890602090856167d6e437c240c8755b2

2012 Recorded ICT Security Threats Pt.2

By Brandon Teoh 

This is the second part to EITN’s recorded security threats in the year 2012. Part 1 can be found here. Trends about ICT security threats tends to be a dry topic with an abundance information; people tend to stay away from the details. 


This article intends to do exactly the same – stay away from the details and go straight to the point. 

Information is gathered from variety of sources and includes security reports from Symantec, Kaspersky, TrustGo, Sophos, Blue Coat, RSA and etc. 

Hence, I present to readers, the conclusion of conclusions for 2012 in terms of ICT security in point form. 

1) Malwares for android were the main trust of malware development for 2012 

These malwares can be generalised into three categories SMS Trojans, advertising modules and exploits to gain root access to smartphones 

2) Malwares for Mac gained significant rise in 2012 

Two malwares are most deadliest for Mac platform. 

 

  • OSX.FalshBack.K –  affected 700,000 computers all running under Mac OS X in the first half of 2012. aka Trojan-Downloader.OSX.Flashfake.ab [Kaspersky]
  • Trojan.OSX.FakeCo.a – accounted for 52% of OS X malware infection for second half of 2012 – this malicious program masquerades as a video codec installation file.

 


3) Web attacks which primarily focus on exploiting third-party browser plugins (which are out-of-date), such as Adobe Reader, Adobe Flash Player, and Java 

Oracle Java overtook Adobe Flash as the most vulnerable platform; was responsible for 50% of these attacks while Adobe Flash accounted for 28% of the attacks. 

Web attacks are carried out via web attack toolkits. There are a variety of attack toolkits currently active; Blackhole, Phoenix, Nuclear Pack, Bleeding Life, and Eleonore are some of the more popular ones. 

4) Besides web attacks, the Internet was vulnerable to two other prominent threats 

Malicious URLs was responsible for 87.36% of all Internet-based threats which include download of malwares such as trojan. 

The rest are malicious scripts that hackers have injected in the code of compromised legitimate websites. This suggests there are many legitimate sites containing malicious code in the form of hidden iframe tags. Such scripts are used to perform drive-by attacks, in which the user (who does not see anything suspicious) is redirected to malicious online resources. 

5) Data breach 

More than 80% of data breaches that occurred this year were with organisations whose Internet presence is secondary to their main business, such as the healthcare and education sectors, where online access to services is often set up as a means of convenience instead of a business front. Viewing a website as an auxiliary service may mean laxer security, making them easier targets for data breaches. 

Percentages of data type exposed in a typical data breach. Source: Symantec



6) Russia was the most infected country in 2012

Demographic wise, Russia is at the top of the ranking for the second year in a row. Since last year, the level of risk for Russian users has increased from 55.9% to 58.6%. Unfortunately, the Russian segment of the Internet is home to numerous cybercriminal schemes. In 2012, cybercriminals took advantage of the growing popularity of online banking among individual users and entrepreneurs and actively spread malware targeting these systems. Another common scam in the Russian part of the Internet is making money on premium SMS messages: fraudsters ask users to pay for goods/services by sending a message to a premium number, but fail to provide the goods/services promised. 

7) Malwares were seasoning well 

Malwares were increasingly adept at taking advantage of seasonal celebrations such as Halloween, Valentine’s day, Christmas, special occasions such as Olympics, Disasters to propagate security threats. 

8) Top threats for 2012

 

  • Koobface – Koobface gang earned millions of dollars every year by compromising computers until Jan 2012 in which they were busted by authorities.
  • OSX.FalshBack.K – affected 700,000 computers all running under Mac OS X in the first half of 2012. aka Trojan-Downloader.OSX.Flashfake.ab [Kaspersky]
  • Trojan.OSX.FakeCo.a – accounted for 52% of OS X malware infection for second half of 2012 – this malicious program masquerades as a video codec installation file
  • Flamer – APT – the most complex malware threat since Stuxnet and Duqu
  • Android.Opfake – Android malware; variant of FakeInst SMS Trojan which accounted for 60% of total Android malware infection
  • SMSZombie – Android malware – infected more than 500,000 devices in China
  • Gauss – APT
  • Shnakule – malnet (malware network); distributed infrastructures within the Internet that are built, managed and maintained by cybercriminals.
  • Gozi Prinimalka – APT

 

The network of components that comprise the Shnakule malnet. Source: Blue Coat


Hence, the take-away points are that malwares for both Android and Mac are increasing, Java security loopholes are rising, and Russia is not just a haven for those seeking mail-order brides, it is a nest of teeming cybersecurity infections, as well.




Leave a Reply

Please Login to comment
  Subscribe  
Notify of