Attackers Focus on Vulnerability Exploits in 2H 2014 – Report

Written by

Premium-rate mobile malware, ransomware and Facebook-targeted malware caused chaos in the second half of 2014, according to the latest F-Secure Threat Report.

The Finnish security company’s biannual report highlighted some key emerging attack trends for the last six months of the year, including social media-targeted malware like Kilim.

This family of browser extensions posts unwanted content to Facebook accounts, and comprised 11% of the top 10 threats during the period.

The report explained:

“While threats targeting and/or spreading on social media networks are hardly new, this is perhaps the first year in which we saw a threat family targeting a single social media network gains such widespread prevalence. Kilim’s presence in South America, the Middle East and Oceania is more of a testament to Facebook’s global reach than anything else, but it nonetheless speaks to the severity of the threat.”

F-Secure also pointed out the social media worm Rimecud accounted for 7% of the top 10.

Ransomware continued to plague internet users in 2H 2014, with Koler and Slocker now the most prevalent on Android thanks to new variants, while the police-themed Browlock family just snuck into the top 10 (4%).

Meanwhile, new families such as CTB-Locker and SynoLocker are emerging as major PC-focused threats, the report claimed.

However, F-Secure said that the most notable trend of the six months was the proliferation of “vulnerability-leveraging malware” such as the increasingly popular Angler and Astrum exploit kits.

Most of this type of malware seems to be aimed at North America and Europe, while other regions are mainly affected by “older” threats which “are no longer effective against newer or more up-to-date operating systems or programs” more commonly run in the West.

On the mobile front, it was premium rate SmsSend family that showed the fastest growth, with 259 out of the total 574 variants discovered in the period.

Other fast growers included SmsSpy (97/350) and FakeInst (80/183).

Security firm Damballa this week released a report claiming the impact of mobile malware on the average US user is negligible, as long as said users stick to first party app stores.

However, F-Secure security advisor, Sean Sullivan, argued that the intelligence detailed in the firm’s Threat Report is still relevant to many.

“We’ve been doing security for mobile for a long time and have numerous customers outside of the English speaking world. Our Threat Report reflects that fact,” he told Infosecurity by email.

“We have customers to protect – so we’re going to unearth new threats. But I’d say our presentation is factual – not hype.”

Sullivan agreed, however, that the majority of Infosecurity readers would be safe “as long as they stick to trusted sources.”

What’s hot on Infosecurity Magazine?