Tuesday 4 March 2014

Government and Android threats boom as XP woes loom

Security padlock image
Cyber attacks against businesses are increasingly focusing on the Android platform, according to security firm F-Secure, which has also seen a growing number of state-sponsored attacks over the past year.
F-Secure highlighted Android as the largest-growing target for cyber attacks, with a massive 804 new families and variants of malware hitting the platform in 2013.
The figure marks an alarming increase in the number of attacks targeting Android. F-Secure detected a more modest 238 new Android threats during the same period in 2012. Its report stated that 97 percent of all mobile malware it found in 2013 was designed to target Android users.
But despite the alarming growth, F-Secure said that Android threats are still significantly less advanced than their PC counterparts. "By and large the majority of malicious apps we see targeting Android exploit the mechanics of the user's interactions with their device," read the report.
"The most common type of malware – Trojans – has malicious routines injected into the packages of clean, legitimate programs, which are then redistributed on various app stores, often with a new name that sounds reminiscent of the clean app. The repackaged app typically asks for more permissions than the un-Trojanised original, which is the weak point that allows it to carry out malicious routines."
F-Secure also reported detecting a spike in the number of web-based cyber attacks targeting internet users. The report said 26 percent of all cyber attacks in the second half of 2013 were web based, with the majority targeting Java-related exploits.
"Web-based attacks – which typically involve techniques or malware that redirects the web browser to malicious sites – doubled during this six-month period," read the report.
"The three most prominent exploit-related detections we observed in H2 [the second half of] 2013 were Majava and those that targeted CVE-2013-2471 and CVE-2013-1493 vulnerabilities. Not coincidentally, all three of these involved vulnerabilities in the Java development platform."
Interest in Apple's Mac OS from attackers thawed, with F-Secure detecting a modest 51 new families and variants targeting the platform during the period.
Disturbingly F-Secure says it also detected and blocked an unspecified number of state-sponsored hack campaigns targeting its customers during the period.
"The revelations of NSA spying activities throughout 2013 has led to a surge in privacy worries among the general population of netizens. Internet users are growing more alert to the possibility of prying eyes while they surf the internet, now adding governments (their own or others) alongside other parties who may be engaging in user surveillance," stated the report.
"We have detected governmental malware used by law enforcement (such as the R2D2 Trojan used by the German government)."
The NSA's PRISM spying campaign was revealed when ex-CIA analyst Edward Snowden leaked documents to the press showing that the intelligence agency was gathering web user data from numerous companies, including Google, Facebook, Microsoft and Apple.
The report further highlighted Microsoft's fast-approaching Windows XP support cut-off date as a key security issue on the horizon. Microsoft is due to stop providing security fixes for its ageing Windows XP operating system in April. F-Secure said the cut-off will put the onus on IT managers to find ways to secure the platform.
"When (not if) a powerful zero-day exploit makes its way to market – that's when the real concerns begin and important questions will be asked," the report stated.
"Some businesses will continue to use Windows XP throughout 2014, either due to contractual obligation, or because their customers do so and they need XP to provide support. In those situations, IT managers have their work cut out for them.
"Air gapping systems or isolation to separate networks from critical intellectual property is recommended. Businesses should already be making moves such as this for bring your own device (BYOD) users. XP is just another resource to manage."
F-Secure is one of many security firms to warn of the dangers companies will face if they continue to run Windows XP.
Senior security analyst at Sophos Paul Ducklin told V3 the cut-off will inevitably cause security issues, as future security patches to new Windows versions could alert hackers to previously undiscovered flaws in XP's security.

No comments:

Post a Comment