Cybercriminals targeting unlikely sources to carry out high-profile exploits
Cybercriminals continuously discover more ways to successfully target new outlets for financial theft, according to Trend Micro. Greed is motivating cybercriminals to take a non-traditional approach in the selection of unlikely targets, such as advanced threats to Point-of-Sale (PoS) terminals and the exploitation of disasters.
Though well protected, these new targets are in the crosshairs of emboldened cybercriminals around the world.
Trend Micro threat researchers also found that online banking malware continued to thrive with the emergence and modification of new malware families, each with different targets and varying anti-detection techniques. And continuing to grow for the past five years is the number of mobile malware and high-risk apps, which has hit 2 million since the introduction of the Android platform.
“This year’s first quarterly report sheds light into the cyber underground where creative cybercriminals continue to find new opportunities to commit their crimes,” said Raimund Genes, CTO, Trend Micro. “To remain protected against these ever-evolving cyber threats, users must be diligent in using best practices when surfing the Web, especially when conducting online financial transactions.”
Key first quarter findings include:
Mobile threats: The mobile threat landscape continues to grow at an even faster pace than last year as the total number of mobile malware and high-risk apps grew to 2 million this quarter. The explosion of repackaged apps—those that have been maliciously tampered with to pass Android’s’ security features—also contributed to the huge spike in mobile malware and high-risk app volume growth.
Cybercrime and the cybercriminal underground: This quarter’s online banking malware volume significantly dropped from the end of 2013. This year’s first quarter number did not differ much from the same timeframe one year ago, and the high numbers at the close of last year could be attributed to the holiday season when cybercriminals pursue online shoppers.
Targeted attack campaigns and cyber attacks: Reports of PoS system infiltration in the United States, particularly in retail and hospitality, as well as insider threats targeting South Korean credit card companies highlighted the need for customized defense strategies.
Digital life and the Internet of everything: A new-generation of exploits took the app ecosystem by storm this quarter. These apps cater to users’ desire to anonymously share content, send off-the-record messages, and share media. Along with observing more social engineering scams, several devices in the Internet of Everything (IoE) market were scrutinized, as security researchers exposed gaping vulnerabilities.
“Organizations continued to struggle with attacks that were targeted in nature, which could be directly aimed at the energy, financial, healthcare, and retail industries or critical infrastructure,” said JD Sherry, vice president of technology and solutions, Trend Micro. “It came down to a simple equation—high-value targets that promised massive payouts were compromised despite the determined efforts of organizations to protect their valuable information.”