Tuesday 26 March 2013

Malware trends for the remainder of 2013



What trends can we expect in 2013?

As we have discussed in our previous Blog – Malware is an unwanted entity that costs businesses more and more money year on year, so what can we ultimately expect to see as 2013 progresses?
Stealing personal data from mobile phones has been on the increase for a number of years now, just last week BBC has highlighted how this is a serious risk. Malware poses this very same threat to business data and this criminal activity is set to increase 10 fold in 2013.

Juniper Research estimate’s that in 2013 the number of users accessing banking services from their mobiles will rise to 520 million people compared to approx. 300 million in 2012. This rapid growth lends itself to malicious attacks as programmes are developed rapidly and become more complex, in order to extract the financial information stored on Mobile devices.

In addition to this 2013 will see a shift in how threats are generated. Web servers will be used as intermediaries’ more than ever before and once compromised they will be employed to send out hyperlinks which will link to the Malware in question, all the stolen information will be stored on this compromised server this way not involving the thieves personal computers – this way avoiding detection.

Considering this, what trends will we see for the rest of the year… Mobile, Mobile, and more mobile?

Since 2010, mobile malware has been slowly creeping up in number and complexity. This has happened in line with the growth in use of smart devices, particularly as the Android operating system positioned itself as the most popular mobile operating system in the market worldwide. In 2011 Android became the most targeted operating system and threats increased to that of almost double compared to IOS. 

This of course makes sense, as their market rose, more and more people were using this platform to store personal, corporate and financial log in’s/information. The cybercriminals in turn developed Malware in order to steal this information and use it for their own financial gain.

So will this trend continue?

 Since the launch of devices like the IPhone - the smartphone and tablet market has rapidly evolved in several areas: foremost technology, market, connectivity and infrastructure. This technology is allowing for smartphones to buck the trend of ‘traditional’ computers as a whole and the smartphone/ tablet market segment has experienced a year-on-year growth rate of up to 66%

It is therefore not difficult to see why Cyber criminals are focussing their efforts in this area. As numbers are on the up, these criminals will want to attack this prosperous area to gain the highest financial benefits while they can.

In addition to the rise in device sales, the number of mobile Apps downloaded have drastically increased over the course of time, and of course these are becoming a target for this malicious code.

Another factor that may reinforce this trend of mobile malware is Bring Your Own Device. BYOD is becoming increasingly popular in many regions around the world, we cannot say weather this trend is in for the long-haul but it is a worry that a company's employees can carry and use personal devices such as laptops, smartphones and tablets within the corporate day to day. Therefore vast amounts of data and sensitive information will be stored onto these devices, consequently BYOD could pose a grave security problem, if companies do not have a robust Anti- malware system in place.

Taking all of this information in to account it would be an intelligent assumption that throughout 2013 and beyond, mobile malware will evolve and be proportionate to and in parallel with technology; in other words, if the technology has become widely used and constitutes a part of everyday life, threats for such devices will follow close behind. The outlook is that the Android-based malicious code is the main trend for computer threats in 2013, with this being increasingly by means of Malware generation that takes power of compromised sites.
The challenge for users generally will remain the same as previous years. Adopting security solutions on their PCs is paramount and furthermore Mobile security will become crucial. Users must also to become aware of information security issues affecting this type of technology they use on a day to day basis




Tuesday 5 March 2013

Have you been bitten by the Malware Monsters…







Ok so they aren’t actually Monsters but they can be as scary and unwelcome.


If you aren’t sure what Malware is or if you are but would like to know more; read on as there will be some handy hints on how to slay the beast!


So Malware in a nutshell means MALicious SoftWARE. It come in the form of Viruses, Worms, Trojan Horses, Zombies, Adware, and Spyware the list goes on and on, (and yes I suppose they do sound like Monsters).These are basically all the things that will try and to contaminate your PC’s and in turn, gather sensitive information whether it be -  legal, financial and/or business files.


Of course this is something that any company would want to avoid like the plague. So how to recognise a threat…


Have you ever had a pop up on your screen asking you to download an update? Or you must install the programme in order to proceed with an application or file?


The likely chances are that you have seen these and probably way more than once! Every one of these, even if it looks like it is from a legitimate brand such as Microsoft, may just be Malware. Considering this every time you press ok or continue you may well be putting your PC and moreover the rest in the company at risk.


So what is the main reason for these threats and why do people try and attack in this manner….fortunately as with most crime the factor is MONEY and Financial gain. This has become so prevalent that the term Financial Malware has been created.


Financial Malware mainly targets electronic fund transfers. The malware attempts to steal accounting and login information, making it possible to transfer money from the one account to another account by using EFT. Experts that specialise in financial malware have identified two forms of financial malware attacks these are general and targeted. A report by Semantic in 2012[1] suggested it that these Malware attacks cost on average £5000 or $10,000 per day.

In addition there is also ‘spyware’ attacks which again are for profit. This is where infected computers are increasingly being used to send email spam, and to host illegal data such as child pornography, or to engage in distributed denial-of-service attacks. These programs are designed to monitor users' web browsing, display unsolicited advertisements, or redirect mail. Spyware is generally installed by exploiting security holes or packaged together with user-installed software, such as peer-to-peer applications.

Spyware makes a profit by created pop up’s that a company pays for every time they are viewed, they also monitor which websites are being browsed and place ads that will be clicked on thus creating further revenue.

So how can we combat this Monster?
  
Well there are a number of free tools which will partial cover your company and some of these you may already have.


1.       Malwarebytes.


The current market leader, Malwarebytes have an Anti-Malware program that you can download for free. This will provide, Advanced Malware Detection, industry proven clean-up technologies which eradicate existing Malware infections, rapid response Malware Database and heuristics updates, access to the Malwarebytes expert community and knowledgeable support team, it also features Chameleon Technology that gets Malwarebytes running on infected systems. 


Malware also have a more robust offering which is around £15 per user this includes all of the above and Real-Time Active Malware Prevention Engine that blocks known threats, Heuristic Protection that prevents new Zero Day Malware infections, malicious Website Protection that blocks access to known and Zero Day malicious web content, automatic Priority Updates and Scheduled Scanning and finally blazing fast Flash Scans.

All of this together will form a well-rounded anti Malware defence


2.       Combofix


This is a specialised Malware removal tool, and should only really be used by advanced users.


The program can detect a variety malware infections and in many will attempt to remove automatically or otherwise will provide you with a log file that an engineer can use to manually remove the Malware.


Combofix is an adequate removal program if used by an experienced or trained users. In the wrong hands however, it can cause some serious damage and leave your computer unbootable.

3.        Avast Free


Avast features Anti-Virus and Anti –Malware. The anti-malware portion of the tool safe and reliable, the antivirus is one of the tops of the free suites.

There is also a paid versions of the same software suite which offers further benefits - anti-phishing, safe-shopping, SPAM protection etc. 



4.       AVG Free


AVG’s free versions it’s the most robust on the market but will help a little, it does a satisfactory job of removing Malware. The downside of AVG is it is not compatible with Combo fix, so unfortunately to run a tool like ComboFix, you actually have to completely remove AVG.


Overall Malware is an increasing threat for every company that uses the internet and emails on a daily basis (so 99.9%) on companies out there today. It is crucial that your defence system is reviewed and that some kind of Anti – Malware strategy is in place against these horrid little attacks.


To find out more that will affect you in 2013 please read our next blog in the series – ‘Malware trends for 2013 uncovered’ which will be released 6th March 2013.