The third quarter of the year shone the spotlight on parts of the hidden Internet that would have preferred to remain hidden. Services favored by cybercriminals such as the digital currency Liberty Reserve and the online marketplace Silk Road were all shut down during the quarter. Right after the quarter ended, the notorious creator of the Blackhole Exploit Kit, Paunch, was arrested as well, severely curtailing related spam campaigns.
Cybercrime Continues Unabated
Despite these steps, however, cybercrime continued to grow during the quarter. The number of online banking Trojans detected reached record levels, with more than 200,000 infections reported in the quarter. Three countries – the United States, Brazil and Japan – accounted for over half of these infections.
Figure 1. Number of online banking infections
Mobile Malware Crosses 1 Million Mark
Our 2013 predictions noted that we believed the number of high-risk and malicious Android apps would exceed 1 million sometime in the year. That was exactly what happened this quarter. Premium service abusers remained the most common threat. These sign up users for paid “premium services” without their consent and highlights how mobile malware has become mainstream, continuously growing and affecting more users around the world.
As a sign of the growing maturity of mobile platforms, a major vulnerability was found in Android with correspondingly serious risks. The so-called “master key” vulnerability allowed an attacker to “update” a legitimate app with a malicious version.
Java 6 Becomes a Permanent Threat
Older, unpatched versions of software have always posed serious security risks. This was shown when a new exploit targeting a vulnerability in Java 6 was seen. This came after Oracle officially declared Java 6’s end-of-life (EOL), highlighting the risks of using EOLed software that will no longer receive patches. This serves as a potential preview of what will happen next year, when Windows XP – still in use in many systems and networks all over the world.
Read more about the goings-on in the third quarter in the full report, titled The Invisible Web Unmasked.