Attackers will continue to blur boundaries
to launch attacks against and via any
technology or device
Cybercriminals and attackers will use mobile devices as well as reliable exploits to gain entry to systems. While “wearable” technologies start to gain traction, attacks to these technologies/devices will be minimal and will only be for research. Businesses and end-users alike will have to battle threats to mobile banking, as well as ensuring that their online privacy is intact.
News about cybercrime circulated in recent months. The takedown of Liberty Reserve, an illegal digital currency system, and the recent seizure of the online black market, Silk Road, were among the many incidents this quarter that triggered greater public awareness of online threats. The arrest of the alleged Blackhole Exploit Kit creator in October also proved that cybercrime is indeed a business that thrives right under our noses.
Device Flaws Lead to Risky Trail
The TrendLabs 2012 Annual Security Roundup showed that the past year ushered in the post-PC era as cybercriminals embraced mobile malware use. Mobile malware remained a big problem for users this quarter though the main concern went beyond their sheer number. The discovery of OBAD malware and the “master key” vulnerability highlighted cybercriminals’ ability to find ways to exploit flaws in the Android™ ecosystem. We noted that these incidents were designed to bypass security measures and serve as other means for cybercriminals to gain control over devices.
While exploits and vulnerabilities are a common problem for users, zero-day exploits in high-profile applications are relatively rare. That was not the case in the first quarter of 2013. Multiple zero-day exploits were found targeting popular applications like Java and Adobe Flash Player, Acrobat, and Reader.
In addition, as predicted, we saw improvements in already-known threats like spam botnets, banking Trojans, and readily available exploit kits.
Other high-profile incidents include the South Korean cyber attacks in March, which reiterated the dangers targeted attacks pose. On the mobile front, fake versions of popular apps remained a problem though phishers found a new target in the form of mobile browsers.
Experts have been predicting the coming “post-PC” era for a few years. So the question has been, “when will we know that it’s really here?” A simple answer is, we’ll know it’s really here when cybercriminals move beyond the PC. By that measure, 2012 is truly the year we entered the post-PC era as cybercriminals moved to embrace Android, social media platforms, and even Macs with their attacks.
Android seems to be repeating history by way of Windows. The platform’s growing dominance in the mobile landscape echoes that of Windows in the desktop and laptop space. And much like Windows, Android’s popularity is making it a prime target for cybercriminals and attackers, albeit at a much faster pace.
Smartphones are to the early 21st century what the PC was to the late 20th century–a universal tool valued for its productivity and fun factor but hated for the problems it can bring. Since smartphones are handheld computers that communicate, the threats they face are both similar and different from the PC challenges many of us are familiar with. Like the PC, many of today’s mobile malware prey upon the unwary. However, the nature of the mobile malware threat is, in some ways, very different.
Malware targeting Google’s Android platform increased nearly sixfold in the third quarter of 2012. What had been around 30,000 malicious and potentially dangerous or high-risk Android apps in June increased to almost 175,000 between July and September.
This report will examine what led to the increase and what it means for users and developers alike.
Any kind of business can expose itself to attacks when its employees open themselves up to external threats. Most small businesses are not convinced that bad guys are after them. What they do not know is that everyone is a likely target, regardless of size. Attackers are now carefully selecting their targets, moving away from launching large-scale attacks to focus on more specific and somewhat more “personal” targets.
“Mobile technology” is just what the name implies—portable technology that isn’t limited to mobile phones. This also includes devices like laptops, tablets, and global positioning system (GPS) devices. As with any other kind of technology though, there are drawbacks to “going mobile.” Mobile devices can expose users’ and organizations’ valuable data to unauthorized people if necessary precautions are not taken against mobile threats.
True to one of our predictions for the year, 2011 has been dubbed the “Year of Data Breaches,” as we witnessed organizations worldwide succumb to targeted attacks and lose what we have come to know as the new digital currency—data. As individuals and organizations alike embark on the cloud journey, we at Trend Micro, along with our fellow cybercrimefighters in law enforcement and the security industry, will continue to serve our customers by providing data protection from, in, and for the cloud.