TrendLabs Security Report: Sharp rise in mobile malware since 2012

The annual TrendLabs Security Report, published by Trend Micro, is well worth a read. Here are some interesting insights from their new report:

  • Trend’s software found that instances of mobile malware and high-risk apps had more than doubled between 2012 and 2013. Trend defines ‘high-risk’ apps as those which compromise user experience because they display unwanted ads, create unnecessary shortcuts, or gather device information without user knowledge nor consent.
  • 27% of malicious and high-risk mobile apps could be found on legitimate app stores such as Google Play. Blackberry found that 2% of repackaged Android apps were too risky, so blocked them from their Blackberry World market.
  • As well as using improved technology, criminals also took advantage of human gullibility with respect to innovation. For example, smartphone users who scan a QR code have no way of evaluating if the code is part of a malicious scheme.
  • 76% of mobile phishing attacks sought to spoof a financial services website, with PayPal being the most common spoof of all. 3% were spoofing a telecommunications website.
  • Spear-phishing email attachments most commonly use the .rtf file format.
  • 76% of organizations continued to run Java 6 after Oracle withdrew support for it. Java vulnerabilities accounted for 91% of web-based attacks in 2013.
  • Other old software continues to pose risks. For example, 95% of ATMs in the USA still run on Windows XP.
  • There were more online banking malware infections in the 4th quarter of 2013 than during the whole of 2012. This was partly due to especially severe spikes in the number of infections in Japan and Brazil, as criminals targeted opportunities in those countries.
  • What do Pope Francis, Iron Man 3, and Typhoon Haiyan have in common? They are the kinds of topics used to socially engineer victims of cybercrime.

The 2013 TrendLabs Security Report is available from here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Director of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.