New Tricks For Old Security Attacks: 8 Q2 Trends To Watch10:15 AM EST Mon. Aug. 29, 2011
With the close of the second quarter, inevitably comes a barrage of retrospective analysis on the threat landscape.
Kicking off the quarter was a rapidly spreading Fake AV attack that knocked the socks off Mac users when it swept ungallantly through their OS Xs. Additionally over the last three months, researchers have agreed that the threat landscape has evolved to include a dearth of mobile malware, particularly for the open source Google Android OS, as more and more users rely on their smartphones, tablets and other mobile devices for day to day activities.
Also during this quarter, political hacktivists have taken center stage in order to execute a slew of high-profile, public attacks, protesting everything from the Turkish government to the San Francisco Bay Area Rapid Transit system.
Here are a few of the quarter’s security attack highlights.
Researchers have seen a huge spike in malware designed to attack mobile platforms, and the upward trajectory doesn’t seem to be coming to a halt any time soon.
According to a Q2 McAfee Threats Report Google’s Android OS seemed to be the attack vector of choice. During Q2, Android malware comprised about 60 percent of the total 1,200 mobile malware samples collected by McAfee researchers, representing a 76 percent increase from Q1, according to the McAfee report.
One popular Android attack was the KunFu Backdoor, which collects information about the infected device and sends it to cyber criminals and then waits to receive commands from the control servers found to be using hosting services based in China. KunFu Backdoor Trojan, spread via unofficial app stores, can be installed without any knowledge and will download malicious app bundles and Web sites. The Trojan is mainly spread via unofficial app stores and primarily targets Chinese users.
All you have to do is look at the latest news headlines to know that political hacktivism — hacking conducted to issue political statement or protest governments or organizations — is alive and well.
During the second quarter, the hacker group LulzSec morphed back into the global hacker collective Anonymous, which carried on the legacy of politically motivated hacks, researchers at Kaspersky Lab highlighted in a Q2 threat report.
As with LulzSec, Anonymous was not interested in money, but rather in sending a particular message. The groups also relied on social media such as Twitter as well as community bulletin boards such as pastebin.com to disseminate their message.
Adobe flaws comprised seven of the top 10 most prolific vulnerabilities, six of which occurred in Adobe Flash Player, followed by Oracle Sun-Java glitches, according to Kaspersky Labs’ IT Threat Evolution Q2 2011 report. The report noted that for the first time, the top 10 vulnerability list featured products from just two companies: Adobe and Oracle, while excluding Microsoft offerings. “This is due to improvements in the automatic Windows updates mechanism and the growing proportion of users who have Windows 7 installed on their PCs,” Kaspersky Lab researchers said in their report.
Incidentally, the report noted that for the first time, the top 10 vulnerability list featured products from just two companies: Adobe and Oracle, while excluding any Microsoft offerings.
Spam continued its gradual decline, thanks in part to the takedown of two major botnets, Bredolab and Rustock, over the last 12 months.
A Symantec Global Intelligence Network report found that e-mail spam declined to 75.9 percent, representing a decrease of almost 2 percentage points compared to July.
As usual, pharmaceutical spam comprised the largest percentage -- 40 percent -- of total spam in August, representing a 7 percent decrease from July.
Pharmaceutical spam was followed by adult/sex/dating sites, which actually increased from 14.5 percent to 19 percent of all spam between July and August. Watches and jewelry spam came in third at 17.5 percent in August, followed by unsolicited newsletters and casino/gambling sites.
In May of the second quarter, Mac OS X users were unexpectedly pummeled by a fake antivirus program known as Mac Defender.
Indeed, much to the chagrin of Mac users all over the world, the Fake AV programs that had plagued untold numbers of PC users had finally evolved to incorporate the Mac OS X platform. Similar to many Fake AV programs, the MacDefender malware infected users via malicious Web sites that made their way to the top of the Google Image search results through SEO poisoning attacks.
Users that clicked on the links were then offered a bogus security scan, and then subjected to a message alerting them (often falsely) that their computer was plagued with malware. The phony scan was followed by an offer to install a “free” antivirus product. Users who agreed to insall the software were asked to submit their administrator password. Once installed, the program required users submit credit card information to pay a fee from anywhere between $50 to $100.
True to form, malware continued its upward trajectory during the second quarter. A McAfee Threats Report Second Quarter 2011 revealed a 22 percent rise in malware compared to 2010, with six million unique malware samples detected throughout the quarter.
Boosting the malware growth was a steady increase in rootkits, known for containing capabilities that evades the operating system and security mechanisms, which experienced a 38 percent growth over second quarter 2010. Two of the most popular rootkits thus far include the Koutodor and the TDSS, both designed to obfuscate malware and steal data.
In addition, the malware landscape saw slight increase in phishing attacks, according to the Symantec Intelligence Report for August, with the public sector remaining the most targeted in August, followed by attacks against chemical and pharmaceutical, IT services, retail and education.
During Q2, the BitCoin market took a nosedive after hackers targeted account holdings of a large number of Bitcoins at a very low price. It was later revealed that the account in question was hacked due to a leaked database of logins, e-mail addresses and hash passwords belonging to the exchange’s users.
Administrators suspended trading while voiding all suspicious transactions once the sharp drop in the exchange rate was discovered. Bitcoins are digital currency that enable payments and micropayments at a low cost, while avoiding need for oversight from central authorities and issuers.
Researchers at Kaspersky Lab estimate in their second quarter threats report that a malicious user gained access to the passwords and manipulated the exchange rate crash as part of a “get rich quick” scheme. Prior to that incident, a cross site request forgery vulnerability was detected that tricked users and forced them into embarking on a Bitcoin transaction.
The global economic meltdown and debt crisis has driven cyber criminals to create fresh waves of pump and dump stock schemes, enticing users with promises of lucrative rewards, according to researchers authoring the August Symantec Intelligence Report.
Pump and dump stocks are promoted by the sellers in order to artificially inflate the price in order to sell it at a high, before their value crashes to what it actually is. The interest of the stock coincides with the the ending of the spam campaign spam campaign, which in turn serves to drive the actual valuation to even lower depths. Researchers at Symantec found a dearth of such attacks, delivered via spam that attempts to coerce potential buyers that the penny stock is worth more than its valuation. “In the current turbulent environment, many people may be convinced to invest in stocks that the scammers claim will benefit from the market turbulence,” Symantec researchers said in the report.