The Black Hats Keep Striking

 
 
By Karen A. Frenkel  |  Posted 07-08-2014 Email Print this article Print
 
 
 
 
 
 
 
 

Cybercriminals are expanding their targets and their means of attack, according to Trend Micro's Q1 report, "Cybercrime Hits the Unexpected." Among the developments: New and modified online banking malware continues to thrive, striking different targets in Q1 2014. Likewise, mobile malware and high-risk apps are on a five-year streak and broke the 2 million barrier, the report notes. Lastly, a massive strike against decades-old point of sale systems enabled hackers to acquire the personal information 70 million retail customers. "Organizations continued to struggle with attacks that were targeted in nature, which could be directly aimed at the energy, financial, health care, and retail industries or critical infrastructure," says J.D. Sherry, vice president of technology and solutions, Trend Micro. "High-value targets that promised massive payouts were compromised despite the determined efforts of organizations to protect their valuable information." Trend Micro surveyed 763 IT security decision-makers and practitioners from organizations with more than 500 employees from 11 North American and European countries, and 19 industries. To view the report, click here.

 
 
 
  • Cyber-Attacks Afflict Majority of Organizations

    60% of respondents were affected by a successful cyber-attack in 2013, but less than 40% expect to be the victim of one again in 2014.
    Cyber-Attacks Afflict Majority of Organizations
  • Huge Increase in PoS Malware

    Organizations saw seven times more point of sale malware in Q1 2014 compared with all of 2013.
    Huge Increase in PoS Malware
  • Inadequate Defenses Against Cyber-Threats

    25% of security professionals doubt whether their organization has invested adequately in cyber-threat defenses. Likewise, 25% of organizations lack the tools necessary to properly investigate the root cause of an attack.
    Inadequate Defenses Against Cyber-Threats
  • Online Banking Suffers From New Malware

    The study uncovered a ZeuS/ZBOT variant and spam attachment, a BANDLOAD variant that affected only Latin Americans, and a fake WhatsApp client to spread BANDLOAD when it is downloaded.
    Online Banking Suffers From New Malware
  • New Target: Virtual Currencies

    Cybercriminals have moved toward a new lucrative monetary source: virtual currencies. For example, a Tokyo-based Bitcoin exchange declared bankruptcy after it lost 550,000 Bitcoins, worth U.S. $473 million, due to a cyber-attack.
    New Target: Virtual Currencies
  • Wave of DDoS Attacks

    DDoS attacks targeted versions of the NTP protocol in Q1 2014, compromising networks and using them to flood targets with packet replies and error warnings.
    Wave of DDoS Attacks
  • Mobile Threat Landscape Maturing

    Malicious app and Web threats have evolved into attacks on the Android platform that paralyze entire devices. Also, plagued by the "goto fail" bug, iOS's Secure Sockets Layer succumbed and users became vulnerable to eavesdropping and Web hijacking.
    Mobile Threat Landscape Maturing
  • New Adware Stymies Cleanups

    47% of attack victims were compromised by new adware, with premium message service users trailing close behind at 35%, perhaps due to the emergence of new adware families and network carrier efforts to thwart mobile fraud by dropping premium message service charges.
    New Adware Stymies Cleanups
  • Vulnerability Checks Are Infrequent

    Less than half of organizations conduct full-network vulnerability scans more than once every quarter.
    Vulnerability Checks Are Infrequent
  • Safeguarding Mobile Devices

    To protect the data transmitted via smartphones and tablets, 60% of respondents use VPN and 56% use Network Access Control.
    Safeguarding Mobile Devices
  • PoS Malware Family Growth

    In Q1 2014, the nefarious point-of-sale malware included ALINA, which checks for credit card information that can be stolen; FYSNA, which uses the Tor network to retain anonymity while committing bad deeds; and HESETOX, which uploads stolen data to command-and-control servers.
    PoS Malware Family Growth
 
 
 
 
 
Karen A. Frenkel writes about technology and science, innovation, and entrepreneurs and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...