The Black Hats Keep Striking
60% of respondents were affected by a successful cyber-attack in 2013, but less than 40% expect to be the victim of one again in 2014.
Organizations saw seven times more point of sale malware in Q1 2014 compared with all of 2013.
25% of security professionals doubt whether their organization has invested adequately in cyber-threat defenses. Likewise, 25% of organizations lack the tools necessary to properly investigate the root cause of an attack.
The study uncovered a ZeuS/ZBOT variant and spam attachment, a BANDLOAD variant that affected only Latin Americans, and a fake WhatsApp client to spread BANDLOAD when it is downloaded.
Cybercriminals have moved toward a new lucrative monetary source: virtual currencies. For example, a Tokyo-based Bitcoin exchange declared bankruptcy after it lost 550,000 Bitcoins, worth U.S. $473 million, due to a cyber-attack.
DDoS attacks targeted versions of the NTP protocol in Q1 2014, compromising networks and using them to flood targets with packet replies and error warnings.
Malicious app and Web threats have evolved into attacks on the Android platform that paralyze entire devices. Also, plagued by the “goto fail” bug, iOS’s Secure Sockets Layer succumbed and users became vulnerable to eavesdropping and Web hijacking.
47% of attack victims were compromised by new adware, with premium message service users trailing close behind at 35%, perhaps due to the emergence of new adware families and network carrier efforts to thwart mobile fraud by dropping premium message service charges.
Less than half of organizations conduct full-network vulnerability scans more than once every quarter.
To protect the data transmitted via smartphones and tablets, 60% of respondents use VPN and 56% use Network Access Control.
In Q1 2014, the nefarious point-of-sale malware included ALINA, which checks for credit card information that can be stolen; FYSNA, which uses the Tor network to retain anonymity while committing bad deeds; and HESETOX, which uploads stolen data to command-and-control servers.