Research Roundup: Current State of Cybercrime

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Recent reports from Bitdefender, TrustGo, McAfee, Trustwave, nCircle, Symantec, FireEye, Lookout, Alert Logic and Arxan Technologies assess the current state of malware (both mobile and PC-based), spam and other threats. From identifying the leading malware threats and infection vectors to examining security in the cloud, the reports provide a strong insight into the current state of cyber security.

Key findings include:

  • The volume of advanced malware that evades signature-based detection increased by almost 400 percent in the past year.
  • More than one in six mobile apps have high-risk code that can compromise user security.
  • 44 percent of adults aren’t aware that security solutions for mobile devices exist.
  • On-premise IT infrastructure is more likely to be attacked than cloud-based infrastructure.

For details, and more findings, read on.

Costs of Global Cybercrime

Symantec’s  2012 Norton Cybercrime Report [PDF file], based on self-reported experiences of more than 13,000 adults across 24 countries, states that the direct costs of global consumer cybercrime reached $110 billion over the past 12 months. Eighteen adults become victims of cybercrime every second, according to the report. That’s more than one and a half million cybercrime victims a day – with losses totaling an average of $197 per victim worldwide.

More Advanced Malware Infections

According to FireEye’s 1H 2012 Advanced Threat Report, which is based on data from the FireEye Malware Protection Cloud, advanced malware that evades signature-based detection has increased by almost 400 percent since 2011, to an average of 643 successful infections per week per company.

“The results of this report make it even more clear that reactive signature-based defenses cannot prevent evasive strains of malware from making their way into the enterprise,” FireEye founder and CEO Ashar Aziz said in a statement. “Attackers continue to remain a step ahead of traditional defenses, so organizations must rethink their IT security architecture and implement appropriate security measures to prevent advanced cyber attacks such as zero-day attacks and advanced persistent threats (APTs).”

Malware Infection Vectors

According to Bitdefender’s H1 2012 E-Threat Landscape Report [PDF file], Web-driven software exploits were the most popular form of malware delivery in the first half of 2012, thanks to the growth of Internet access worldwide and liberalized access to exploit packs. “Among the most vulnerable applications are Adobe Reader installations older than 9.04, the Java Runtime Environment 7 and older, as well as the Adobe Flash plugin,” Bitdefender senior e-threat analyst Bodgan Botezatu wrote in the report.

New Malware

The McAfee Threats Report: Second Quarter 2012 [PDF file] found the biggest increase in malware samples detected in the last four years, with the malware discovery rate accelerating to almost 100,000 per day.

“Over the last quarter we have seen prime examples of malware that impacted consumers, businesses, and critical infrastructure facilities,” McAfee Labs senior vice president Vincent Weafer said in a statement. “Attacks that we’ve traditionally seen on PCs are now making their way to other devices. For example, in Q2 we saw Flashback, which targeted Macintosh devices, and techniques such as ransomware and drive-by downloads targeting mobile.”

Malware by Type

According to the Trustwave 2012 Global Security Report, based on Trustwave SpiderLabs’ investigations of more than 300 breaches in 2011, memory-parsing malware accounted for 42.1 percent of the company’s investigations last year, with keystroke loggers and application-specific malware tied for second place at 13.2 percent each.


“Investigations in 2011 revealed attackers returning to upgrade their malware as new versions of the affected application software were released, confirming the sophistication and dedication of the organizations developing and deploying this malware,” the authors write.

Leading Malware Threats

ESET’s August 2012 Global Threat Report [PDF file] states that the leading malware threat in August was INF/Autorun malware, a variety of malware using the file autorun.inf as a way of compromising a PC.

“This file contains information on programs meant to run automatically when removable media (often USB flash drives and similar devices) are accessed by a Windows PC user. … Removable devices are useful and very popular: of course, malware authors are well aware of this, as INF/Autorun’s frequent return to the number one spot clearly indicates,” the report states.

Cybercrime Goes Mobile

According to Symantec’s  2012 Norton Cybercrime Report [PDF file], cybercriminals are increasingly targeting mobile devices. Thirty-five percent of adults have lost their mobile device or had it stolen, and 31 percent of mobile users say they’ve received a text message from someone they don’t know requesting that they click on an embedded link or dial an unknown number to retrieve a “voicemail.”

At the same time, the report states, mobile vulnerabilities doubled from 2010 to 2011. “Cybercriminals are changing their tactics to target fast growing mobile platforms and social networks where consumers are less aware of security risks,” Norton Internet Safety Advocate Marian Merritt said in a statement.

Mobile Security Policies

For nCircle’s 2012 Bring Your Own Device (BYOD) Security Trend Survey, the company surveyed more than 547 people in the IT security industry. According to the respondents, companies are gradually increasing their adoption of mobile device security policies. Seventy-one percent said their organization has a mobile device security policy, up from 58 percent in 2010.

“The surge in BYOD has IT department scrambling to make sure their networks can accommodate these devices securely,” says nCircle director of security research and development Lamar Bailey. “IT departments are buckling down and deciding on policies that determine how these devices can be managed with an acceptable level of risk.”

Mobile Apps under Attack

Arxan Technologies’ report, State of Security in the App Economy: Mobile Apps Under Attack, states that more than 90 percent of the top 100 paid mobile apps have been hacked, including 92 percent of the top paid iOS apps, and 100 percent of the top paid Android apps. Similarly, 40 percent of popular free iOS apps and 80 percent of popular free Android apps were found to have been hacked.

The types of hacks uncovered by Arxan included disabled or circumvented security, unlocked or modified features, free pirated copies, ad-removed versions, source code/IP theft, and illegal malware-infested versions.


“The integrity of mobile apps can be easily compromised through new tampering/reverse-engineering attack vectors,” Arxan vice president Jukka Alanen said in a statement. “The traditional approaches to application security such as secure software development practices and vulnerability scanning cannot address the new hacking patterns that we identified. The findings call for new approaches for mobile app owners to build protections directly inside their apps to withstand these new attacks.”

Top 10 Android Malware Threats

According to Bitdefender’s H1 2012 E-Threat Landscape Report [PDF file], the Trojan Android.Trojan.FakeDoc.A led with 21.83 percent of all mobile malware infections worldwide in the first half of 2012. “Before installation, the app requires access to the user’s Gmail account so it can covertly broadcast location, e-mails and carrier ID to an attacker-controlled server every four hours,” Bitdefender senior e-threat analyst Bogdan Botezatu wrote in the report.

Looking ahead, Botezatu wrote, “The popular Android platform will come under heavy fire in the next six months, as its open application distribution model facilitates the delivery of malware through repackaged applications, especially in areas where an official Play Store is not available, such as China.”

Risky Mobile App Marketplaces

According to TrustGo’s Summer Mobile Mayhem Report 2012, a study of 1.7 million apps found on 175 marketplaces across the globe from June to August of 2012 found that more than one in six mobile apps offered worldwide contain high-risk code that can compromise user security. Europe’s Aproov market is the safest marketplace in the world, according to the report, while Google Play is the fifth safest marketplace, with more than 90 malicious apps offered.

At the other end of the spectrum, China’s Anzhi marketplace is the riskiest marketplace worldwide. “Many Chinese users can’t access the Google Play marketplace, so a large number of third party stores have popped up to fill the void,” TrustGo founder and CEO Xuyang Li said in a statement. “Unfortunately, this has made China’s marketplaces especially insecure because many download sites haven’t set up controls necessary to keep bad apps off their platforms.”

Cybercrime Goes Social

According to Symantec’s  2012 Norton Cybercrime Report [PDF file], cybercriminals are focusing on new targets, including social networks, with 39 percent of social network users falling victim to social cybercrime. While 75 percent of social network users are aware that cybercriminals are targeting social networks, only 44 percent use a security solution that protects them from social network threats and only 49 percent use social network privacy settings to control what information they share and with whom.

On-premise vs. Cloud Security

According to Alert Logic’s Fall 2012 State of Cloud Security Report, which is based on operational data from more than 1,600 business customers with IT infrastructure in both on-premise and service provider and cloud environments, on-premise infrastructure is actually more likely to be attacked than cloud-based infrastructure.

“Businesses with on-premise IT environments consistently experienced more frequent attacks across a more diverse set of threats, compared to businesses with cloud-based IT infrastructure. … While roughly half of all customers – whether service provider or on-premise – were likely to have experienced a Web application attack, the average number of such attackers was 61.4 among on-premise customers,” the report states. “For service provider customers, it was 27.8.”

Jeff Goldman is a freelance journalist based in Los Angeles. He can be reached at jeff@jeffgoldman.com.