Mobile Growth Leads To Malware Surge, McAfee Says - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
News
9/4/2012
06:06 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Mobile Growth Leads To Malware Surge, McAfee Says

Many recently discovered threats update old tactics. Android devices the most popular targets.

11 Security Sights Seen Only At Black Hat
11 Security Sights Seen Only At Black Hat
(click image for larger view and for slideshow)
McAfee's latest Threats Report, released Sept. 9, makes one thing clear: as much as mobile device proliferation has been a boon for vendors and developers, it's also been a field day for writers of malicious code. Indeed, the second quarter of 2012 witnessed the biggest increase in detected malware in four years, with 1.5 million new dangers recorded since Q1.

McAfee's database of dangerous programs swelled to more than 90 million listings, and the firm projects the tally will top 100 million by next quarter.

The dramatic uptick doesn't necessarily mean that the Internet is fundamentally more precarious, however; many of the recently discovered threats are simply updated takes on old tactics, and with more users carrying tasks across multiple devices and platforms, an increase in cybercrime makes sense. Nevertheless, the report highlights not only the ongoing diligence users must maintain toward security, but also the familiar dangers that might be lurking in new, less suspicious disguises.

Total mobile malware detections were up around 600% year-over-year, although Q2 saw new threats drop by around 30% relative to Q1's all-time high. Android was the most popular mobile target, with SMS-sending programs, mobile botnets, and Trojans among attackers' favorite tools. The fact that Android is not unassailable is no secret, but recent reports suggest that Jelly Bean might thwart sinister activity more effectively.

[ Is Bouncer a wimp? Read Google Bouncer Beat Up By Security Researchers. ]

McAfee emphasized that Android drive-by downloads rely on the same modus operandi they've employed to torment PC users: a device need only visit an infected site to download compromised software. "Attacks that we've traditionally seen on PCs are now making their way to other devices," said Vincent Weafer, senior VP of McAfee Labs, in a statement. The full report issues an even stronger warning: "Mobile malware is certainly not proof-of-concept or early code. It is fully functional and mature."

Botnet attacks, meanwhile, reached a 12-month high, in part because they have cleverly harnessed Twitter. This new deployment allows a perpetrator to anonymously network infected accounts to generate spam, issue viruses, or crash Web servers. Such tactics previously required a dedicated server, be it purchased or stolen, but Twitter enables hackers to leverage others' resources without these logistic challenges. Though predicated on a newer platform, the approach mirrors previous attacks on relay chat servers, McAfee notes.

Ransomware steadily increased; after topping 20,000 new reports the first time in Q3 of 2010, 2012 detections now total more than 120,000. Corrupting AutoRun files accounted for 1.2 million new samples, meanwhile, and password-stealing programs, with 1.6 million discoveries, were also a prominent threat. Signed malware--which tricks users into trusting a file, often via a stolen certificate--also reached a new high.

Apple users, accustomed to relative immunity from cyber mischief, still experience relatively few problems compared to Windows users--but as Flashback demonstrated, Macs no longer hold exempt status; it's clear that "malware can be written for any operating system and any platform," claimed McAfee.

Alex Smith, a senior analyst at Canalys, attributed increased malware activity to the greater diversity of devices and platforms. The sheer number of Android devices, he said in an interview, is a "huge opportunity for malicious hackers."

Smith identifies virtualization, which was recently exposed to the bad code parade, as a particular challenge. "We need dedicated virtual technologies [for security]," he claimed, adding that the "incumbent technologies might not be the optimal solution in this virtual world." Smith hesitated to say the Internet's actual danger had grown in proportion with McAfee's numbers. He remarked that the fragmented anti-malware industry is no longer confined to traditional powers such as McAfee and Symantec. With international competitors including Panda, AGV, Avast, and Kaspersky, "there are a lot of vendors looking to tackle the problem." That is, with more watchful eyes directed at potential threats, security experts have grown more adept at identifying new malware.

Even so, he said that more hackers are at work than before. With growing numbers of technology-savvy users in Eastern Europe and Asia, he said, it's inevitable that some "bad apples" surface. Black market malware toolkits allow these new entrants to make strides quickly.

Still, Smith says the biggest threat could come from legitimate developers, as sloppy coding could open security vulnerabilities.

Cybercriminals are taking aim at your website. Is your security strategy up to the challenge? Also in the new, all-digital 10 Steps To E-Commerce Security issue of Dark Reading: About half of the traffic to e-commerce sites is machine generated--and much of it is malicious. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Commentary
Why IT Leaders Should Make Cloud Training a Top Priority
John Edwards, Technology Journalist & Author,  4/14/2021
Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Commentary
Lessons I've Learned From My Career in Technology
Guest Commentary, Guest Commentary,  5/4/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll