2013 So Far: Java Exploits Jump, Android Malware Emerges Outside App Stores
Kuala Lumpur (24 September 2013) – A continued rise in exploit-based attacks, particularly against Java, and an increasing sophistication in mobile threats characterized the first half of 2013, which saw its share of interesting developments in the world of digital security. According to F-Secure’s new Threat Report H1 2013, being published today, nearly 60% of F-Secure’s top ten detections in the first half of 2013 were exploits.
Exploits: the most common attack vector
The high percentage of exploits detected by F-Secure is a good thing, according to Sean Sullivan, Security Advisor at F-Secure Labs. “The fact that the majority of our top ten detections are blocking exploits rather than dealing with payloads – that means we’re doing a good job of making sure the malware itself doesn’t even get the chance to enter the machine,” he says.
Users in the US saw the most vulnerability-related attacks, with 78 out of every 1000 users encountering an exploit attempt. Germany and Belgium followed with 60 out of 1000 encountering exploit attempts. Java-targeted exploits lead the pack of exploits as a whole, making up almost half of the top ten detections, up from a third the previous half-year.
Exploits are programs, but they are simply another vehicle for getting malware onto a machine, like an infected USB drive or email. Usually attacking via malicious or compromised websites, they take advantage of flaws in the code of a computer’s installed applications to access the computer and infect it with malware that can spy on the user, steal passwords or other sensitive data, or allow cybercriminals to take control of the machine.
Mobile malware: not just in app stores anymore
358 new families and variants of Android malware were discovered by F-Secure Labs in H1, nearly doubling the total number the Labs has ever discovered to 793. Symbian followed with 16 new families and variants. No new families or variants were discovered other mobile platforms.
Android malware isn’t just distributed by app stores anymore, either. The first half of 2013 saw distribution by malvertising and by drive-by downloads while visiting a compromised site. Malvertising, or advertisements that lead users to malicious products, is increasingly being used to distribute mobile malware, due in part to its wide reach. And while still less sophisticated on a mobile than on a PC, drive-by downloads are expected to continue as an attack vector. Mobile drive-bys use a notification message asking if the user wants to install the app, making them more obvious than PC drive-bys, with the option to circumvent them.
Stels, an Android trojan that serves multiple purposes from building up botnets to stealing mobile Transaction Authentication Numbers (mTANs) as a banking trojan, uses methods that are usually characteristic of Windows malware, such as spam as a distribution method. This serves as evidence that Android malware is advancing closer to reaching the highly developed level of Windows threats.
APT threats, Bitcoin mining, and Mac malware
APT threats have become a major talked-about threat to the data security of organizations and industries, and now F-Secure Labs has constructed a rough overall picture of the kind of victims APT attackers are targeting. For details on that study of 100 documents used in targeted APT attacks, plus a look at the very lucrative practice of Bitcoin mining and the latest in Mac malware, phishing and more, check out the complete Threat Report H1 2013 .