2013 So Far: F-Secure Finds Java Exploits Jump, Android Malware Emerges Outside App Stores
A continued rise in exploit-based attacks, particularly against Java, and an increasing sophistication in mobile threats characterized the first half of 2013, which saw its share of interesting developments in the world of digital security. According to F-Secure's new Threat Report 1H 2013, published today, nearly 60 percent of F-Secure's top 10 detections in the first half of 2013 were exploits.
Exploits: the most common attack vector
The high percentage of exploits detected by F-Secure is a good thing, according to Sean Sullivan, Security Advisor at F-Secure Labs. "The fact that the majority of our top 10 detections are blocking exploits rather than dealing with payloads -- that means we're doing a good job of making sure the malware itself doesn't even get the chance to enter the machine," he said.
Users in the US saw the most vulnerability-related attacks, with 78 out of every 1000 users encountering an exploit attempt. Germany and Belgium followed with 60 out of 1000 encountering exploit attempts. Java-targeted exploits lead the pack of exploits as a whole, making up almost half of the top ten detections, up from a third the previous half-year.
Exploits are programs, but they are simply another vehicle for getting malware onto a machine, like an infected USB drive or email. Usually attacking via malicious or compromised websites, they take advantage of flaws in the code of a computer's installed applications to access the computer and infect it with malware that can spy on the user, steal passwords or other sensitive data, or allow cybercriminals to take control of the machine.
Mobile malware: not just in app stores anymore
358 new families and variants of Android malware were discovered by F-Secure Labs in 1H, nearly doubling the total number the Labs has ever discovered to 793 (the number of Android samples found in 1H was over 230,000 including spyware and adware; malware samples alone numbered over 180,000). Symbian followed with 16 new families and variants. No new families or variants were discovered other mobile platforms.
Android malware isn't just distributed by app stores anymore, either. The first half of 2013 saw distribution by malvertising and by drive-by downloads while visiting a compromised site. Malvertising, or advertisements that lead users to malicious products, is increasingly being used to distribute mobile malware, due in part to its wide reach. And while still less sophisticated on a mobile than on a PC, drive-by downloads are expected to continue as an attack vector. Mobile drive-bys use a notification message asking if the user wants to install the app, making them more obvious than PC drive-bys, with the option to circumvent them.
Stels, an Android trojan that serves multiple purposes from building up botnets to stealing mobile Transaction Authentication Numbers (mTANs) as a banking trojan, uses methods that are usually characteristic of Windows malware, such as spam as a distribution method. This serves as evidence that Android malware is advancing closer to reaching the highly developed level of Windows threats.
APT threats, Bitcoin mining, and Mac malware
APT threats have become a major talked-about threat to the data security of organizations and industries, and now F-Secure Labs has constructed a rough overall picture of the kind of victims APT attackers are targeting. For details on that study of 100 documents used in targeted APT attacks, plus a look at the very lucrative practice of Bitcoin mining and the latest in Mac malware, phishing and more, check out the complete 1H 2013 Threat Report at: http://www.f-secure.com/en/web/labs_global/.
Note: F-Secure Labs focuses on counting the numbers of families and variants of malware rather than simply the number of unique samples. To attempt to avoid detection of their malware, cybercriminals use automation that makes slight changes to malware code -- resulting in new malware samples that are fundamentally still the same malware family or variant. Counting families and variants provides a more realistic measurement of threats than counting samples alone.
F-Secure - Protecting the irreplaceable
While you concentrate on what is important to you, we make sure you are protected and safe online whether you are using a computer or a smartphone. We also backup and enable you to share your important files. Our services are available through over 200 operators around the world and trusted in millions of homes and businesses. Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.
Related News
It is no secret how mobile Android devices are vulnerable to a wide range of attacks, which could have drastic consequences for consumers. Especially when it comes to financial details being leaked, these Android vulnerabilities will need to be addressed sooner rather than later. Accessibility clickjacking is one of the more recent forms of malware putting over 500 million devices – and Bitcoin users around the world – at risk. Accessibility Clickjacking is A Major Risk On Android. Earlier this month, security researchers unveiled more details on a new type of malware that is putting....
Cryptocurrency mining malware for PC platforms has been around for a while, but now it has gone mobile, specifically via the Android OS. A team of security researchers from Trend Micro has managed to identify two apps that can use your Android device to mine litecoin and dogecoin. The apps in question are called Songs and Prized, and both are available from the Google Play Store. Songs has between one and five million downloads so far, while Prized has 10,000 to 50,000 downloads. This is not the first case of mining malware targeting new and unusual platforms. Linux recently got what was....
Android users all over the world have been the target of many dangerous types of software over the past years, and there is no end in sight just yet. One of the latest exploits plaguing the Android ecosystem is a new version of the Stagefright bug. Unfortunately for Android users, this latest iteration of Stagefright exploits a vulnerability in MP3 and MP4 files, both are oftenly used media types on mobile devices these days. Once an Android device is infected with the Stagefright 2.0 bug, attackers can use this vulnerability execute code. Various use cases can be found for executing....
Over one million Android devices have become victims of mass malware hidden in apps called Gooligan. Research by security firm Check Point Software Technologies (CPST) this month released startling evidence that the malicious software is present in almost 100 apps. Gooligan: 74 percent of devices ‘vulnerable’. CPST has now begun working with Android’s security team to protect user accounts. It is said that at particularly risk is Gmail, Google Docs and Google Play accounts, among others. The company wrote in a blog post on Wednesday: “The infection begins when a user downloads and installs....
A recent discovery by security experts has revealed the existence of a malware that specifically targets Android users in the US, Canada, Italy, Portugal, Spain, and Belgium. Known as Xenomorph, the perpetrators behind this highly advanced Android banking trojan have been consistently directing their efforts towards European users for more than a year. However, they […]