After analyzing vast numbers of IT threats during the first quarter of 2011, Kaspersky Lab’s experts identified a number of important trends.
The recent explosive growth in the popularity of the Android mobile platform was not missed by the cybercriminals. Based on the number of new mobile malware signatures detected during this period, Kaspersky Lab’s experts strongly believe that the total volume of mobile malware in 2011 will be at least double that of 2010. That growth will be driven in part by the emergence of new methods of infecting users’ computers. For instance, over 50 malicious Android OS applications were detected in Q1 that were written by cybercriminals and distributed via Android Market. These malicious programs are re-packed versions of legal software with malicious Trojan components added to the package. Kaspersky Lab’s experts predict that the number of embedded malicious programs distributed via online app stores will keep increasing in the future. This hypothesis is supported by two factors. Firstly, a developer’s account is cheap, only $25 for Android Market, and secondly, checking the code of newly published applications is highly labor-intensive and difficult to automate.
The situation concerning mobile threats is further complicated by the fact that personal smartphones are increasingly used to store and send confidential corporate information. At the same time, company employees tend to underestimate the importance of protecting data stored on such devices. Besides, smartphones are likely to be widely adopted as mobile wallets in the near future, reinforcing the importance of mobile security products.
The increasing number of attacks on different organizations was another significant trend in Q1 2011. In addition to conventional DDoS attacks that block access to corporate servers for indeterminate periods of time, there were also many that focused on gaining unauthorized access to such servers in order to steal information. All the signs indicate that some professional cybercriminals have switched from mass home computer infections to hacking major corporations. This practice naturally involves more risk for the attackers; however, the stakes and the potential rewards associated with targeted attacks on corporations are higher and there are fewer competitors in this segment of the black market.
The first quarter also saw a wave of so-called protest attacks carried out by cybercriminals in order to damage company reputations rather than make a profit. A notable example of such an attack was the hacking incident targeting HBGary, an IT security company based in the US. Having gained access to confidential information belonging to the company, the hackers then made it public. These days, such a practice is exceptional; information is typically stolen by cybercriminals in order to sell it or to extort payment to prevent its publication.
At the end of Q1, a new variant of the dangerous GpCode ransomware appeared. This Trojan encrypts data on infected computers and then demands a ransom from the owner. Unlike its previous variants that deleted encrypted files, the new GpCode versions overwrite files with encrypted data, making them practically unrecoverable. Interestingly, the cybercriminals only attacked users in Europe and the former soviet republics, while the attack lasted for several hours only. Such cautiousness demonstrated by the writer of the Trojan indicates that the intention was not to cause a massive infection that would almost certainly draw the attention of law enforcement agencies. It is likely that future attacks of the encrypting Trojan will also be carefully targeted.
Yet another trend which directly impacts IT security is the growing popularity of social networks, blogs, torrents, YouTube and Twitter, which increasingly alters the digital landscape. These services facilitate the swift and simple exchange of data between users located in every corner of the world. Data published in users’ blogs is often deemed as being as credible as that from official media outlets. The popularity of such resources has already caught the attention of cybercriminals. In future, the number of attacks carried out on and via these services is only likely to increase.
For more information about IT security threats in the first quarter of 2011, please visit: www.securelist.com/en and watch the online press conference video which takes an in-depth look at the subject.
Q1/2011 Malware Report [PDF 966 KB]