2013년 12월 10일 화요일

Kaspersky Security Bulletin 2013. Overall statistics for 2013(summary)

2013 in figures
  • According to KSN data, in 2013 Kaspersky Lab products neutralized 5 188 740 554 cyber-attacks on user computers and mobile devices 104 427 new modifications of malicious programs for mobile devices were detected.
  • Kaspersky Lab products neutralized 1 700 870 654 attacks launched from online resources located all over the world.
  • Kaspersky Lab products detected almost 3 billion malware attacks on user computers. A total of 1.8 million malicious and potentially unwanted programs were detected in these attacks.
  • 45% of web attacks neutralized by Kaspersky Lab products were launched from malicious web resources located in the USA and Russia. 

Mobile Threats

The mobile world is one the fastest-developing IT security areas. In 2013 security issues around mobiles have reached new heights and attained a new level of maturity in terms of both quality and quantity. If 2011 was the year when mobile malware gained traction, especially in Android-land, and 2012 was the year of mobile malware diversification, then 2013 saw mobile malware come of age. It’s no great surprise that mobile malware is approaching the PC threat landscape in terms of cybercriminal business models and technical methods; however the speed of this development is remarkable.

Obad, probably the most remarkable discovery in the mobile field, is being distributed by multiple methods, including an pre-established botnet. Android-based smartphones infected with Trojan-SMS.AndroidOS.Opfake.a are used as multipliers, sending text messages containing malicious links to every contact on the victim’s device. This has been common practice in the PC threat landscape and is a popular service provided by bot-herders in underground cybercriminal economy.

Mobile botnets actually offer a significant advantage over traditional botnets: smartphones are rarely shut down, making the botnet far more reliable since almost all its assets are always available and ready for new instructions. Common tasks performed by botnets include mass spam mail-outs, DDoS attacks and mass spying on personal information, all of them non-demanding actions in terms of performance and easily achieved on smartphones. The MTK botnet, appearing in early 2013, and Opfake, among many others, are proof that mobile botnets are no longer just a playground for cybercriminals, but have become common practice to serve the main purpose: financial profit.

  Significant Events
  1. Mobile Banking Trojans
    These include mobile phishing, theft of credit card information, from a bank card to the mobile account and finally to a QIWI wallet. In 2013 we also saw mobile Trojans which could check on the victim’s balance to ensure the maximum profit.
  2. Mobile Botnets
    As stated above, botnet functionalities offer greater flexibility in illegal money-making schemes. This trend has now reached the mobile world and is here to stay. According to our estimates, about 60% of mobile malware includes elements of large or small botnets.
  3. Backdoor.AndroidOS.Obad
    This malware is probably found to date, including a staggering total of three exploits, a backdoor, SMS Trojan and bot capabilities and further functionalities. It’s a kind of Swiss Army knife, comprising a whole range of different tools.
  4. Using GCM to control botnets
    Cybercriminals have discovered a way to use Google Cloud Messaging (GCM) to control zombie devices in a botnet. This method is used by a relatively small number of malicious programs, but some of them are widespread. The execution of commands received from GCM is performed by the GCM system and it is impossible to block them directly on an infected device.
  5. APT attacks against Uyghur activists
    We’ve seen both Windows and Mac OS X malware deployed against . PDF, XLS, DOC and ZIP files were sent in e-mails to perform the attacks in the past. APK files have now been added to the arsenal, spying on the personal information stored on the victim’s device and also transmiting its location.
  6. Vulnerabilities in Android
    In a nutshell, we have seen exploits targeting Android for three purposes: to circumvent Android’s app integrity check on installation (also known as master key vulnerability, to gain enhanced rights, and to hinder the analysis of an app. The latter two types were also used in Obad.
  7. Attacks on PCs through an Android device
    While we have seen PC malware that can infect smartphones, we have also come across that does it the other way round. When an infected Android device is connected to a PC in the USB drive emulation mode, its malicious payload is launched.
Statistics

In terms of the mobile operating systems that are being targeted by malware, nothing has significantly changed in 2013. Android is still target number one, attracting a whopping 98.05% of known malware. No other OS gets anywhere close, as seen below. The reasons for this are Android’s leading market position, the prevalence of third party app stores and the fact that Android has a rather open architecture, making it easy to use for both app developers and malware authors alike. We do not expect this trend to change in near future.


<Mobile malware distribution by platform>


To date we have collected 8,260,509 unique malware installation packs. Note that different installation packs may launch applications with the same features. The difference is in the malware interface and, for instance, the content of the text messages they send out.

The total number of mobile malware samples in our collection is 148,778 at the time of writing – 104,421 of them were found in 2013. October alone has seen 19,966 modifications, half the total that Kaspersky Lab found in the whole of 2012. Fortunately, this is this far from the situation we’re experiencing in the PC world, where we process a stream of more than 315,000 malware samples per day in our lab. Still, the trend is highly visible and continuing.

<Number of mobile malware samples in our collection>


Among mobile malware, SMS Trojans are still leading the field:

<Malware distribution by behavior type>

However, SMS Trojans, with a few exceptions, have evolved into bots, so we can easily unite the leaders of both into a single category – Backdoor Malware. So, 62% of malicious applications are elements of mobile botnets.

댓글 없음:

댓글 쓰기