The PandaLabs 2012 annual report reviews last year’s threats and flags the evolving threats for 2013. It shows that, globally, around one-in-three computers scanned by PandaLabs was found to be infected by one or more of the 125 million pieces of malware known to the company. The most infected country is China, where 54.89% of computers contained malware. The UK is the fourth least-infected country with around 22% of computers infected, while the US has a 30.52% infection rate. Severe as this seems, it also shows a general improvement, with China infections dropping from 56% in 2011, and Taiwan dropping from 52% to 42.14% over the same period.
The infections themselves were mostly by trojan rather than virus or worm, with trojans providing more 76% (up from 66% in 2011) of all infections. Viruses came in second with 8% and worms third at 6.44%. “One of the reasons for this growth” in trojan infections, suggests PandaLabs, “is the increased use of exploit kits such as BlackHole, which are capable of exploiting multiple system vulnerabilities to infect computers automatically without user intervention.”
Other highlights in threat evolution from 2012 include the rise in popularity – and hence criminal attraction – of the Android platform (there were 500 million activated Android devices by September 2012); the continuing use of Facebook and Twitter to spread malware; and the rise and rise of ransomware.
The evolution of ransomware is discussed in some detail. The first stage was the evolution from just English to multi-lingual nationally targeted attacks, using the infected computer’s IP address to select the language to be used. The early versions simply used a threat to extract payment of a fine. “However,” notes the report, “the attack became more complex over time. The malware went on to use ransomware techniques, ‘taking over’ infected computers by encrypting some of their content and forcing users to pay a fine or lose access.”
Early encryption was simple, and could often be decrypted by the AV companies. Now, however, more sophisticated encryption (unique to each infection) is used, and the decryption keys are stored on the C&C server. “Unless you are able to access the server that stores all keys, it is absolutely impossible to access the files,” says PandaLabs.
For the next year, PandaLabs focuses on three growing threats: Android, espionage and cyberwar. It is the increasing popularity and use of Android that will attract the cyber criminals. But, “Cyber-espionage and cyber-war will also be on the rise, as more and more countries are organizing their own cyber-commando units,” warns PandaLabs. “There is growing concern for the information that could be compromised and the possibility of using malware to launch direct attacks on critical infrastructure.”