In the second quarter, Android OS-based malware surpassed Symbian OS as the most popular target for mobile malware developers. While Symbian OS and Java ME remain the most targeted, the rapid rise in Android malware indicates that the platform could become an increasing target for cybercriminals, according to the McAfee Threats Report: Second Quarter 2011.
“Mobile malware has really been increasing, both numerically and in sophistication, specifically toward the Android operating system”, said Dave Marcus, director of security research and communications at McAfee Labs.
Marcus told Infosecurity he believes that the Android app store is the primary culprit for the increase in malware attacks. “They don’t necessarily vet applications in their app store as well as Apple does. Most of the exploitation we see for the Android operating system is coming from malicious apps that people are downloading from the app store”, he said.
The McAfee report said that the first half of 2011 was the busiest first half-year in malware history, including the first-ever appearance of Mac fake anti-virus (AV) software and a significant uptick in rootkits.
“The main driver [of malware] is that it is all about money….They are called cybercriminals for a reason. They target the data to make money. As such, we are seeing more malware and more attacks than ever before in history”, Marcus said.
Though the Apple platform has historically been unaffected by fake AV software, activity in the second quarter indicates that it is now being targeted. Although this type of fake AV is the first of its kind, McAfee Labs does expect fake AV in general will drop off over time.
Another malware category that is showing recent steady growth is stealth malware. The tactic of hiding malware in a rootkit is used by cybercrminals to make malware stealthier and more persistent. McAfee has seen this type of attack gain in prominence over the past year, with high-profile attacks such as Stuxnet. Stealth malware has increased more rapidly in the last six months than in any previous period, up 38% over 2010.
Acts of hacktivism, primarily from Anonymous and LulzSec, were among the most prominent cybersecurity news generators in the second quarter. The McAfee report details hacktivist activity, with at least 20 global attacks reported in the second quarter alone.
The report also outlines acts of cyberwar that occurred in the second quarter, including attacks on Oak Ridge National Laboratory, and an attack on South Korea’s National Agricultural Cooperative Federation.
“There are certain groups out there, like Anonymous, LulzSec, and some of the others, who are using a lot of denial service tools….We usually see denial of service attacks on a quarterly basis but not in the volume that we saw in the second quarter. We are also seeing a lot more targeted attacks, people really going after law enforcement, government agencies, and private industry. They have shown a remarkable agility for getting into the places that they target”, Marcus observed.
McAfee Labs expects to see a sharp rise in spam activity over the coming months. A common method for cybercriminals to increase their volume of spam is to purchase a bulk list of emails in order to send as much spam as possible to a widespread group of people, the report noted.