McAfee's latest research into malware has identified the biggest increase in malware samples detected by the company in the last four years.
New trends include mobile “drive-by downloads”, the use of Twitter for control of mobile botnets and the emergence of mobile “ransomware.”
According to the McAfee Threats Report: Second Quarter 2012, McAfee Labs detected a 1.5 million increase in malware since the first quarter of this year alone, as well as a malware sample discovery rate that is accelerating to nearly 100,000 per day.
Meanwhile, the BYOD phenomenon continues to open up new attack vectors, frequently because devices brought in from outside the enterprise are often improperly secured, or are used to access questionable Web resources. This vulnerability appears to be especially acute among devices that use Google's Android OS, given that this platform continues to be highly targeted by malware authors.
According to McAfee, virtually all new mobile malware detected in second quarter 2012 was directed at the Android platform, and it was comprised of SMS-sending malware, mobile botnets, spyware, Trojans and even mobile ransomware, which is solidifying its place as a new tool in the criminal arsenal. While the damage from this attack vector can often be more personal in nature, ransomware can also be used to damage equipment and hold data hostage, as its name would imply.
"Cyber criminals are actually getting very creative at avoiding detection," said Pat Calhoun, senior vice president and general manager, network security for McAfee.
"They are also getting a lot better at identifying exactly what they want to go after. It's no longer about mass disruption. It's much more about going after highly targeted information or individuals. And, a lot of the technology that they are leveraging is helping them to do that. Social media for example, is useful tool to them."
Calhoun explained that attackers can often use social media to generate lists of people whom users know and trust.
"For example, if I can hack into your social media, I can find out who you are, who your friends are, and what your interests are. I could then craft an email that looks like it comes from one of your friends that includes a document that contains malware. But, I can make it look legit based on my knowledge of your friend and what your mutual interests would be."
Meanwhile, botnet infections have reached a 12-month high, with the United States emerging as the global leader in hosting botnet command-and-control servers. Criminals have also begun using Twitter to support mobile botnet command-and-control.
Increases in malicious domains
The report also says that thumb drive malware has shown significant growth in the recent quarter with nearly 1.2 million new samples identified, while the password-stealing malware category has shown an increase of nearly 1.6 million new samples.
The research efforts have also recorded an average of 2.7 million new bad URLs per month. In June, these new URLs were related to about 300,000 bad domains, which is equivalent to 10,000 new malicious domains every day, according to McAfee. Nearly 95 percent of those URLs host malware of one form or another.
Each quarter, the McAfee Labs team of 500 multidisciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analysing data and correlating risks. The research is then used in McAfee's product development and other initiatives.
This article originally appeared at crn.com
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.