In its quarterly threat report, McAfee Labs found that the second quarter also saw a 16% increase in suspicious URLs, a 50% increase in digitally signed malware samples and notable events in the cyber-attack and espionage areas, including multiple attacks on the global Bitcoin infrastructure and revelations around the Operation Troy network targeting US and South Korean military assets.
In the mobile arena, McAfee registered a resurgence in SMS-stealing banking malware, fraudulent dating and entertainment apps, weaponized legitimate apps and malicious apps posing as useful tools.
For instance, many banks implementing two-factor authentication require customers to log into their online accounts with a username, password and a mobile transaction number (mTAN) sent to their mobile device via a text message. McAfee Labs researchers identified four significant pieces of mobile malware that capture the traditional usernames and passwords, and then intercept SMS messages containing bank account login credentials. The malicious parties then directly access accounts and transfer funds.
“The mobile cybercrime landscape is becoming more defined as cybergangs determine which tactics are most effective and profitable,” said Vincent Weafer, senior vice president at McAfee Labs, in a statement. “As in other mature areas of cybercrime, the profit motive of hacking bank accounts has eclipsed the technical challenges of bypassing digital trust. Tactics such as the dating and entertainment app scams benefit from the lack of attention paid to such schemes; while others simply target the mobile paradigm’s most popular currency: personal user information.”
McAfee Labs also discovered a surge in dating and entertainment apps that dupe users into signing up for paid services that do not exist. Lonely users attempt to access potential partners’ profiles and other content only to become further frustrated when the scam is recognized. The profits from the purchases are later supplemented by the ongoing theft and sale of user information and personal data stored on the devices.
Research also revealed the increasing use of legitimate mobile apps altered to act as spyware on users' devices. These threats collect a large amount of personal user information (contacts, call logs, SMS messages, location) and upload the data to the attacker’s server.
Beyond mobile threats, the second quarter revealed the continued adaptability of attackers in adjusting tactics to opportunities, challenges to infrastructure upon which commerce relies, and a creative combination of disruption, distraction and destruction to veil advanced targeted attacks. As such, several nefarious threats are on the rise, researchers found.
The number of new ransomware samples in the second quarter was greater than 320,000, more than twice as many as the previous period, demonstrating the profitability of the tactic. Global spam volume continued to surge through the second quarter with more than 5.5 trillion spam messages, representing approximately 70% of global email volume. And malware signed with legitimate certificates increased 50%, to 1.2 million new samples, rebounding sharply from a decline in the first quarter. The trend of illegitimate code authenticated by legitimate certificate authorities could inevitably undermine confidence in the global certificate trust infrastructure, McAfee said.
Also, at June’s end, the total number of suspect URLs tallied by McAfee Labs reached 74.7 million, which represents a 16% increase over the first quarter. The increase shows how important “infected” sites remain as a distribution mechanism for malware.
Then there was Operation Troy. McAfee Labs has uncovered evidence suggesting that attacks on South Korean banks and media companies in March and June of this year were in fact connected to an ongoing cyber-espionage campaign dating back to 2009. A study of forensic evidence suggested that the campaign was designed to target US and South Korean military systems, identify and remove confidential files, and, when necessary, destroy the compromised systems through a master boot record (MBR) attack.