News about cybercrime circulated in recent months. The takedown of Liberty Reserve, an illegal digital currency system, and the recent seizure of the online black market, Silk Road, were among the many incidents this quarter that triggered greater public awareness of online threats. The arrest of the alleged Blackhole Exploit Kit creator in October also proved that cybercrime is indeed a business that thrives right under our noses.
The TrendLabs 2012 Annual Security Roundup showed that the past year ushered in the post-PC era as cybercriminals embraced mobile malware use.1 Mobile malware remained a big problem for users this quarter though the main concern went beyond their sheer number. The discovery of OBAD malware and the “master key” vulnerability highlighted cybercriminals’ ability to find ways to exploit flaws in the Android™ ecosystem. We noted that these incidents were designed to bypass security measures and serve as other means for cybercriminals to gain control over devices.
More online banking threats were seen in different countries this quarter, specifically in Brazil, South Korea, and Japan. These highlighted the need for increased awareness of online banking security. Cybercriminals also came up with more diverse attacks that used various social engineering lures, single sign-on (SSO) and multiprotocol services, and blogging platforms for their malicious schemes. Vulnerability disclosure also became a hot topic this quarter in response to the flurry of zero-day incidents at the beginning of the year.
Enterprises continued to battle targeted attacks. The Naikon campaign was primarily seen in Asia/Pacific while our research on the Safe campaign revealed victim IP addresses spread throughout 100 countries worldwide. These stress the importance of strengthening enterprise defense against targeted attacks while coming up with proactive solutions to protect corporate networks.
While exploits and vulnerabilities are a common problem for users, zero-day exploits in high-profile applications are relatively rare. That was not the case in the first quarter of 2013. Multiple zero-day exploits were found targeting popular applications like Java and Adobe Flash Player, Acrobat, and Reader.
In addition, as predicted, we saw improvements in already-known threats like spam botnets, banking Trojans, and readily available exploit kits.
Other high-profile incidents include the South Korean cyber attacks in March, which reiterated the dangers targeted attacks pose. On the mobile front, fake versions of popular apps remained a problem though phishers found a new target in the form of mobile browsers.
Stay up-to-date to stay protected.
Experts have been predicting the coming “post-PC” era for a few years. So the question has been, “when will we know that it’s really here?” A simple answer is, we’ll know it’s really here when cybercriminals move beyond the PC. By that measure, 2012 is truly the year we entered the post-PC era as cybercriminals moved to embrace Android, social media platforms, and even Macs with their attacks.
Android seems to be repeating history by way of Windows. The platform’s growing dominance in the mobile landscape echoes that of Windows in the desktop and laptop space. And much like Windows, Android’s popularity is making it a prime target for cybercriminals and attackers, albeit at a much faster pace.
Banking Trojans have long been used to steal users' online banking credentials in North America and Western Europe. A crimeware tool primarily used to steal money, ZeuS, signaled in a new wave of cybercrime where different groups cooperated with one another for online theft. On the other hand, CARBERP is a popular malware family that specifically targets banks in Eastern Europe and Central Asia. Though recent reports reveal that the masterminds behind CARBERP were arrested in April 2013, the days of online banking theft in Eastern Europe are far from over.
Read The Apollo Campaign (PDF)
This research paper provides some thoughts on how to configure a network in order to make lateral movement harder to accomplish and easier to detect, as well as how to prepare to deal with an infection. Given the advances attackers have been making, it is very unlikely that organizations will be able to keep motivated and patient adversaries out of their networks. In most cases, the best one can hope for is to detect targeted attacks early and limit the amount of information the attackers can obtain access to.
Read Suggestions to Help Companies with the Fight Against Targeted Attacks (PDF)
Phishing is a long-running problem that has taken a turn for the worse. Phishing emails now so closely resemble legitimate ones, making it very difficult both for users and automated systems alike to tell them apart. As such, users end up clicking links embedded in phishing messages that take them to malicious sites, which directly or indirectly steal their personal information.
Read Email Correlation and Phishing (PDF)
In recent years, we have seen a steady increase in the volume of spam originating from compromised websites. While these could be attributed to many parallel and isolated attacks primarily due to the vulnerable nature of the sites that are exploited, one particular operation we have dubbed "Stealrat" caught our attention. In as little as over two months, we have seen more than 170,000 compromised domains or IP addresses running WordPress, Joomla!, and Drupal send out spam.
APT campaigns aggressively pursue and compromise specific targets to gain control of a company’s computer system for a prolonged period of time. To make a targeted attack successful, the communication channel between a threat actor and the malware inside a network must always remain open and unknown. Know how leveraging threat intelligence can help detect this malicious network traffic by reading this primer.
As 2012 drew to a close, SMBs, along with most organizations, should have taken a step back and learned from the past year. With mobile devices fast becoming part of workplaces and the increased availability of cloud services, SMBs should adopt security practices to fully protect their assets. This year, the Android malware volume is expected to hit the 1 million mark. The continuous use of cloud services will also play a key part in the SMB threat environment. This primer runs through five predictions SMBs should take note of.
In 2013, managing the security of devices, small business systems, and large enterprise networks will be more complex than ever before. Users are breaking down the PC monoculture by embracing a wider variety of platforms, each with its own user interface, OS, and security model. Businesses, meanwhile, are grappling with protecting intellectual property and business information as they tackle consumerization, virtualization, and cloud platforms head-on. This divergence in computing experience will further expand opportunities for cybercriminals and other threat actors to gain profit, steal information, and sabotage their targets’ operations.
Users face various unwanted app routines in the current mobile landscape. Given this situation, market owners have taken certain measures like providing safety guidelines, conducting prerelease quality assurance checks, and introducing access permission layers at the OS level. Unfortunately, these are still far from being fool-proof solutions. The reality is: Users are responsible for checking if the apps they download are legitimate or not.