Malware numbers just keep growing

For all its efforts to protect citizen privacy, the revelation that the passwords of many Australian Tax Office (ATO) business customers had been stored in plain text highlighted the persistent ability of human error – in this case, at an ATO subcontractor with data stored external to the organisation – to compromise security measures.

Ditto revelations from the ABC that details of more than 50,000 Internet users were stolen and posted online by hackers that broke into the website for its Make Australia Happy television show. The hacker, who later claimed responsibility, said it was a politically motivated hack based on the ABC having interviewed Geert Wilders, a Dutch politician known for his outspoken hatred of Islam.

Yes, just about anything can get you hacked these days.Despite years of progress, these and myriad other hacks confi rm just how problematic security vulnerabilities remain – and it’s getting worse.

Indeed, in a marked shift from several years ago, the latest surveys of hacker activity suggest that the days of malware causing random, wanton damage through opportunistic infections are being joined by a new era of security issues: politically motivated cyber-attacks. Financially-motivated botnets rented to cybercriminals whose technical nous is only matched by their growing business acumen. Basement hackers who penetrate online platforms for nothing more than the thrill.

Reviews of security breaches during 2012 paint an extraordinary picture of the changing face of the online threat. And while high-profi le and political hacks grab the headlines, the underlying headline is that there is more malware, in more places, doing more damage, than ever before.

The Websense 2013 Threat Report , based on analysis of the more than 3 billion threats examined daily by the company’s Websense ThreatSeeker Network, found that the World Wide Web is being inundated with malicious links at a breakneck growth year-on-year growth rate of 600 per cent
(this ranged from 430 per cent in the APAC region to 720 per cent in North America).

Of that growth, 85 per cent of malicious sites were found on legitimate Web hosts – up from 82 per cent in 2011. And, according to similar research in the McAfee Threats Report: Fourth Quarter 2012
(which analyses the data processed by the McAfee Global Threat Intelligence network), 11 million new malware samples were collected during the latest quarter and suspicious URLs increased by 70 per cent over the same period. Most of these had fi nancial targets, but there was a rise in attacks on online
auctions and multiplayer online gaming.

Such figures show just how pervasive malware-infected websites have become, but they’re not the only threat to online users: only one in fi ve emails traversing the Internet were legitimate, according to Websense figures, while 32 per cent of malicious Web links transmitted via social-media networks were shortened Web links. Clearly, hackers are taking the fi ght to users wherever they spend their time.

Behaviour of this code is changing, too: although conventional registry-modifi cation behaviour decreased to just 7.7 per cent of malware, there was an increase in Web-connected malware. In this form of attack, the malware fi rst loads a nondescript bootstrap loader that quietly waits until defence systems have deemed it harmless – and then downloads and installs additional code that wreaks havoc.

Only one in five emails transversing the internet were legitimate, according to websense figures, while 32 per cent of malicious web links transmitted via social media networks were shortened web links

Fully half of Web-connected malware then downloaded additional executables within 60 seconds of the original infection, Websense reported; once that happens, target networks are at the mercy of unknown hackers.

“Explosive growth in several key indicators of global online criminal activity points to a crisis of trust,” the report’s authors warned, “as we question the viability of ‘standard’ security practices that have served us well over the past decade.”

New Attack Vectors

Much of this change has been driven by the increase in vulnerabilities posed by mobile devices. McAfee, for one, flagged the total number of mobile vulnerabilities at 36,669, most of which were discovered during 2012; just 792 of those were discovered in 2011, and some researchers expect the total to reach 1 million by the end of this year.

The growing security exposure of mobile devices is quickly creating a new threat for enterprises. As growing BYOD (bring your own device) programs see workers increasingly bringing such devices into their workplaces, and connecting them to corporate networks, the exploding volume of mobile malware has turned them into a security liability.

Google’s Android platform, in particular, is proving to be vulnerable, both through its design and through the prevalence of different operating-system versions, each having its own vulnerabilities and characteristics. Most of the mobile malware McAfee discovered targets the Android platform.

The Sophos Security Threat Report 2013, for one, found that 12 per cent of Android devices in Australia had been attacked by malware, making Australian Android users the most-hacked in the world. Given the platform’s 52.2 per cent global market share, that threat is signifi cant indeed – even more so because hackers are testing the capabilities and flexibility of Android with a range of scams ranging
from SMS spoofi ng and banking-details snooping, to rogue applications and malware that adds the device to a global malware botnet.

Symantec’s 2013 State of Mobility survey filled out the picture around corporate use of mobility, and the
security concerns it raises. While 76 per cent of Australian enterprises consider business drivers as an important reason for mobile adoption, there was a big gap between attitudes of ‘innovator’ and ‘traditional’ companies: fully 66 per cent of the former said the benefi ts of mobility outweighed the risks, while just 26 per cent of traditional companies agreed.

Innovators were more proactive in managing their mobile devices, with 60 per cent using technological policies to manage mobiles compared with 33 per cent of traditional companies. Innovators typically experienced 25 mobile security incidents last year, compared with just 12 for traditional companies.

The benefits paid off, however: innovators reported an average of 44 per cent revenue growth and 34 per cent profi t growth, compared with 30 per cent revenue growth and 23 per cent profi t growth for traditional companies.

It’s not all bad news, though: Australia is getting off relatively light on the world stage, according to the Sophos analysis. That report ranked Australia 15th out of 20 countries by TER (Threat Exposure Rate), a measure of the percentage of PCs that had experienced a malware attack in 2012.

That bodes well compared with contemporaries in other countries – but it’s not enough to be complacent. Fully 27 per cent of exploits were the result of malware automatically customised using the notorious Blackhole Web exploit kit, Sophos warned, which has swamped security defences with the sheer volume and ever-changing nature of the malware it produces. Blackhole is incredibly sophisticated
and offered to customers on a pay-per-use basis: these days, anybody can be their own malware vandal.

Another attack vector putting up strong numbers in 2012 was Java, the run-anywhere applications platform that was beset by such a disastrous series of penetrations that it became synonymous with application insecurity. More than 600,000 Macs were added to the global Flashback botnet
thanks to an unpatched Java vulnerability in Mac OS X. Security researchers found a way to bypass Java’s secure application sandbox, with other vulnerabilities keeping Java on the ropes for much of the year and into 2013.

The Resurgence of Trust

The rogue’s gallery of exploits in 2012 could fi ll volumes, but the fundamental underlying issue for companies trying to ensure security is that, taken together, the sheer volume and complexity of new threats is forcing security professionals to completely revisit their thinking about how their security
defences are constructed.

Most importantly, this includes a departure from the conventional perimeter defence. Whilst this might seem self-evident to many, a recent survey by SafeNet found that, of hundreds of US enterprise security professionals surveyed, 74 per cent said they believe their perimeter defences are effective – and are planning to increase their spend on the same technologies as ever. IDC figures peg the investment in perimeter-security tools to increase by 6.4 per cent annually through 2016.

12per cent of Android devices in Australia had been attacked by malware, making australian android users the most-hacked in the world

As Albert Einstein so famously said, the definition of insanity is doing the same thing over and over again, and expecting different results. No wonder fully one in every five respondents in SafeNet’s
State of the Data Breach survey said they wouldn’t trust their own organisation with their personal data. In response, the company launched what it’s calling a Secure the Breach Manifesto – a call for companies to stop relying on breachable perimeter defences and to instead use tools like in-situ encryption to render stored data useless to hackers even if they get around those defences.

The need for this type of defence is increasing steadily as attackers continue their push to develop more sophisticated and targeted attacks. Password-stealing Trojans grew 72 per cent during the fourth quarter, according to McAfee fi gures, and were marked by an apparently increasing focus on the financial-services sector. Meanwhile, stealthy malware targeting systems’ Master Boot Records increased 27 per cent over during the quarter; the firm expects them to become a primary attack vector through 2013.

With major security fi rms now operating cloud-based malware collection and analysis systems, the volume of attacks being reported and analysed continues to grow dramatically. Such systems are also providing telling statistics about the nature and volume of malware, which helps pinpoint changes in attack trends from week to week and quarter to quarter.

While vendors retain an academic interest in the state of malware, however, for enterprises all these numbers only mean one thing: the security threat is signifi cant, and only getting worse. Without taking a fresh look at your internal information security – and heeding the advice of those who
advise about the downfall of perimeter defences – you’ll be a sitting duck when the next malware revolution rolls into town.



Tags VulnerabilitiesmalwareIDCATOSafeNetexploitsSophos Security Threat report 2013Threat exposure rateSafenet State of the data breach surveyGoogle android platformMcafee Threats report Fourth quarter 2012Symantecs 2013 State of Mobility surveyattack vectorsWebsense 2013 threat report

Show Comments