• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Looking back at mobile malware and Web attacks from 2014

Looking back at mobile malware and Web attacks from 2014

  • Posted on:December 29, 2014
  • Posted in:Current News, Industry News
  • Posted by:
    Trend Micro
0

Malware, at least as an idea, has a long history. As far back as 1949, applied mathematician John von Neumann formulated a theory of self-replicating automatons, which proved prescient when technical implementations of it became feasible in the 1970s and 1980s. In 1971, computer scientist Robert Thomas created a program called Creeper, which was designed to be an application capable of jumping from one machine to the next. Although it technically did no damage, its design essentially qualified it as the first computer virus.

Malware yesterday and today
Since those early days, malware has proliferated and found its way onto PCs, servers, smartphones and tablets. Moreover, the rise of the Web has made malware distribution and amplification almost trivial, especially compared to the days when the only channels were removable media (i.e., floppies and optical discs) and computers connected the early Internet at a few institutions like the Massachusetts Institute of Technology. The Morris Worm from 1988 was a trailblazer in Internet distribution, which necessitated a brief partition of regional networks in the U.S. and hinted at what was to come.

As we approach 2015, malware is far from a solved cybersecurity issue. If anything, the growth of broadband networking and ubiquitous IP-enabled devices has pulled off the impressive feat of simultaneously raising the stakes for security and affording cybercriminals a wider range of attack options for going after them. Data that was once confined to filing cabinets or Microsoft Excel spreadsheets on a local hard drive is now globally distributed. Everyday interactions such as credit card payments or updating information in an online account are subject to constant pressure.

With that in mind, let’s look back at a where malware went in 2014 and where it may be going in 2015. Web and mobile attacks merit particular attention on this front.

Mobile malware had a big year in 2014
This past year marked a milestone in mobile malware, not only because of the characteristics and overall scale of the threats that emerged, but also because it marked roughly ten years since smartphones became common targets for infection. While the smartphone market wasn’t that large prior to the iPhone’s launch in June 2007, there were devices in mainstream use that attracted the attention of testers and cybercriminals.

The Trend Micro document “A Brief History of Mobile Malware” outlined how, for example, in 2004 a worm was developed for Symbian phones. It was a proof-of-concept that could spread via Bluetooth. A decade – and millions of mobile apps – later, we have more complex issues to wrangle with, such as:

  • Third-party app stores: On Android in particular, unofficial distribution channels remain an issue. The year kicked off with some high-profile fakes of the hit game “Flappy Bird” available outside of Google Play. In March, Trend Micro’s Ryan Certeza highlighted the broader dangers of mobile devices being enlisted into botnets via unsecured app downloads. By December, third-party storefronts were still problematic, as highlighted in Trend Micro TrendLabs Security Intelligence post about a component that downloaded additional apps to an infected device.
  • Imposter Wi-Fi hotspots: Free public Wi-Fi continues to spread, with the number of hotspots potentially approaching 6 million in 2015. Service providers like AT&T and Comcast offer complementary services in many locations, but the old saying about there being no such thing as a free lunch is worth remembering here. In June, Ars Technica documented how easy it would be to spoof a large carrier and gather data from a mobile device, especially since smartphones and tablets typically try to automatically connect to any known Wi-Fi network. There are thousands of hotspots named “xfinitywifi” and “attwifi.”
  • Financial malware continued to come into its own in 2014. Zeus, one of the longest-lived Trojans that targets banking accounts, continued to evolve. It was spotted as a payload in targeted email campaigns that used messages containing no typos or unusual formatting. A URL in the email would direct the recipient to Zeus, demonstrating how sophisticated and high-stakes email phishing has become. Also on the financial front, Bitcoin wallet theft emerged as a novel form of cybercrime and may have accounted for 14 percent of all financial attacks.

Enterprises should be aware of where they could be vulnerable to mobile malware and take common sense steps for reducing risk, such as utilizing endpoint security and articulating clear bring-your own-device policies. Although there is an incredible variety of mobile malware that works at least in concept, it’s important to be level-headed and not become paralyzed by fear.

“In some ways, mobile malware is the Ebola of security,” observed a Damballa blogger in the first entry in a company series on 2015 cybersecurity predictions. “Once infected, the danger is real. But the actual risk of infection is low. If we don’t let [fear, uncertainty and doubt] get the best of us, and we stay diligent about practicing safe device use and management, we can keep that risk low.”

Stakes rise for Web attacks as year draws to a close
Mobile malware, like the mobile space is general, is still young and rapidly changing, so it will take a while until everyone has a mature risk mitigation strategy. The Web, though, is a much older creation and one that continued to be the subject of numerous high stakes attack in 2014:

  • One security firm estimated that over one-third of computer users had been subject to Web attacks in 2014.
  • Distributed denial-of-service attacks reached new heights this past year, with record-breaking attempts against firms like CloudFlare.
  • The Sony Pictures breach showed what could happen when a relatively soft target was overwhelmed by pressure and potentially caught between nation-state actors.

Going into 2015, network security merits plenty of attention in light of the state of Web attacks. Staying ahead of attackers is difficult since it often involves playing defense, but organizations can be proactive with the help of deep discovery and cybersecurity software. Setting priorities – e.g., knowing how much of a threat mobile malware really is – will be key in putting together technical solutions and business strategy.

Related posts:

  1. Mobile malware skyrockets in early 2011, study finds
  2. A look at mobile malware: Worst samples of 2014 and predictions for 2015
  3. Virus and malware outlook 2014: Top samples, infection symptoms and prevention strategies
  4. Year-end Review: 2014’s worst cyber attacks and data breaches

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.