Research Roundup: Current State of Cybercrime
Among the findings in recent security research: More than one in six mobile apps contain high-risk code that can compromise user security, and 44 percent of adults aren't aware security solutions for mobile devices exist.
Recent reports from Bitdefender, TrustGo, McAfee, Trustwave, nCircle, Symantec, FireEye, Lookout, Alert Logic and Arxan Technologies assess the current state of malware (both mobile and PC-based), spam and other threats. From identifying the leading malware threats and infection vectors to examining security in the cloud, the reports provide a strong insight into the current state of cyber security.
Key findings include:
- The volume of advanced malware that evades signature-based detection increased by almost 400 percent in the past year.
- More than one in six mobile apps have high-risk code that can compromise user security.
- 44 percent of adults aren’t aware that security solutions for mobile devices exist.
- On-premise IT infrastructure is more likely to be attacked than cloud-based infrastructure.
For details, and more findings, read on.
Costs of Global Cybercrime
Symantec’s 2012 Norton Cybercrime Report [PDF file], based on self-reported experiences of more than 13,000 adults across 24 countries, states that the direct costs of global consumer cybercrime reached $110 billion over the past 12 months. Eighteen adults become victims of cybercrime every second, according to the report. That’s more than one and a half million cybercrime victims a day – with losses totaling an average of $197 per victim worldwide.
More Advanced Malware Infections
According to FireEye’s 1H 2012 Advanced Threat Report, which is based on data from the FireEye Malware Protection Cloud, advanced malware that evades signature-based detection has increased by almost 400 percent since 2011, to an average of 643 successful infections per week per company.
“The results of this report make it even more clear that reactive signature-based defenses cannot prevent evasive strains of malware from making their way into the enterprise,” FireEye founder and CEO Ashar Aziz said in a statement. “Attackers continue to remain a step ahead of traditional defenses, so organizations must rethink their IT security architecture and implement appropriate security measures to prevent advanced cyber attacks such as zero-day attacks and advanced persistent threats (APTs).”
Malware Infection Vectors
According to Bitdefender’s H1 2012 E-Threat Landscape Report [PDF file], Web-driven software exploits were the most popular form of malware delivery in the first half of 2012, thanks to the growth of Internet access worldwide and liberalized access to exploit packs. “Among the most vulnerable applications are Adobe Reader installations older than 9.04, the Java Runtime Environment 7 and older, as well as the Adobe Flash plugin,” Bitdefender senior e-threat analyst Bodgan Botezatu wrote in the report.
The McAfee Threats Report: Second Quarter 2012 [PDF file] found the biggest increase in malware samples detected in the last four years, with the malware discovery rate accelerating to almost 100,000 per day.
“Over the last quarter we have seen prime examples of malware that impacted consumers, businesses, and critical infrastructure facilities,” McAfee Labs senior vice president Vincent Weafer said in a statement. “Attacks that we’ve traditionally seen on PCs are now making their way to other devices. For example, in Q2 we saw Flashback, which targeted Macintosh devices, and techniques such as ransomware and drive-by downloads targeting mobile.”
Malware by Type
According to the Trustwave 2012 Global Security Report, based on Trustwave SpiderLabs’ investigations of more than 300 breaches in 2011, memory-parsing malware accounted for 42.1 percent of the company’s investigations last year, with keystroke loggers and application-specific malware tied for second place at 13.2 percent each.
“Investigations in 2011 revealed attackers returning to upgrade their malware as new versions of the affected application software were released, confirming the sophistication and dedication of the organizations developing and deploying this malware,” the authors write.
Leading Malware Threats
ESET’s August 2012 Global Threat Report [PDF file] states that the leading malware threat in August was INF/Autorun malware, a variety of malware using the file autorun.inf as a way of compromising a PC.
“This file contains information on programs meant to run automatically when removable media (often USB flash drives and similar devices) are accessed by a Windows PC user. … Removable devices are useful and very popular: of course, malware authors are well aware of this, as INF/Autorun’s frequent return to the number one spot clearly indicates,” the report states.
By Jeff Goldman
November 20, 2012
The company's Francis deSouza calls it 'a transformation unlike anything we've seen before.'