The McAfee Threats Report:inside the web turbulence and the panoplie of threats
Due to its large popularity, Android is experiencing progressively lot of
attacks and handlings.
This morning MacAfee has released its Threats Report which shows that, the proliferation
of SMS-stealing banking malware, fraudulent dating and entertainment apps,
weaponized legitimate apps and malicious apps posing as useful tools have
increased.
According to the report the 2013 ransomware count is higher than
the total found in all previous periods combined.
the total found in all previous periods combined.
About 16 percent increase in suspicious URLs, a 50 percent increase in
digitally-signed malware samples, and notable events in the cyber-attack and
espionage areas, including multiple attacks on the global Bitcoin
infrastructure and revelations around the Operation Troy network targeting U.S.
and South Korean military assets.
Below, a set of common mobile strategies employed by cybercriminals to
extract money and confidential information from victims:
- Banking Malware. Many banks implementing two-factor authentication require customers to log into their online accounts using a username, password and a mobile transaction number (mTAN) sent to their mobile device via a text message. McAfee Labs researchers identified four significant pieces of mobile malware that capture the traditional usernames and passwords, and then intercept SMS messages containing bank account login credentials. The malicious parties then directly access accounts and transfer funds.
- Fraudulent Dating Apps. McAfee Labs discovered a surge in dating and entertainment apps that dupe users into signing up for paid services that do not exist. Lonely users attempt to access potential partners’ profiles and other content only to become further frustrated when the scam is recognized. The profits from the purchases are later supplemented by the ongoing theft and sale of user information and personal data stored on the devices.
- Trojanized Apps. Research revealed the increasing use of legitimate apps altered to act as spyware on users' devices. These threats collect a large amount of personal user information (contacts, call logs, SMS messages, location) and upload the data to the attacker’s server.
- Fake Tools. Cyber criminals are also using apps posing as helpful tools, such as app installers that actually install spyware that collects and forwards valuable personal data.
Connectikpeople has also observed that, beyond mobile threats, the second
quarter revealed the continued adaptability of attackers in adjusting tactics
to opportunities, challenges to infrastructure upon which commerce relies, and
a creative combination of disruption, distraction and destruction to veil
advanced targeted attacks:
- Ransomware. Over the past two quarters McAfee Labs has catalogued more ransomware samples than in all previous periods combined. The number of new samples in the second quarter was greater than 320,000, more than twice as many as the previous period, demonstrating the profitability of the tactic.
- Digitally-signed malware. Malware signed with legitimate certificates increased 50 percent, to 1.2 million new samples, rebounding sharply from a decline in the first quarter. The trend of illegitimate code authenticated by legitimate certificate authorities could inevitably undermine confidence in the global certificate trust infrastructure.
- Suspicious URLS. The second quarter’s increase in suspicious URLs shows how important “infected” sites remain as a distribution mechanism for malware. At June’s end, the total number of suspect URLs tallied by McAfee Labs reached 74.7 million, which represents a 16 percent increase over the first quarter.
- Spam Volume. Global spam volume continued to surge through the second quarter with more than 5.5 trillion spam messages. This represented approximately 70 percent of global email volume.
- Attacks on Bitcoin Infrastructure. The sudden activity in the Bitcoin market over the course of the past quarter attracted interest from cybercriminals. In addition to disruptive distributed denial of service attacks (DDoS), the group infected victims with malware that uses computer resources to mine and steal the virtual currency.
- Operation Troy. McAfee Labs uncovered evidence suggesting that attacks on South Korean banks and media companies in March and June of this year were in fact connected to an ongoing cyber espionage campaign dating back to 2009. A study of forensic evidence suggested that the campaign was designed to target U.S. and South Korean military systems, identify and remove confidential files, and, when necessary, destroy the compromised systems through a master boot record (MBR) attack.
About McAfee
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC),
empowers businesses, the public sector, and home users to safely experience the
benefits of the Internet. The company delivers proactive and proven security
solutions and services for systems, networks, and mobile devices around the
world. With its Security Connected strategy, innovative approach to
hardware-enhanced security, and unique Global Threat Intelligence network,
McAfee is relentlessly focused on keeping its customers safe.