10 Trending Cyberthreat Attacks In 201312:00 PM EST Wed. Aug. 28, 2013
Malware has risen sharply over the last three quarters, according to the McAfee Threat Report: Second Quarter 2013. McAfee said it currently has more than 147 million malware samples.
Spam is also on the rise, helping spread malware and phishing attacks. Mobile threats are also increasing, McAfee said, including new backdoor Trojans and banking malware targeting mobile devices this quarter.
Malware that uses stolen digital certificates to pose as legitimate software increased by 50 percent, McAfee said. In addition, Web-based attacks, designed to target vulnerable browser components comprise almost three-fourths of the Internet's malicious activity, McAfee said.
Here's a look at the latest attack trends and hacking techniques, according to McAfee's threat report.
AutoRun malware, a longstanding threat targeting Microsoft PCs using malware on thumb drives, doubled at the start of the year, according to McAfee. Microsoft addressed the issue years ago, but it continues to target PCs that haven't been patched with the latest security updates.
Rootkits, which are designed to evade detection and remain on victim's systems for a lengthy period of time, continue to decline, according to McAfee. The company said rootkits have been trending downwards since the middle of 2011.
The rootkit itself is only designed to remain stealthy, but it typically contains other malware, such as keyloggers, designed to record keystrokes, and password stealers. Rootkits are also used to bring an infected machine into a larger botnet. ZeroAccess is the most prevalent rootkit, according to recent studies. According to security firm Sophos, ZeroAccess is often connected to popular exploit toolkits including Blackhole. It is used to fuel click-fraud campaigns and spread spam.
Security vendors have been increasingly labeling freely available Android applications as spyware due to their behavior of uploading SMS messages, call logs and location information to a remote server without informing the device owner. And, McAfee said the threat is increasing. One of the latest attacks detected by McAfee uses a mobile app that masquerades as a legitimate font installer app for Android devices. Another threat pretends to be software for syncing a user's phone.
A recent report by San Francisco-based Lookout Mobile Security tied mobile spyware activity to Russian cybercriminal gangs. An affiliate network has earned some attackers up to $12,000 a month, the firm said.
Master boot record malware, which can add malicious functions when a user starts up the PC, declined slightly in the second quarter, but it remains at a level that is the second-highest figure McAfee has recorded.
One high-profile malware called Shamoon targets Windows NT systems and was used in the attacks on Saudi oil production firm Aramco. The attacks are dangerous because the malware contains destructive functionality, giving cybercriminals the ability to erase the entire hard drive of a victim's system and the servers of businesses. The attacks prompted security experts to call for system redundancy and offline backups of critical systems and files.
Ransomware, which locks a victim's infected machine and demands payment for the unlock code, has been steadily increasing, McAfee said. The number of new, unique malware samples this quarter is greater than 320,000, more than twice as many as last quarter, the company said.
Ransomware attacks are growing in popularity over fake antivirus software because attackers have figured out that they can use anonymous payment services to keep security researchers and law enforcement from tracking them down, according to McAfee.
The number of suspicious URLs that lead to sites hosting malware and phishing attacks continues to increase. McAfee said it logged more than 74.7 million suspicious URLs by the end of June, which represents a 16 percent increase over the first quarter of 2013.
Google, Bing, Yahoo and others join McAfee and other security firms to constantly rate the reputation of websites. McAfee said it will label a URL suspicious if its automated systems "find combinations of questionable code and functionality." The 74.7 million URLs it is tracking refer to 29 million domain names, up 5 percent from the previous period, McAfee said.
McAfee said it is charting a decline in the number of new phishing URLs over the last quarter. The firm said the number of new phishing URLs ebbs and flows throughout the year, trending upward typically during the holiday season.
The top five industries being targeted by phishers include finance, online auction sites, government, shopping and services, McAfee said. Companies in the U.S. are the most frequently targeted, with Amazon, American Express, Deloitte and eBay leading as the top companies being targeted.
Spam volume has now reached 2010 levels at 2 trillion messages, McAfee said. Spam volume also rises and falls throughout the year. Spam in the United States decreased by 16 percent, McAfee said.
The U.S. hosts the most sites used for spam purposes, McAfee said. Delivery service notification teasers remain popular as well as drug offers. Much of the spam identified in the last quarter contained subject lines related to the Boston Marathon bombings. Many of the messages contained links to malware, McAfee said.
Botnet infections had been on the decline since May of 2012, but McAfee said it has begun charting an increase in the last quarter. Cutwail remains the largest botnet, infecting 6 million PCs during the second quarter, McAfee said.
Cutwail sends out spam, but it is also connected to the spread of banking Trojans and other malware that are embedded in malicious document files. Researchers said in May that a new Cutwail communications mechanism makes it more resilient to take downs. The bulk of the latest Cutwail infections are in India, Iran and Mexico.
Distributed denial-of-service attacks against the infrastructure that supports the Bitcoin have resulted in wild swings in the virtual currency's value, McAfee said. Law enforcement cracked down on some of the cybercriminals behind the attacks. But, malware is available on the black market that can be used to infect PCs and servers to use the computing power to mine Bitcoins without the owner's knowledge. Account holders are at an increased risk of attack from phishers and attackers attempting to drain accounts, McAfee said. Other forms of e-currency are available and also come with serious risks, the security firm said.