Java exploits on the rise, Android malware break out of app stores

• Nearly 60% of F-Secure’s top 10 detections in the first half of 2013 were exploits
• Android malware reaching the highly developed level of Windows threats

A CONTINUED rise in exploit-based attacks, particularly against Java, and an increasing sophistication in mobile threats characterised the first half of 2013, according to F-Secure’s new Threat Report H1 2013.
 
In the report, published Sept 24, nearly 60% of F-Secure’s top 10 detections in the first half of 2013 were exploits, the cybersecurity company said in a statement.
 
Exploits the most common attack vector
 
The high percentage of exploits detected by F-Secure is a good thing, according to Sean Sullivan, security advisor at F-Secure Labs.
 
“The fact that the majority of our top 10 detections are blocking exploits rather than dealing with payloads … means we’re doing a good job of making sure the malware itself doesn’t even get the chance to enter the machine,” he said.
 
Users in the United States saw the most vulnerability-related attacks, with 78 out of every 1,000 users encountering an exploit attempt. Germany and Belgium followed with 60 out of 1,000 encountering exploit attempts.
 
Java-targeted exploits lead the pack of exploits as a whole, making up almost half of the top 10 detections, up from a third the previous half-year.
 
Exploits are programs, but they are simply another vehicle for getting malware onto a machine, like an infected USB drive or email, F-Secure said.
 
Usually attacking via malicious or compromised websites, they take advantage of flaws in the code of a computer’s installed applications to access the computer and infect it with malware that can spy on the user, steal passwords or other sensitive data, or allow cybercriminals to take control of the machine.
 
Mobile malware not just in app stores anymore
 
F-Secure Labs discovered 358 new families and variants of Android malware in the first half of 2013, nearly doubling the total number the Labs has ever discovered to 793. Symbian followed with 16 new families and variants. No new families or variants were discovered on other mobile platforms.
 
Android malware isn’t just distributed by app stores anymore, either. The first half of 2013 saw distribution by ‘malvertising’ and by drive-by downloads while visiting a compromised site.
 
Malvertising, or advertisements that lead users to malicious products, is increasingly being used to distribute mobile malware, due in part to its wide reach.
 
And while still less sophisticated on a mobile than on a PC, drive-by downloads are expected to continue as an attack vector, F-Secure said. Mobile drive-bys use a notification message asking if the user wants to install the app, making them more obvious than PC drive-bys, with the option to circumvent them.
 
Stels, an Android trojan that serves multiple purposes from building up botnets to stealing mobile Transaction Authentication Numbers (mTANs) as a banking trojan, uses methods that are usually characteristic of Windows malware, such as spam as a distribution method.
 
This serves as evidence that Android malware is advancing closer to reaching the highly developed level of Windows threats, F-Secure said.
 
APTs, Bitcoin mining and Mac malware
 
Advanced Persistent Threats (APTs) have been discussed as a major threat to the data security of organisations and industries, and F-Secure Labs said it has now constructed a rough overall picture of the kind of victims APT attackers are targeting.
 
For details on that study of 100 documents used in targeted APT attacks, plus a look at the very lucrative practice of Bitcoin mining and the latest in Mac malware, phishing and more, check out the complete Threat Report H1 2013 .
 
Note: F-Secure Labs said it focuses on counting the numbers of families and variants of malware rather than the number of unique samples. To attempt to avoid detection of their malware, cybercriminals use automation that makes slight changes to malware code, resulting in new malware samples that are fundamentally still the same malware family or variant. Counting families and variants rather than samples provides a more realistic measurement of threats, the company said.
 
Related Stories:
 
Security threats: What to expect in 2013
 
Hackers taking rootkit exploits to the next level: F-Secure (Updated)
 
Mobile and Android malware threats continue to rise
 
Are you prepared for the next threat cycle?
 
 
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.