits offset by a sharp rise in social engineering attacks across a wide array of platforms.
"As users demand more and better ways to do their jobs, IT continues to evolve, bringing forth a new set of operating systems and other advancements, replete with different security models and attack vectors, making it crucial for security technology to evolve, ensuring that end users are protected and empowered - no matter what platform, device, or operating system they choose," Eschelbeck added.