ESET Threat Trends for 2013: Growth of Mobile Malware; Botnets; Cloud and Leaks

Next story

At the end of each year, ESET with its global security research resources, reviews the year and compiles threat trends for the upcoming season. So how will the 2013 threatscape look according to the IT security company ESET? It will definetely see major growth of mobile malware and its variants, increased malware propagation via websites, continuing rise of botnets and attacks on the cloud resulting in information leaks.

Major increase in mobile malware: During 2012 it was possible to observe how malicious programs designed for Android consolidated their position as a fundamental objective for cybercriminals, who, facing a market that grows by leaps and bounds, have much more quickly started to generate malware that targets these devices.

During the First Quarter of 2012, according to IDC, the Google operating system has recorded a year-over-year rise of 145% in market share and in sales. Furthermore, Juniper Research estimates that in 2013, the number of users accessing banking services from their smartphones will rise to 530 million people. According to the same study, in 2011 there were only 300 million individuals who accessed banks from their phones. In this context of growing sales and different patterns of use, and considering the rapid evolution both of this technology and of malicious programs for mobiles during 2012, we see as the main trend for 2013 an exponential growth of mobile malware. We also see them becoming more complex, thus expanding the range of malicious actions they perform on an infected device.

In relation to the number of malware families for Android – that is, malicious codes that are different enough to have a unique classification – this time last year (November) there were 52 families compared to the 56 currently reported. Although this figure did not rise dramatically during 2012, it is shown that the number of signatures and variants did indeed rise significantly; therefore, we expect that the number of threats for Android will continue to grow regardless of the total number of families, in much the same way as we see with Windows. Taking into account the families mentioned above and the malicious actions (payload) carried out by malware on Android-based devices, it is possible to classify such behaviors as follows: information theft (spyware), SMS message distribution to premium-rate numbers, and the transformation of machines into zombies (botnet recruitment).

Families and malicious actions (payload) - 2010, 2011 and 2012

The majority of these families are intended to subscribe the victim to premium-rate messaging numbers. On the other hand, there are threats that transform these devices into zombies. That is, access to the devices falls into the hands of cybercriminals, who can carry out actions remotely such as installing other malicious code, stealing particularly desirable data, and modifying configuration parameters, among other actions.

The number of malware variants for Android has also increased in 2012. A variant is a modified version of a specific and known malicious program. The graphic below shows four malware families for Android and the number of variants that appeared in 2011 and 2012. It is important to note that for each new major variant that emerges, the ESET Labs add an alphabetically ordered suffix that changes as the quantity increases.

Number of malware variants for Android - 2012, 2011 and 2012

Malware propagation through websites: In 2013 we also expect to see the consolidation of a paradigm shift that has been developing in recent years: that is, in the ways in which cybercriminals propagate malicious code. Malware propagation by means of removable storage devices is decreasing in favor of the use of an intermediary in order to attract new victims. The intermediary is a web server that has been compromised by a third party in order to host computer threats. Having compromised the server, cybercriminals send out hyperlinks leading the user to the malware in question. At the same time all the stolen information has to be stored on these compromised servers so as to avoid involving personal computers which may be better protected and where detection and cleaning of malware may result in the criminals losing their stolen data.

Botnets on the rise: Since 2010, malware designed to steal information and to generate revenue for cybercriminals has greatly consolidated its position. During 2011, there was a marked increase in botnets and this year they have kept on steadily rising globally. There is no doubt that the Dorkbot worm is one of the most prolific threats, capable of turning the victim's computer into a zombie.

The cloud and cases of information leakage: Storage in the cloud is another trend that has been growing during 2012. According to Gartner, an analyst firm, the increasing use of camera-equipped devices, such as tablets and smartphones, has a direct influence on the increased need of consumers to store more data in the cloud. Although this technology makes it easier for people to access information from practically any device with Internet access, it also makes such devices susceptible to being targeted by computer attacks, which can compromise the security of data and cause information leaks.

This was proven when attackers accessed some Dropbox accounts, having stolen login credentials for this service from elsewhere. While this was not a failure of the Dropbox service itself, the incident prodded the site into improving its security. Other portals that were also affected by information leakage incidents during 2012 were LinkedIn, Yahoo! and Formspring. On the other hand, mainstream credit card companies like Visa and MasterCard had to issue a warning when a payment processing system suffered information leakage. This incident affected a total of 56,455 accounts from both companies, out of which 876 were used to commit some kind of fraud.

For more, download the whole report prepared by the research team at ESET Latin America: