• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   2Q Security Roundup: Mobile Flaws Form Lasting Security Problems

2Q Security Roundup: Mobile Flaws Form Lasting Security Problems

  • Posted on:August 6, 2013 at 4:00 am
  • Posted in:Bad Sites, CTO Insights, Malware, Mobile, Vulnerabilities
  • Author:
    Rowena Diocton (Technical Communications)
0

roundupCheck out the TrendLabs 2Q 2013 Security Roundup.

Threats on mobile platforms, devices, and applications have been swelling up over the past years; but this quarter, they have finally gone full throttle. Cybercriminals have found more sophisticated ways to bypass mobile security, and it’s not just through malicious applications anymore.

Android Updates Lag, Users Suffer Critical Flaws

Proof of the Android “Master Key” vulnerability rose with the discovery that cybercriminals can exploit the flaw to update original apps with malicious ones. The multicomponent OBAD malware, on the other hand, exploits an administration flaw to run complex stealth and propagation routines.

Patching these critical vulnerabilities is proving to be a problem given the sluggish Android update process. Android’s fragmentation issue pushes security patches through slow manufacturer-developer paths before reaching users.

To add to these, the malicious and high-risk Android app total continues to break records with this quarter’s 718,000 count. Users of the OS can expect that cybercriminals will continue in pursuit knowing that in just six months, malware apps have increased by 350,000—a feat that once took three years to achieve.

PC-Mobile time comparison
Timeline comparison of Android and Windows malware

This quarter’s mobile events are sure to cause lasting security problems. It doesn’t help that the mobile experience involves a large human factor involvement, from which many disastrous insecure habits are formed.

Online Banking Malware Up, More Threats Revamped

This quarter’s online banking threat count increased by nearly a third compared to last quarter. These threats claimed most of their victims from the United States, Brazil, Australia, and France.

Many of the big threats known to the industry return with revamped schemes and tricks. Looking at the underground market, experts saw malware kits pricing decrease over time. Some, like SpyEye, are even being bundled free if you buy other known kits. The Blackhole Exploit Kit (BHEK) uses a new FAREIT malware variant which is known to steal file transfer protocol (FTP) credentials and any personal information on a target computer. Targeted campaigns, like Safe, continue to attack enterprises. Server-side applications, Plesk, Ruby on Rails, and ColdFusion®, had vulnerabilities exploited. Social engineering threats now target multiple account access services, as Digsby, and use numerous blogging platforms as fake streaming pages.

These changes in the threat landscape call for proactive, clear-cut, and custom defense solutions. Find out more about this quarter’s mobile, cybercrime, APT, and other threats through our TrendLabs 2Q 2013 Security Roundup, Mobile Threats Go Full Throttle: Device Flaws Lead to Risky Trail. Check out key findings from all the research done in Q2, and learn more about all the details in our full report.

Trend Micro CTO Raimund Genes further discusses important points about the Security Roundup below.

Don’t forget to join our Facebook and Twitter discussions using the hashtags, #trendlabsroundup and #2Qlabnotes!

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: 2qlabnotesmobile threatssecurity rounduptrendlabsroundup

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.