TrendLabs SM 3Q 2013 Security Roundup. The Invisible Web Unmasked

Size: px
Start display at page:

Download "TrendLabs SM 3Q 2013 Security Roundup. The Invisible Web Unmasked"

Transcription

1 TrendLabs SM 3Q 2013 Security Roundup The Invisible Web Unmasked

2 Contents 1 CYBERCRIME: Takedowns, Banking Trojans, Site Compromises, and Refined Malware Techniques Seen 6 MOBILE: Mobile Malware and High-Risk Apps: 1-Million Strong 10 DIGITAL LIFE SECURITY ISSUES: On Privacy and Data Theft: A New Identity Crisis 12 EXPLOITS AND VULNERABILITIES: Java Vulnerabilities Remain a Major Concern 13 TARGETED ATTACKS: Sykipot Targets Aviation Data 15 Appendix

3 Introduction News about cybercrime circulated in recent months. The takedown of Liberty Reserve, an illegal digital currency system, and the recent seizure of the online black market, Silk Road, were among the many incidents this quarter that triggered greater public awareness of online threats. 1 The arrest of the alleged Blackhole Exploit Kit creator in October also proved that cybercrime is indeed a business that thrives right under our noses. 2 Cybercriminals continued to refine their techniques this quarter. Online banking malware infections increased in several regions, including the United States and Japan. We also caught a glimpse of the massive scale of compromised sites. Our research on BKDR_FIDOBOT showed that the backdoor was used to attack more than 17,000 domains in a day. We also observed malware operation refinements like EXPIRO s use of the Styx Exploit Kit and MEVADE malware s use of The Onion Router (TOR) network. On the mobile front, the number of malicious and high-risk Android apps surpassed the 1-million mark like we predicted. A significant portion of these dangerous apps were disguised as either fake or Trojanized versions of popular apps. Internet Explorer and Java security issues continued to put computers at risk, as a couple of zero-day exploits were discovered this quarter. Document exploits remained a staple in spear-phishing s related to targeted attacks though we noted improvements in the Sykipot malware family, which now targets information related to civil aviation.

4 CYBERCRIME Takedowns, Banking Trojans, Site Compromises, and Refined Malware Techniques Seen Law enforcement agencies took home several wins, affecting the current threat landscape. The Liberty Reserve takedown caused cybercriminals to scramble for alternative currencies. They had to resort to other means like using Bitcoins to continue their operations. The infamous Silk Road takedown also showed the hidden but equally nefarious side of cybercrime, particularly the use of the Deep Web to hide illegal site networks. Lastly, the alleged Blackhole Exploit Kit author known as Paunch made headlines when he was arrested in early October. 3 These positive developments in law enforcement spurred awareness of cybercriminal underground elements that most Internet users were not privy to. 4 Overall Trend Micro Smart Protection Network Numbers 8B 7B 6B 5B 2,876 2, B 7.5B 574M 495M 606M 414M 2, B 586M 392M NUMBER OF THREATS BLOCKED PER SECOND TOTAL NUMBER OF THREATS BLOCKED 4B 3B 6.4B 6.5B 6.2B NUMBER OF MALICIOUS FILES BLOCKED 2B NUMBER OF MALICIOUS URLs BLOCKED 1B 0 JUL AUG SEP NUMBER OF SPAM- SENDING IP ADDRESSES BLOCKED We were able to protect Trend Micro customers from an average of 2,797 threats per second this quarter. 1 Cybercrime

5 DOWNAD/Conficker remained the top malware this quarter. Adware packaged with fake software offers continued to victimize Internet users. Despite being the top malware though, the number of DOWNAD/ Conficker infections decreased to 345,000 from last quarter s 509,000, possibly due to number of users who upgraded OSs in light of the impending end of support for Windows XP. Top Malware WORM_DOWNAD.AD 345K ADW_BPROTECT 246K ADW_BHO 238K 100,000 1, DOWNAD/Conficker remained the top malware for three consecutive quarters while adware continued to trail behind. 2 Cybercrime

6 Top Malware by Segment ENTERPRISE SMB CONSUMER NAME VOLUME NAME VOLUME NAME VOLUME WORM_DOWNAD.AD 205K WORM_DOWNAD.AD 33K ADW_BHO 158K ADW_BPROTECT 28K HKTL_PASSVIEW 7K ADW_BPROTECT 138K PE_SALITY.RL 17K TROJ_FAKEAV.BMC 5K TROJ_FAKEAV.BMC 87K Consumers likely download adware most because they were often packaged with fake free software. Enterprises and small and medium-sized businesses (SMBs), meanwhile, were most affected by DOWNAD/Conficker. Banking Trojan Volume Surge The online banking malware volume surged this quarter. They spread across the globe and no longer concentrated on certain regions like Europe and the Americas. We continued to see this trend, with infection counts going beyond the 200,000 mark, the highest infection number since K Online Banking Malware Infections 200K 202K 150K 100K 131K 113K 110K 146K 132K 125K K 0 Q1 Q2 Q3 Q4 Online banking malware accounted for more than 200,000 detections this quarter the highest-recorded volume since Cybercrime

7 Top Online Banking Victim Countries A large portion of online banking malware infections were due to ZeuS/ZBOT Trojans. ZeuS/ZBOT variants were, in fact, the most distributed malware by spam this quarter. New ZBOT variants emerged, specifically KINS malware, which came armed with anti-debugging and anti-analysis routines. Citadel variants, meanwhile, continued to plague Japan, particularly targeting financial institutions and varied Webmail services like Yahoo! Japan and Gmail, among others. 5 COUNTRY SHARE USA 23% Brazil 16% Japan 12% India 6% Australia 3% France 3% Germany 2% Vietnam 2% Taiwan 2% Mexico 2% Others 29% The United States and Brazil remained the most-affected countries by online banking malware. Japan, meanwhile, rose to the third from the fifth spot last quarter, largely due to the increase in Citadel malware infections. Compromising Sites: A Norm? Cybercriminals routinely use compromised sites to hide their tracks and host malware, spam templates, and redirection tools. Spambots like Stealrat heavily relied on techniques like using compromised sites to cloak malicious operations. 6 How Users End Up on Compromised Sites Data sent to compromised site 1 is used to construct template Victim gathers spam data* from spam server then sends to compromised site 1 User receives spam that contains links to compromised site 2 * Spam data includes the backup server's URL, the sender's name, the recipient's address, and the template. 4 Cybercrime

8 We got a glimpse of the scale of site compromises by investigating BKDR_ FIDOBOT. This backdoor brute-forced its way into sites that ran on either Joomla! or WordPress and was used to attack more than 17,000 domains in a single day. 7 The majority of affected sites were either owned by individuals or small businesses and hosted in the United States. Refined Malware Techniques and Hidden Networks Other notable malware this quarter include EXPIRO. 8 The malware first surfaced in 2010 and was known to infect files. Recent variants that emerged this quarter, however, stole FTP credentials. The EXPIRO variants used in attacks last July were also distributed using the Styx Exploit Kit. 9 In the latter part of August, we observed MEVADE malware download a TOR component to initiate widespread connections to specific sites. 10 This was the reason behind reports of a growth in the number of TOR users. 11 TOR allowed cybercriminals to more effectively hide their command-and-control (C&C) servers. It is also virtually impossible to take down a TOR-hidden service. MEVADE malware also spread alongside certain adware variants via a downloader disguised as an Adobe Flash Player update. 12 When Popular Online Banking Crimeware Were Discovered ZeuS Gozi Carberp and SpyEye Cridex, Shylock, Tatanga, Ice IX, and Citadel Tinba, Zitmo, and Spitmo KINS This quarter, we saw a resurgence of banking malware, which started making headlines with the introduction of the ZeuS toolkit way back in Cybercrime

9 MOBILE Mobile Malware and High-Risk Apps: 1-Million Strong Before 2013 ended, the number of malicious and high-risk apps targeting the Android platform reached the 1-million mark. Among these, 80% were malicious in nature, topped by premium service abusers. Premium service abusers are known to send unauthorized text messages to certain numbers and often register users to premium-rate services. This type of malicious app is especially popular in Russia, most likely due to the country s lack of standard app stores. 13 The remaining 20% were considered highrisk apps, including those that aggressively pushed ads to users, also known as adware. Adware infections eventually lead to device information theft. 1M.5M 0 Android Threat Volume Growth JUL 820K AUG 851K SEP 1M The number of malicious and high-risk apps steadily increased from July to August but, come September, reached the 1-million mark. 60% 55% Top Threat Type Distribution 40% 20% 27% 22% 12% 9% 2% 0 PREMIUM SERVICE ABUSER ADWARE DATA STEALER REMOTE CONTROLLER MALICIOUS DOWNLOADER HACKING TOOL Like last quarter, premium service abusers comprised more than half of the mobile threats this quarter though the number of mobile adware also increased to regain the top 2 post. 6 Mobile

10 Top Android Malware Families 1. OPFAKE 2. FAKEINST 3. GOYEAR 4. GINMASTER 5. JIFAKE 6. MSEG 7. ADPANDA 8. ADTGPTT 9. BOXER 10. SMSREG Others 27% 24% 10% 7% 6% 4% 3% 3% 2% 2% 12% Cross-Platform Threats Pose Mobile Security Risks Beyond the dangers malicious apps posed, mobile devices were also hit by threats that transcended platforms. These include a fake WhatsApp containing a link that, when clicked using a mobile device, may lead to a site that hosts a premium service abuser. 14 This was not the first time that mobile devices were targeted by multi-platform threats. In this case though, the attackers opted to use spam as infection vector instead of relying on a more direct approach like blackhat search engine optimization (SEO) or social media abuse. Another cross-platform issue was the rise of the number of phishing sites specifically designed for mobile devices. According to data we gathered from January to September this year, we noted a 53% increase in the number of phishing sites compared with the same period last year. This quarter, 42% of the sites spoofed banks and other financial institutions Mobile

11 Vulnerabilities and Exploits Compound Mobile Security Woes The discovery of the master key vulnerability last quarter highlighted cybercriminals ability to find ways to update legitimate apps with malicious code to affect nearly every Android device. This quarter, we witnessed continued abuse of this vulnerability to churn out Trojanized versions of a well-known online banking app. 16 The Black Hat cybersecurity conference last July additionally touched on other points pertaining to mobile security. A SIM card flaw that could allow attackers to obtain a its digital key was, for instance, discovered. Also at the conference, researchers from the Georgia Institute of Technology showed off a proof-of-concept (POC) charger that could allow attackers to execute malicious commands on devices that ran on the latest ios version. 17 Where Users Stumbled Upon Malicious and High-Risk Apps APP STORES 27% SITES 80% OTHERS 1% While 27% of malicious and high-risk apps came from app stores, they were also seen in other sources like malicious sites. Note that the total only represents 42% of the overall number of malicious apps sourced from August 2010 to September Mobile

12 What Premium Service Abusers Do DELETE DATA can access your 96% SD card data MONITOR MESSAGES can read your 92% messages SEND DEFAULT MESSAGES can send out 86% predefined messages VIEW CONTACTS can access your 48% contact list TRACK LOCATION can track your 14% location Mobile devices are vulnerable to threats like information theft when infected by premium service abusers, which remained the top mobile threat type this quarter. Based on research covering the period, November 2012 May 2013, premium service abusers can affect devices in various ways. 9 Mobile

13 DIGITAL LIFE On Privacy and Data Theft: A New Identity Crisis Recent events and threats surrounding social media and personal information paved the way for resurfacing issues on data security, also known as a new type of identity crisis. Internet users are still constantly being challenged by managing and preventing their personal information from falling into cybercriminals hands. Among the numerous threats that aim to steal personal information, phishing scams made a notable impact this quarter due to a massive increase in Apple-related phishing sites. 18 The spike was likely caused by the clamor for the latest Apple products and developments over the past few months, including rumors last May about the ios 7 release. Another spike in the phishing site volume was seen last June and July when rumors about the iphone 5c spread. Last September, we saw a spam run use the newly released iphone models as lure to steal personally identifiable information (PII). 19 Apple-Related Phishing Page Volume Growth 6K 5,800 5K 4,100 4K 3K 2,500 2K 1,800 1,900 1K JAN FEB MAR APR MAY JUN JUL AUG SEP The rise in Apple-related phishing pages continued even after the huge spike last May. 10 Digital Life

14 Mobile banking users were not spared from attacks that leveraged similar social engineering techniques. We found a phishing site that mimicked a well-known financial institution designed to gather crucial data like log-in credentials, addresses, and even government-issued IDs. 20 Security threats on social media persisted this quarter, most notably those that took advantage of users with rich digital lives. A free followers scam showed how cybercriminals made a quick buck by offering fake followers, likes, and retweets to interested buyers. 21 Threats targeting social media were not limited to free followers scams this quarter. We also saw malware disguised as fake video player updates make the rounds on social networking sites. When installed, they hijacked users social media account credentials, specifically those for Facebook, Google+, and Twitter. 22 This quarter was also plagued by a slew of fake Twitter accounts that lured followers to sites that supposedly hosted hacking tools for both Facebook and Twitter but instead led to survey scams. 23 Despite these security setbacks, some positive developments pertaining to managing online accounts were introduced. These include the Touch ID fingerprint sensor on the iphone 5s, a security tool meant to make it easier for owners to unlock their phones compared with using a PIN code. 24 Though Apple s effort to secure users online accounts was commendable, it must not be considered a cure-all because user behavior is still a crucial security factor. Notable Social Engineering Lures Used OBAMACARE WHATSAPP SUMMER MOVIES PLANTS vs. ZOMBIES ENDER S GAME ROYAL BABY iphone 5s and 5c 11 Digital Life

15 EXPLOITS AND VULNERABILTIES Java Vulnerabilities Remain a Major Concern After several zero-day incidents at the beginning of the year, Java vulnerabilities remained a crucial concern. This quarter, a Java 6 vulnerability exploit was included in the Neutrino Exploit Kit. 25, 26 Because Oracle stopped supporting this version, all affected software will no longer receive security updates and fixes, including for the recently identified bug. Even worse, the Oracle announcement means that around 31 recently disclosed vulnerabilities will never be patched. How Exploits Dodge Security Just a week after the September Patch Tuesday, a zero-day Internet Explorer exploit that affected even the latest version was discovered. 27 Microsoft immediately released a fix to address the issue though. Old vulnerabilities remained a favorite cybercriminal target, as our research on Apache Struts showed. 28 Our investigation revealed that the Chinese underground created automated tools to exploit bugs in older versions of Apache Struts, just three days after the flaws were made known to the public. 1 Crawl URL A 2 Check if IP address is in database 4 Site loads MALICIOUS SITE A 3 If IP address is not in database *Attackers keep a list of IP addresses they believe researchers use and block access from these. RESEARCHER BACKEND DATABASE 5 Crawl URL B 6 Check if IP address is in database 8 Site does not load MALICIOUS SITE B 7 If IP address is in database 12 Exploits and Vulnerabilties

16 TARGETED ATTACKS Sykipot Targets Aviation Data Targeted attack campaigns continued to go after various targets like governments, large organizations, and enterprises. Attackers typically aim to exfiltrate or steal data from targets. One such campaign that recently underwent some modifications was Sykipot. The Sykipot campaign was first seen in It initially targeted industries like telecommunications, computer, government, and aerospace, among others but remains active to this day. 29 We did observe recent changes to the campaign s operations though, including using updated identifiers, drive-by exploits, and dynamic link library (DLL)/ process injections. It now also targets civil aviation information. While monitoring targeted attacks, we continued to see the use of old, patched vulnerabilities in spear-phishing attacks. One widely attacked vulnerability was the MSCOMCTL.OCX RCE Vulnerability, also known as CVE , which was addressed by Microsoft with MS as early as April last year. 30 Following the release of the latest Apache Struts version, meanwhile, we found automated tools that exploit vulnerabilities found in older versions of the software sold underground. We also saw some targeted attacks exploit the said bugs in Asia..PKZIP and.mime files were the top file types threat actors used to attack their intended victims via spear phishing. Common file types like documents and spreadsheets were also used to gain entry to target networks. 13 Targeted Attacks

17 File Types Used in Spear-Phishing s Related to Targeted Attacks MIME PKZIP RAR RTF PPS/PPT DOC EXE/DLL JUL AUG SEP XLS ZIP PDF 0 10% 20% 30% 40% 50% Government agencies were the top attack targets this quarter, followed by telecommunications and IT/software companies. Enterprises should fortify their networks to avoid becoming a victim of targeted attacks. 14 Targeted Attacks

18 Appendix Top Spam Languages 1. English 2. Chinese 3. Japanese 4. German 5. Russian 6. Portuguese 7. Spanish 8. French 9. Icelandic 10. Turkish Others 89.39% 2.49% 1.88% 0.95% 0.70% 0.24% 0.16% 0.08% 0.07% 0.05% 3.99% English remained spammers most preferred language because it is most used worldwide. Top Spam-Sending Countries 1. USA 2. Argentina 3. Italy 4. Spain 5. India 6. Taiwan 7. Colombia 8. Peru 9. Mexico 10. Germany Others 9.16% 6.71% 6.69% 6.45% 6.16% 4.31% 4.26% 3.97% 3.82% 3.27% 45.20% Consistent with the top spamming language, the USA sent out the most spam. Latin American countries like Argentina, Spain, Colombia, Mexico, and Peru remained part of the top Appendix

19 Top Malicious Domains Blocked DOMAINS ads.alpha00001.com trafficconverter.biz http :// adsgangsta. com http :// www. ody. cc az7t8.com ckstatic.com announce.opensharing.org promos.fling.com http :// labambaka. com international-spcsz.ru REASONS Hijacks well-known web browsers to redirect users to fake sites, including ad sites Hosts and distributes worms, particularly DOWNAD/Conficker Related to exploit kit operations Related to sites hosting BKDR_HPGN.B-CN Involved in attacking high-traffic sites Involved in attacking high-traffic sites Hosted hacking software and used in peer-to-peer Involved in a zombie network spread from an adult dating site. Hosts and distributes malware, related to spamming Hosts and distributes malware, related to spamming The top malicious domains this quarter hosted sites that hijacked Web browsers to redirect users to fake ad sites. This most likely led to the increase in adware this quarter. Number of Connections to Botnets per Month JULY 12.7M AUGUST 10.7M SEPTEMBER 13.9M 0 2M 4M 6M 8M 10M 12M 14M The number of connections to botnets increased in July but dipped in August before rising again in September. 16 Appendix

20 Malicious URL Country Sources COUNTRY SHARE 1 USA 24% 2 Netherlands 3% 3 China 3% 4 Germany 3% 5 France 3% 6 South Korea 2% 7 UK 2% 8 Russia 1% 9 Japan 1% 10 Canada 1% Others 57% Like last quarter, a significant share of the malicious URLs found this quarter were hosted in the United States. Countries That Most Accessed Malicious URLs COUNTRY SHARE 1 USA 35% 2 Japan 14% 3 China 7% 4 India 4% 5 Taiwan 4% 6 South Korea 4% 7 Germany 3% 8 Australia 3% 9 Russia 2% 10 UK 2% Others 22% Most of the users that accessed malicious URLs were from the United States this quarter. 17 Appendix

21 Countries with the Greatest Number of Botnet Connections COUNTRY SHARE 1 USA 25% 2 Malaysia 19% 3 Portugal 4% 4 Russia 4% 5 Canada 4% 6 South Korea 4% 7 Belgium 3% 8 Colombia 2% 9 Germany 2% 10 Netherlands 2% Others 31% The United States recorded the greatest number of connections to botnets this quarter. Malaysia slipped to second place, as the political tension subsided in the country. Countries with the Highest Malicious Android App Download Volumes 1. Ukraine 2. Myanmar [Burma] 13% 10% Libya 4. Nigeria 5. Vietnam 6. Russia 9% 7% 5% 4% Argentina 8. Antigua and Barbuda 4% 4% 7 9. Canada 3% 10. India 3% Ukraine recorded the highest malicious app download volume, overtaking the UAE, which dropped out of the list. This could be attributed to the increased in popularity of smartphones in Eastern Europe. The mobile growth in Nigeria and Argentina could also be the reason for their inclusion. The ranking was based on the percentage of apps categorized as malicious over the total number of apps scanned per country. The ranking was, however, limited to countries with at least 10,000 scans. 18 Appendix

22 Countries Most at Risk of Privacy Exposure Due to App Use 1. Kazakhstan 2. Uganda 3. Ukraine 26% 20% 11% India 5. Argentina 10% 9% Philippines 7% 7. Antigua and Barbuda 8. Thailand 7% 7% 5 9. Canada 7% 10. Myanmar [Burma] 6% This quarter, new entries like Kazakhstan, Uganda, and Ukraine topped the list of countries most at risk of privacy exposure. This could be partly due to the growing popularity of smartphones in the countries. The ranking was based on the percentage of apps categorized as privacy risk inducers over the total number of apps scanned per country. The ranking was, however, limited to countries with at least 10,000 scans. 19 Appendix

23 References 1. Trend Micro Incorporated. (July 16, 2013). TrendLabs Security Intelligence Blog. Post Liberty Reserve Shutdown What Is Next? Last accessed October 29, 2013, 2. Charlie Osborne. (October 9, 2013). ZDNet. Blackhole Malware Toolkit Creator Paunch Suspect Arrested. Last accessed October 29, 2013, 3. Merianne Polintan. (September 16, 2013). TrendLabs Security Intelligence Blog. ZeuS/ZBOT Most Distributed Malware by Spam in August. Last accessed October 29, 2013, 4. Gelo Abendan. (August 20, 2013). TrendLabs Security Intelligence Blog. Can KINS Be the Next ZeuS? Last accessed October 29, 2013, trendmicro.com/trendlabs-security-intelligence/can-kins-be-the-next-zeus/. 5. Trend Micro Incorporated. (September 2, 2013). TrendLabs Security Intelligence Blog. Citadel Makes a Comeback, Targets Japan Users. Last accessed October 29, 2013, 6. Jessa De La Torre. (August 5, 2013). TrendLabs Security Intelligence Blog. How to Check If Your Website Is Part of the Stealrat Botnet. Last accessed, October 29, 2013, 7. Philippe Lin. (September 5, 2013). TrendLabs Security Intelligence Blog. Joomla! and WordPress Sites Under Constant Attack from Botnets. Last accessed October 29, 2013, 8. Rhena Inocencio. (July 15, 2013). TrendLabs Security Intelligence Blog. File Infector EXPIRO Hits U.S., Steals FTP Credentials. Last accessed October 29, 2013, 9. Trend Micro Incorporated. (July 19, 2013). TrendLabs Security Intelligence Blog. More Details on EXPIRO File Infectors. Last accessed October 29, 2013, 10. Feike Hacquebord. (September 5, 2013). TrendLabs Security Intelligence Blog. The Mysterious MEVADE Malware. Last accessed October 29, 2013, 11. Roger Dingledine. (August 27, 2013). Tor Project. Many More TOR Users in the Past Week? Last accessed October 29, 2013, https://lists.torproject. org/pipermail/tor-talk/2013-august/ html. 12. Roddell Santos. (September 6, 2013). TrendLabs Security Intelligence Blog. Adware Spread Alongside MEVADE Variants, Hits Japan and U.S. Last accessed October 29, 2013, 13. Rowena Diocton. (September 17, 2013). TrendLabs Security Intelligence Blog. Connecting the Dots: Fake Apps, Russia, and the Mobile Web. Last accessed October 29, 2013, 14. Peter Yan. (September 13, 2013). TrendLabs Security Intelligence Blog. Spam Leads to Multi-Platform Mobile Threat. Last accessed, October 29, 2013, 15. Trend Micro Incorporated. (2013). Monthly Mobile Review. A Look at Mobile Banking Threats. Last accessed October 29, 2013, trendmicro.com/us/mobile/monthly-mobile-review/ mobile-banking-threats. 16. Peter Yan. (August 2, 2013). TrendLabs Security Intelligence Blog. Master Key Android Vulnerability Used to Trojanize Banking App. Last accessed October 29, 2013, 17. Gelo Abendan. (August 8, 2013). TrendLabs Security Intelligence Blog. Exploiting Vulnerabilities: The Other Side of Mobile Threats. Last accessed October 29, 2013, 18. Paul Pajares. (October 1, 2013). TrendLabs Security Intelligence Blog. Apple Spikes as Phishing Target. Last accessed October 29, 2013, trendmicro.com/trendlabs-security-intelligence/apple-spikes-as-phishing-target/. 19. Merianne Polintan. (September 10, 2013). TrendLabs Security Intelligence Blog. iphone 5s Phishing Mail Arrives in Time for Launch. Last accessed October 29, 2013, 20 References

24 20. Arabelle Ebora. (August 13, 2013). TrendLabs Security Intelligence Blog. Mobile Phishing Attack Asks for Government IDs. Last accessed October 29, 2013, 21. Karla Agregado. (August 1, 2013). TrendLabs Security Intelligence Blog. From Fame to Shame: Busting the Free Followers Myth in Social Media. Last accessed October 29, 2013, 22. Don Ladrones. (July 30, 2013). TrendLabs Security Intelligence Blog. Malware Hijacks Social Media Accounts Via Browser Add-Ons. Last accessed October 29, 2013, 23. Jonathan Leopando. (October ). TrendLabs Security Intelligence Blog. Twitter Still Being Used by Shady Hackers. Last accessed, October 29, 2013, 24. Paul Oliveria. (September 17, 2013). TrendLabs Security Intelligence Blog. Fingerprint Scans, Passwords, and Managing Online Accounts. Last accessed October 29, 2013, 25. Gelo Abendan. (August 27, 2013). TrendLabs Security Intelligence Blog. Java 6 Zero-Day Exploit Pushes Users to Shift to Latest Java Version. Last accessed October 29, 2013, 26. Anthony Melgarejo. (March 12, 2013). TrendLabs Security Intelligence Blog. A New Exploit Kit in Neutrino. Last accessed October 29, 2013, blog.trendmicro.com/trendlabs-security-intelligence/a-new-exploit-kit-in-neutrino/. 27. Pavan Thorat. (September 18, 2013). TrendLabs Security Intelligence Blog. New IE Zero Day Is Actively Exploited in Targeted Attacks. Last accessed October 29, 2013, 28. Noriyaki Hayashi. (August 14, 2013). TrendLabs Security Intelligence Blog. Chinese Underground Creates Tool Exploiting Apache Struts Vulnerability. Last accessed October 29, 2013, 29. Darin Dutcher. (September 4, 2013). TrendLabs Security Intelligence Blog. Sykipot Now Targeting U.S. Civil Aviation Sector Information. Last accessed October 29, 2013, 30. Trend Micro Incorporated. (2012) Threat Encyclopedia. MSCOMCTL.OCX RCE Vulnerability (CVE ). Last accessed October 29, 2013, 21 References

Web. Paul Pajares and Max Goncharov. Connection. Edition. ios platform are also at risk, as. numbers via browser-based social.

Web. Paul Pajares and Max Goncharov. Connection. Edition. ios platform are also at risk, as. numbers via browser-based social. RESEARCHBRIEF Fake Apps, Russia, and the Mobile Making the SMSS Fraud Connection Paul Pajares and Max Goncharov Web News of an SMS fraud service affecting many countries first broke out in Russia in 2010.

More information

RESEARCHBRIEF. Beyond Online Gaming Cybercrime: Revisiting the Chinese Underground Market

RESEARCHBRIEF. Beyond Online Gaming Cybercrime: Revisiting the Chinese Underground Market RESEARCHBRIEF Beyond Online Gaming Cybercrime: Revisiting the Chinese Underground Market Lion Gu After taking a grand tour of the Chinese underground market last year, let s revisit it and see what has

More information

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher TrendLabs When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher Advanced persistent threats (APTs) refer to a category

More information

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is.

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is. TrendLabs Everyone s online, but not everyone s secure. It s up to you to make sure that your family is. We live out our digital lives on the Internet. There, communication is quicker and easier, and our

More information

Learn about each tool in parental controls and find out how you can use them to secure you and your family.

Learn about each tool in parental controls and find out how you can use them to secure you and your family. TrendLabs Parental controls are not just for your kids. Online threats, after all, affect everyone. Effective use of parental controls, combined with proper know-how on dealing with online threats, can

More information

From Russia with Love

From Russia with Love A Trend Micro Research Paper From Russia with Love Behind the Trend Micro-NBC News Honeypots Kyle Wilhoit Forward-Looking Threat Research Team Contents Introduction...1 Environment Setup...1 User Activity...2

More information

A number of factors contribute to the diminished regard for security:

A number of factors contribute to the diminished regard for security: TrendLabs Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

Managing Your Legacy Systems: What Will Life Be Like After Windows Server 2003?

Managing Your Legacy Systems: What Will Life Be Like After Windows Server 2003? Managing Your Legacy Systems: What Will Life Be Like After Windows Server 2003? After Microsoft ended support for Windows XP last April 8, 2014, users and organizations alike that continued to use the

More information

How Do Threat Actors Move Deeper Into Your Network?

How Do Threat Actors Move Deeper Into Your Network? SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is

More information

A number of factors contribute to the diminished regard for security:

A number of factors contribute to the diminished regard for security: TrendLabs Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand

More information

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

BUGAT TROJAN JOINS THE MOBILE REVOLUTION BUGAT TROJAN JOINS THE MOBILE REVOLUTION June 2013 RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat s developers managed to develop and deploy mobile malware designed to

More information

Using big data analytics to identify malicious content: a case study on spam emails

Using big data analytics to identify malicious content: a case study on spam emails Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime

More information

43% Figure 1: Targeted Attack Campaign Diagram

43% Figure 1: Targeted Attack Campaign Diagram TrendLabs Data exfiltration is the final stage of a targeted attack campaign where threat actors steal valuable corporate information while remaining undetected. 1 43% of most serious threats to the company

More information

Email Correlation and Phishing

Email Correlation and Phishing A Trend Micro Research Paper Email Correlation and Phishing How Big Data Analytics Identifies Malicious Messages RungChi Chen Contents Introduction... 3 Phishing in 2013... 3 The State of Email Authentication...

More information

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING? A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed

More information

Have you ever seen an online ad with a product or brand that you searched just ten minutes ago? That s the result of customized advertising.

Have you ever seen an online ad with a product or brand that you searched just ten minutes ago? That s the result of customized advertising. TrendLabs When you go shopping or banking online, you probably take great pains to make sure sensitive information (like your credit card details) remain private. But what about other details, like your

More information

Microsoft Security Intelligence Report

Microsoft Security Intelligence Report Microsoft Security Intelligence Report Volume 16 July through December, 2013 Key Findings Summary This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY,

More information

THE SOUTH KOREAN FAKE BANKING APP SCAM

THE SOUTH KOREAN FAKE BANKING APP SCAM THE SOUTH KOREAN FAKE BANKING APP SCAM The Yanbian Gang Sets Sights on South Koreans Simon Huang Mobile Threat Research Team CONTENTS Introduction... 1 The Yanbian Gang... 2 Where Did the Gang Get Its

More information

As threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions:

As threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions: TrendLabs Targeted attacks often employ tools and routines that can bypass traditional security and allow threat actors to move deeper into the enterprise network. Threat actors do this to access data

More information

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS May 2012 As of April 30th, 2012 the Citadel Trojan was at its fourth upgrade with Version 1.3.4.0 already in the hands of its customers. Citadel s features, bug

More information

The Mobile Cybercriminal Underground Market in China

The Mobile Cybercriminal Underground Market in China A Trend Micro Research Paper Cybercriminal Underground Economy Series The Mobile Cybercriminal Underground Market in China Lion Gu Forward-Looking Threat Research Team Contents Cybercriminal Underground

More information

This guide aims to get you started on decluttering the most important aspects of your digital life.

This guide aims to get you started on decluttering the most important aspects of your digital life. TrendLabs Harnessing a healthy digital life calls for a lifestyle-check that challenges mobile device users to go beyond simply relying on a security application. Just like cleaning up and reorganizing

More information

MALICIOUS REDIRECTION A Look at DNS-Changing Malware

MALICIOUS REDIRECTION A Look at DNS-Changing Malware MALICIOUS REDIRECTION A Look at DNS-Changing Malware What are Domain Naming System (DNS)-changing malware? These recently garnered a lot of attention due to the recent Esthost takedown that involved a

More information

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security 2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.

More information

Malware Trend Report, Q2 2014 April May June

Malware Trend Report, Q2 2014 April May June Malware Trend Report, Q2 2014 April May June 5 August 2014 Copyright RedSocks B.V. 2014. All Rights Reserved. Table of Contents 1. Introduction... 3 2. Overview... 4 2.1. Collecting Malware... 5 2.2. Processing...

More information

The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection

The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection Trend Micro, Incorporated Marco Dela Vega and Norman Ingal Threat Response Engineers A Trend Micro Research Paper I November

More information

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD April 2013 As cybercriminals will have it, phishing attacks are quite the seasonal trend. It seems that every April, after showing a slight decline

More information

DIGITAL LIFE E-GUIDE. Keeping Your Cloud Data in Check

DIGITAL LIFE E-GUIDE. Keeping Your Cloud Data in Check A DIGITAL LIFE E-GUIDE Keeping Your Cloud Data in Check Creating passwords, installing security software, practicing safe surfing habits these typical security measures are not enough to protect your

More information

SYMANTEC INTELLIGENCE REPORT NOVEMBER 2013

SYMANTEC INTELLIGENCE REPORT NOVEMBER 2013 SYMANTEC INTELLIGENCE REPORT NOVEMBER 2013 p. 2 CONTENTS CONTENTS 3 Executive Summary 4 BIG NUMBERS 7 TARGETED ATTACKS 8 Targeted Attacks in 2013 8 Targeted Attacks per Day 8 First Attacks Logged by Month

More information

EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER

EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER March 2013 Phishing attacks are notorious for their potential harm to online banking and credit card users who may fall prey to phishers looking to steal information

More information

A Trend Micro Research Paper Ice 419 Cybercriminals from Nigeria Use Ice IX and the 419 Scam Loucif Kharouni (Forward-Looking Threat Research Team)

A Trend Micro Research Paper Ice 419 Cybercriminals from Nigeria Use Ice IX and the 419 Scam Loucif Kharouni (Forward-Looking Threat Research Team) A Trend Micro Research Paper Ice 419 Cybercriminals from Nigeria Use Ice IX and the 419 Scam Loucif Kharouni (Forward-Looking Threat Research Team) Contents Introduction...3 Ice IX as an Attack Vector...3

More information

DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS

DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS December 2011 November saw DNS Poisoning, aka Pharming, making the headlines on more than one occasion: To name a few, the online threat

More information

Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS

Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS Trend Micro Incorporated Research Paper 2012 Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS By: Jon Oliver, Sandra Cheng, Lala Manly, Joey Zhu, Roland

More information

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS A Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS Even with today s breakthroughs in online communication, email is still one of the main ways that most

More information

Security Threats to Business, the Digital Lifestyle, and the Cloud. Trend Micro Predictions for 2013 and Beyond

Security Threats to Business, the Digital Lifestyle, and the Cloud. Trend Micro Predictions for 2013 and Beyond Security Threats to Business, the Digital Lifestyle, and the Cloud Trend Micro Predictions for 2013 and Beyond In 2013, managing the security of devices, small business systems, and large enterprise networks

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

How Attackers are Targeting Your Mobile Devices. Wade Williamson

How Attackers are Targeting Your Mobile Devices. Wade Williamson How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best

More information

Targeted Attack Trends in Asia-Pacific

Targeted Attack Trends in Asia-Pacific Targeted Attack Trends in Asia-Pacific A TrendLabs SM Report TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and

More information

Protection for Mac and Linux computers: genuine need or nice to have?

Protection for Mac and Linux computers: genuine need or nice to have? Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent

More information

PANDALABS REPORT Q1 2015 January - March 2015

PANDALABS REPORT Q1 2015 January - March 2015 PANDALABS REPORT Q1 2015 January - March 2015 1. Introduction 2. The quarter in numbers 3. The quarter at a glance Cyber-Crime Social Networks Mobile Malware Cyber-War 4. Conclusion 5. About PandaLabs

More information

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs? A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social

More information

Spyware: Securing gateway and endpoint against data theft

Spyware: Securing gateway and endpoint against data theft Spyware: Securing gateway and endpoint against data theft The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation

More information

Figure 1: A screenshot of a known Zeus variant called Citadel

Figure 1: A screenshot of a known Zeus variant called Citadel Title: Online Data Theft and ZeuS Dropzones (WORKING PAPER) By: Steve Chon, Roderic Broadhurst Organisation: ANU Cybercrime Observatory, Australian National University Website: http://cybercrime.anu.edu.au

More information

Phishing Activity Trends

Phishing Activity Trends Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record

More information

FastPOS: Quick and Easy Credit Card Theft

FastPOS: Quick and Easy Credit Card Theft A TrendLabs Report FastPOS: Quick and Easy Credit Card Theft TrendLabs Security Intelligence Blog Trend Micro Cyber Safety Solutions Team June 2016 Contents Introduction...1 Installation...1 Information

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

INDUSTRY OVERVIEW: FINANCIAL

INDUSTRY OVERVIEW: FINANCIAL ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL

More information

Symantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.

Symantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics. Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based

More information

Trend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox

Trend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...

More information

Managing Web Security in an Increasingly Challenging Threat Landscape

Managing Web Security in an Increasingly Challenging Threat Landscape Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.

More information

Phishing Activity Trends Report for the Month of December, 2007

Phishing Activity Trends Report for the Month of December, 2007 Phishing Activity Trends Report for the Month of December, 2007 Summarization of December Report Findings The total number of unique phishing reports submitted to APWG in December 2007 was 25,683, a decrease

More information

Trend.Micro.incorporated...2012.ANNUAL.SeCURiTY.ROUNDUP. evolved.threats.in.a. Post-PC.World

Trend.Micro.incorporated...2012.ANNUAL.SeCURiTY.ROUNDUP. evolved.threats.in.a. Post-PC.World Trend.Micro.incorporated...2012.ANNUAL.SeCURiTY.ROUNDUP evolved.threats.in.a. Post-PC.World Mobile... 2 Android malware followed the footsteps of Windows threats in terms of history, but at a much faster

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

Protecting against Mobile Attacks

Protecting against Mobile Attacks 2014-APR-17 Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537 2 Agenda Attacks moving to mobile

More information

December 2010 Report #48

December 2010 Report #48 December 2010 Report #48 With the holidays in full gear, Symantec observed an increase of 30 percent in the product spam category as spammers try to push Christmas gifts and other products. While the increase

More information

Cashing in on Digital Information An Onslaught of Online Banking Malware

Cashing in on Digital Information An Onslaught of Online Banking Malware TrendLabs SM 2013 Annual Security Roundup Cashing in on Digital Information An Onslaught of Online Banking Malware Distributed by: and Ransomware Contents 1 CYBERCRIME AND THE CYBERCRIMINAL UNDERGROUND

More information

Kaspersky Lab. Contents

Kaspersky Lab. Contents KASPERSKY DDOS INTELLIGENCE REPORT Q3 2015 Contents Contents... 1 Q3 events... 2 Attacks on financial organizations... 2 Unusual attack scenario... 2 XOR DDoS bot activity... 2 DDoS availability... 3 Statistics

More information

Security Business Review

Security Business Review Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large

More information

Information Security Updates Mobile Security Best Practices for General User

Information Security Updates Mobile Security Best Practices for General User Information Security Updates Mobile Security Best Practices for General User A ccording to research figures from Business Intelligence 1, the number of smartphones sold worldwide has already surpassed

More information

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect

More information

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success HACKER INTELLIGENCE INITIATIVE The Secret Behind 1 1. Introduction The Imperva Application Defense Center (ADC) is a premier research organization for security analysis, vulnerability discovery, and compliance

More information

This document has been provided by the International Center for Not-for-Profit Law (ICNL).

This document has been provided by the International Center for Not-for-Profit Law (ICNL). This document has been provided by the International Center for Not-for-Profit Law (ICNL). ICNL is the leading source for information on the legal environment for civil society and public participation.

More information

Spam in Q1 2014. Contents. Fake notifications from mobile applications. Darya Gudkova

Spam in Q1 2014. Contents. Fake notifications from mobile applications. Darya Gudkova Spam in Q1 2014 Darya Gudkova Contents Fake notifications from mobile applications... 1 Hot topics in spam: the Olympic games... 5 Spammer tricks: creating background noise with HTML tags... 6 Statistics...

More information

May 2011 Report #53. The following trends are highlighted in the May 2011 report:

May 2011 Report #53. The following trends are highlighted in the May 2011 report: May 2011 Report #53 The unexpected raid and resulting death of Osama Bin Laden shocked the world. As always, spammers were quick to jump on this headline, and send a variety of spam messages leveraging

More information

SPAM AND PHISHING IN Q2 2015. Tatyana Shcherbakova, Maria Vergelis, Nadezhda Demidova

SPAM AND PHISHING IN Q2 2015. Tatyana Shcherbakova, Maria Vergelis, Nadezhda Demidova SPAM AND PHISHING Tatyana Shcherbakova, Maria Vergelis, Nadezhda Demidova 2 CONTENT SPAM: FEATURES OF THE QUARTER 3 Noising domains 3 World events in Nigerian spam 4 The Google search algorithm update

More information

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP August 2014 RSA agents recently traced a threat actor advertising a mobile credit card store application. The cybercriminal shared the information

More information

Phishing Activity Trends Report June, 2006

Phishing Activity Trends Report June, 2006 Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account

More information

Operation Liberpy : Keyloggers and information theft in Latin America

Operation Liberpy : Keyloggers and information theft in Latin America Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation

More information

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure! INFOCOMM SEC RITY is INCOMPLETE WITHOUT Be aware, responsible secure! U HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD FASTEN UP!

More information

January 2011 Report #49. The following trends are highlighted in the January 2011 report:

January 2011 Report #49. The following trends are highlighted in the January 2011 report: January 2011 Report #49 Spam made up 81.69% of all messages in December, compared with 84.31% in November. The consistent drop in spam made us wonder, did spammers take a holiday break? Global spam volume

More information

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud 1 st Half 2009 Committed to Wiping Out Internet Scams and Fraud January June 2009 Phishing Report Scope The quarterly APWG analyzes phishing attacks reported to the APWG by its member companies, its Global

More information

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus cdoulig at unipi dot gr Department of Informatics University of Piraeus Safety & Security in Cyber Space: Building up Trust in the EU Athens, 6-7 March 2014 Cybersecurity: where do we stand? Major Trends

More information

PHISH LOCKERS OUT IN THE WILD

PHISH LOCKERS OUT IN THE WILD PHISH LOCKERS OUT IN THE WILD August 2013 RSA researchers have been increasingly witnessing the activity of highly targeted Trojans, dubbed Phish Lockers, used at the hands of cybercriminals to steal credentials.

More information

Beyond Aurora s Veil: A Vulnerable Tale

Beyond Aurora s Veil: A Vulnerable Tale Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF

More information

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper STOP Cybercriminals and security attacks ControlNow TM Whitepaper Table of Contents Introduction 3 What the headlines don t tell you 4 The malware (r)evolution 5 Spear phishing scams 5 Poisoned searches

More information

INTERNET SECURITY THREAT REPORT

INTERNET SECURITY THREAT REPORT APRIL 2015 VOLUME 20 INTERNET SECURITY THREAT REPORT APPENDICES 2 2015 Internet Security Threat Report Appendices THREAT ACTIVITY TRENDS MALICIOUS CODE TRENDS SPAM & FRAUD ACTIVITY TRENDS VULNERABILITY

More information

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

THREAT VISIBILITY & VULNERABILITY ASSESSMENT THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

MOBILE MALWARE REPORT

MOBILE MALWARE REPORT TRUST IN MOBILE MALWARE REPORT THREAT REPORT: H2/2014 CONTENTS At a Glance 03-03 Forecasts and trends 04-04 Current situation: 4.500 new Android malware instances every day 05-05 Third-party App-Stores

More information

Windows Updates vs. Web Threats

Windows Updates vs. Web Threats Windows Updates vs. Web Threats HOW WELL DO WINDOWS UPDATES PROTECT AGAINST MALWARE? Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This test explores how much

More information

KASPERSKY LAB REPORT. Financial cyber threats in 2013

KASPERSKY LAB REPORT. Financial cyber threats in 2013 KASPERSKY LAB REPORT Financial cyber threats in 2013 April 2014 2 Kaspersky Lab Report: Financial cyber threats in 2013 TABLE OF CONTENTS Introduction. Money and risks in a multi-device world 3 Methodology

More information

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and

More information

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains TECHNICAL REPORT An Analysis of Domain Silver, Inc..pl Domains July 31, 2013 CONTENTS Contents 1 Introduction 2 2 Registry, registrar and registrant 3 2.1 Rogue registrar..................................

More information

Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response

Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response Dragonfly: Western Energy Companies Under Sabotage Threat 1 What is Dragonfly? Ongoing cyberespionage campaign Targeting the

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

The Advanced Cyber Attack Landscape

The Advanced Cyber Attack Landscape The Advanced Cyber Attack Landscape FireEye, Inc. The Advanced Cyber Attack Landscape 1 Contents Executive Summary 3 Introduction 4 The Data Source for this Report 5 Finding 1 5 Malware has become a multinational

More information

DATA SHEET. What Darktrace Finds

DATA SHEET. What Darktrace Finds DATA SHEET What Darktrace Finds Darktrace finds anomalies that bypass other security tools, due to the uniqueness of the Enterprise Immune System, capable of detecting threats without reliance on rules,

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Microsoft Security Intelligence Report volume 7 (January through June 2009) Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and

More information

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available

More information

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious

More information

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss Commissioned Study SURVEY: Web Threats Expose Businesses to Data Loss Introduction Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey

More information

Security A to Z the most important terms

Security A to Z the most important terms Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from

More information

Protect Your Business and Customers from Online Fraud

Protect Your Business and Customers from Online Fraud DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently

More information

MALWARE REPORT HALF-YEAR-REPORT JANUARY JUNE 2015 G DATA SECURITYLABS

MALWARE REPORT HALF-YEAR-REPORT JANUARY JUNE 2015 G DATA SECURITYLABS G DATA SECURITYLABS MALWARE REPORT HALF-YEAR-REPORT JANUARY JUNE 2015 G DATA SECURITYLABS CONTENTS CONTENTS... 1 AT A GLANCE... 2 MALWARE STATISTICS... 3 Risk Monitor... 3 WEBSITE ANALYSES... 5 Categories

More information

Be Prepared for Java Zero-day Attacks

Be Prepared for Java Zero-day Attacks Threat Report Be Prepared for Java Zero-day Attacks Malware Analysis: Malicious Codes spread via cloud-based data storage services December 19, 2013 Content Overview... 3 Distributing Malicious E-mails

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information