Cyber criminals have capitalised on the recent growth in popularity of the Android mobile platform. Based on the number of new mobile malware signatures detected during this period, Kaspersky Lab’s experts believe that the total volume of mobile malware in 2011 will be at least double that of 2010. That growth will be driven by the emergence of new methods of infecting users’ computers.
For instance, over 50 malicious Android OS applications were detected in Q1 that were written by cybercriminals and distributed via the Android Market. These malicious programs are re-packaged versions of legal software alongside malicious Trojan components. Kaspersky Lab’s experts predict that the number of embedded malicious programs distributed via online app stores will keep increasing in the future. Firstly, a developer’s account is cheap and secondly, checking the code of newly published applications is highly labour-intensive and difficult to automate.
The situation concerning mobile threats is further complicated by the fact that personal smartphones are increasingly used to store and send confidential corporate information. At the same time, company employees tend to underestimate the importance of protecting data stored on such devices. Furthermore, smartphones are likely to be widely adopted as ‘mobile wallets’ in the near future, reinforcing the importance of mobile security products.
The increasing number of attacks on different organisations was another significant trend in the first quarter of 2011. In addition to conventional DDoS attacks that block access to corporate servers for indeterminate periods of time, there were also many that focused on gaining unauthorised access to such servers in order to steal information. All the signs indicate that some professional cybercriminals have switched from mass home computer infections to hacking major corporations. This practice naturally involves more risk for the attackers; however, the stakes and the potential rewards associated with targeted attacks on corporations are higher and there are fewer competitors in this segment of the black market.
The first quarter also saw a wave of so-called protest attacks carried out by cybercriminals in order to damage company reputations rather than make a profit. A notable example of such an attack was the hacking incident targeting HBGary, an IT security company based in the US. Having gained access to confidential information belonging to the company, the hackers then made it public. These days, such a practice is exceptional; information is typically stolen by cybercriminals in order to sell it or to extort payment to prevent its publication.
At the end of Q1, a new variant of the dangerous GpCode ransomware appeared. This Trojan encrypts data on infected computers and then demands a ransom from the owner. Unlike its previous variants that deleted encrypted files, the new GpCode versions overwrite files with encrypted data, making them practically unrecoverable. Interestingly, the cybercriminals only attacked users in Europe and the former soviet republics, while the attack lasted for several hours only. Such cautiousness demonstrated by the writer of the Trojan indicates that the intention was not to cause a massive infection that would almost certainly draw the attention of law enforcement agencies. It is likely that future attacks of the encrypting Trojan will also be carefully targeted.
Yet another trend which directly impacts IT security is the growing popularity of social networks, blogs, torrents, YouTube and Twitter, which increasingly alters the digital landscape. These services facilitate the swift and simple exchange of data between users located in every corner of the world. Data published in users’ blogs is often deemed as being as credible as that from official media outlets. The popularity of such resources has already caught the attention of cybercriminals. In future, the number of attacks carried out on and via these services is only likely to increase.