TrendLabs Security Report: Sharp rise in mobile malware since 2012

The annual TrendLabs Security Report, published by Trend Micro, is well worth a read. Here are some interesting insights from their new report:

  • Trend’s software found that instances of mobile malware and high-risk apps had more than doubled between 2012 and 2013. Trend defines ‘high-risk’ apps as those which compromise user experience because they display unwanted ads, create unnecessary shortcuts, or gather device information without user knowledge nor consent.
  • 27% of malicious and high-risk mobile apps could be found on legitimate app stores such as Google Play. Blackberry found that 2% of repackaged Android apps were too risky, so blocked them from their Blackberry World market.
  • As well as using improved technology, criminals also took advantage of human gullibility with respect to innovation. For example, smartphone users who scan a QR code have no way of evaluating if the code is part of a malicious scheme.
  • 76% of mobile phishing attacks sought to spoof a financial services website, with PayPal being the most common spoof of all. 3% were spoofing a telecommunications website.
  • Spear-phishing email attachments most commonly use the .rtf file format.
  • 76% of organizations continued to run Java 6 after Oracle withdrew support for it. Java vulnerabilities accounted for 91% of web-based attacks in 2013.
  • Other old software continues to pose risks. For example, 95% of ATMs in the USA still run on Windows XP.
  • There were more online banking malware infections in the 4th quarter of 2013 than during the whole of 2012. This was partly due to especially severe spikes in the number of infections in Japan and Brazil, as criminals targeted opportunities in those countries.
  • What do Pope Francis, Iron Man 3, and Typhoon Haiyan have in common? They are the kinds of topics used to socially engineer victims of cybercrime.

The 2013 TrendLabs Security Report is available from here.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.

Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.

Commsrisk is edited by Eric. Look here for more about Eric's history as editor.