Update: McAfee: Cyber criminals using Android malware and ransomware the most

Threats Report finds that cyber criminals target everything from Facebook to master boot records to snare victims

Cyber criminals continue to work overtime to exploit any and all attack vectors to target their victims, from PCs to mobile devices to social networking sites, according to the newly released McAfee Threats Report covering the first quarter of 2013.

In particular, the company witnessed a 40 increase in Android malware and a steady rise in ransomware and reported infections. Add to that an increase in AutoRun malware, malware that attacks MBRs (master boot records), and a doubling of spam worldwide, and the state of security looks bleak. IT admins in particular have their hands full, dealing not only with the security risks associated with BYOD, but also the increasing threat of APTs (advanced persistent threats).

Among the key findings in report, McAfee revealed that it now has a total of 50,926 mobile malware samples in its database, 28 percent of which arrived this year. Compare that to the 792 samples the company gathered in 2011. Notably, nearly all of that malware targets Android.

McAfee: Cyber criminals using Android malware and ransomware the most

Commercial spyware and adware targeting mobile platforms is on the decline, but McAfee has witnessed more instances of malicious spyware being combined with botnets. Among them is Android/Ssucl.A, a Trojan that poses as a system cleanup utility but is really a botnet client. It not only steals user and SMS data, it also launches phishing attacks for Dropbox and Google log-ins. It tries to infect PCs using an autorun.inf attack too.

Android/Fksite is another example of malicious mobile malware. It purports to be secure banking software but instead forwards mobile transaction authorization numbers to attackers. Online banking users in Italy, Thailand, and Australia fell victim to this mobile threat this past quarter.

Naturally, the bad guys haven't stopped targeting PCs. McAfee reports a total of 128 million samples of general malware in its database, up from around 875,000 a year ago. The report found a 30 percent increase in malware targeting MBRs (master boot records). "Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration. These attacks, including mebroot, Tidserv, Cidox, and Shamoon, have rapidly increased their numbers and have set a new record high for two quarters running," according to McAfee.

The company also observed new instances of password-stealing Trojans being repurposed to capture information on individuals and organizations.

"Cyber criminals have come to appreciate that sensitive personal and organizational information are the currency of their 'hacker economy,'" said Vincent Weafer, senior vice president, McAfee Labs. "Within the enterprise, we see password-stealing Trojans evolving to become information-gathering tools for cyber espionage attacks. Whether they target login credentials or intellectual property and trade secrets, highly targeted attacks are achieving new levels of sophistication."

Cyber criminals are also exploiting social networks like Facebook to harvest valuable user information: McAfee found almost three times as many samples of Koobface this quarter compared with the previous.

Over the past couple of years, McAfee has observed an increase in ransomware -- malware designed to extort money from users by disabling important system functionality or by encrypting their personal files. The number of new, unique samples of malware for this past quarter was nearly 250,000, more than double the figure from one year ago. "The most worrying aspect is the number of reported infections. We have limited visibility into these figures because only our consumer products can share detection data with us," the report states. "This trend is also reflected by warnings from law enforcement and federal agencies around the globe."

McAfee: Cyber criminals using Android malware and ransomware the most

McAfee cited a couple of drivers behind ransomware's growth: First, it offers criminals an efficient way to make money via anonymous payment systems. Second, there's "an underground ecosystem in place to to help with services like pay-per-install on computers that are infected by other malware, such as Citadel, and easy-to-use crime packs are available in the underground market."

Among other finds in the report:

  • Browser-based threats have increased since last quarter and continue to lead all network attacks, while SQL injections and remote procedure calls are, respectively, the second and third most popular threat
  • McAfee counted more than 64.3 million suspect URLs, which represents a 12 percent increase over the fourth quarter
  • McAfee observed the largest increase in worldwide spam volumes since May 2011, with Belarus, Kazakhstan, and Ukraine seeing the most significant surges

UPDATE (June 10): This story originally reported that McAfee had found a 300 percent increase in instances of the Koobface botnet. McAfee has since revised its numbers, saying that "[various] factors led to our [reported] Koobface statistics being off by a large margin. The corrected data shows Koobface on a continuing decline since Facebook published its landmark post 'Facebook's Continued Fight Against Koobface' nearly a year and a half ago."

This story, "McAfee: Cyber criminals using Android malware and ransomware the most," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Copyright © 2013 IDG Communications, Inc.