Scamming still works better than mobile malware: Symantec

With larger and more frequent data breaches, online scammers are able to rely on existing techniques, and have no need yet to move into the realm of mobile malware.
Written by Chris Duckett, Contributor

Targeted attacks have continued to rise throughout 2013, with Symantec's latest Internet Security Threat Report saying that while the number of emails used in phishing campaigns has decreased, the number of spear-phishing campaigns rose by 91 percent, and lasted longer than those conducted in 2012.

The report dubbed this tactic the "low and slow approach", and said that it indicated that scammers have tightened their targeting and increased their online and real world use of social engineering to increase the number of successful attacks.

Peter Sparkes, Symantec director of managed security services, Asia Pacific Japan, said that the attacks were all about identity theft, and mirrored the findings from a recent Juniper report that the security black market was sophisticated and used for identity trading.

Sparkes said that the target for identity theft in businesses was moving down the organisational heirachy, to the people that inform others in the business.

"[In] the targeted attack space against business, they're actually not targeting the executives, a lot of the time they'll target people like the PA or PR," he said. "The reason is that their information is a lot easier to access ... these are the people that are the gatekeepers for information. So they are more willing to open an email or click on a link because they are the people that filter information to the executives."

Although Symantec reported that only 50 percent of mobile users take basic security precautions, and malware authors spent 2013 improving existing malware rather than creating new malware families, Sparkes said the focus for scammers remain in tried and true techniques.

"I do think that most people now have been affected by mobile scamming rather than malware — that's because they are making so much money, there's no need to go into any more sophisticated attacks."

"I think we'll see, as the sophistication of the device, and the sophistication of the users increase, just like we've seen in the normal PC world, we'll start to see a lot more variance in attacks in the mobile world too."

The report found that most malicious code for mobile devices is trojan apps that pose as legitimate ones.

Symantec said that the total number of identities exposed due to data breaches jumped by 493 percent from 93 million in 2012, to 552 million in 2013 — the largest of which exposed 150 million people.

Showing the weighting of breaches to the extremes, the average number of persons affected by data breaches went up from 605,000 to 2.2 million, and the overall number of breaches increased, the median number of identities exposed decreased by 19 percent.

"Eight of the breaches in 2013 exposed more than 10 million identities each," the report said. "In 2012 only one breach exposed over 10 million identities. In 2011, only five were of that size."

Symantec said that actions against botnets resulted in less spam for 2013 compared to 2012. The overall percentage of email that was spam decreased from 69 percent to 66 percent, the estimated daily global volume of spam reduced by 1 billion emails to 29 billion, and the number of botnet-infected computers reducing from 3.4 billion in 2012 to 2.3 billion in 2013.

While the ratio of pharmaceutical spam was down, the percentage of adult spam increased from 55 percent of spam in 2012 to 70 percent in 2013, and could result in the creation of offshored call centre jobs.

"These are often email messages inviting the recipient to connect to the scammer through instant messaging, or a URL hyperlink where they are then typically invited to a pay-per-view adult-content web cam site," the report said. "Often a bot responder, or a person working in a low-pay, offshore call center would handle any IM conversation."

For zero-day vulnerabilities, Symantec reported 23 new zero-days during 2013, which was a 61 percent increase for the year. Of that number, five of the zero-days were for Java, and 97 percent of attacks using zero-day vulnerabilities took advantage of Java's quintet of flaws, which took an average of 19 days from publication to a patch being available to fix, which was almost five times the average time to patch a zero-day.

The 23 zero-day vulnerabilities discovered represent a 61 percent increase over 2012 and are more than the two previous years combined.

97 percent of attacks using exploits for vulnerabilities initially identified as zero-days were Java-based. The total time between a zero-day vulnerability being published and the required patch being published was 19 days for the top-five most-exploited zero- day vulnerabilities. The average time between publication and patch was 4 days.

Ransomware saw a 500 percent increase over 2013, and Symantec said that SMBs and consumers are most at risk from this style of attack.

"Holding encrypted files for ransom is not entirely new, but getting the ransom paid has previously proven problematic for the crooks," the report said.

"With the appearance of online payment methods, ransomcrypt is poised for growth in 2014."

Sparkes said that only about 3% of affected users have decided to pay Cryptolocker to release their files.

Editorial standards