The annual TrendLabs Security Report, published by Trend Micro, is well worth a read. Here are some interesting insights from their new report:
- Trend’s software found that instances of mobile malware and high-risk apps had more than doubled between 2012 and 2013. Trend defines ‘high-risk’ apps as those which compromise user experience because they display unwanted ads, create unnecessary shortcuts, or gather device information without user knowledge nor consent.
- 27% of malicious and high-risk mobile apps could be found on legitimate app stores such as Google Play. Blackberry found that 2% of repackaged Android apps were too risky, so blocked them from their Blackberry World market.
- As well as using improved technology, criminals also took advantage of human gullibility with respect to innovation. For example, smartphone users who scan a QR code have no way of evaluating if the code is part of a malicious scheme.
- 76% of mobile phishing attacks sought to spoof a financial services website, with PayPal being the most common spoof of all. 3% were spoofing a telecommunications website.
- Spear-phishing email attachments most commonly use the .rtf file format.
- 76% of organizations continued to run Java 6 after Oracle withdrew support for it. Java vulnerabilities accounted for 91% of web-based attacks in 2013.
- Other old software continues to pose risks. For example, 95% of ATMs in the USA still run on Windows XP.
- There were more online banking malware infections in the 4th quarter of 2013 than during the whole of 2012. This was partly due to especially severe spikes in the number of infections in Japan and Brazil, as criminals targeted opportunities in those countries.
- What do Pope Francis, Iron Man 3, and Typhoon Haiyan have in common? They are the kinds of topics used to socially engineer victims of cybercrime.
The 2013 TrendLabs Security Report is available from here.