Linsanity, Whitney Houston’s death, and socio-political upheavals around the world gave cyber-criminals new social-engineering campaign material with which to launch their attacks, usually as an email designed to trick the recipient into clicking on a malicious link or opening a malicious attachment. So says an IT security firm in a report.
The beginning of 2012 saw revelations of yet more advanced persistent threats, another increase in malware targeting the Android platform and attacks on popular new platforms such as Pinterest, according to the Trend Micro Q1 2012 Security Roundup Report.
Some of Q1’s most visible events – Linsanity, Whitney Houston’s death, and sociopolitical upheavals around the world – gave cybercriminals new social-engineering campaign material with which to launch their attacks. The attacks still very often arrive as an email designed to trick the recipient into clicking on a malicious link or opening a malicious attachment.
The report also suggests that cybercriminals often keep track of the different attacks within an APT campaign, by means of campaign IDs, in order to determine which individual attack compromised a specific victim’s network. The Luckycat campaign, in particular, attacked a diverse set of targets using a variety of malware, some of which have been linked to other cyber-espionage campaigns.
“Criminals continue to take advantage of new areas of user interest as they arise; whether that be breaking news stories, or new platforms such as Pinterest or the smartphone,” said Rik Ferguson, Director of Research and Communications, EMEA at Trend Micro. “Our research into Luckycat and other APT activity has also revealed the closely interlinked and campaign-based approach below the murky waters of cyber-espionage. Online criminal activity doesn’t show any sign of abating, rather this first quarter serves as a reminder that these people follow very closely the behaviour of their victims and are constantly renewing their modus operandi or their medium.”
Other trends in Q1 2012:
Cybercriminals are capitalising on the growth of Android – Trend Micro identified approximately 5,000 new malicious Android apps in the first quarter.
Apple surpassed Oracle, Google and Microsoft in reported vulnerabilities, with a total of 91. Oracle came in second, with 78; Google, 73; Microsoft, 43. Apart from posting the highest number of reported vulnerabilities, Apple also issued a record-breaking number of patches in March.
New social networking site, Pinterest, gained not just popularity but also notoriety. Users were tricked into “re-pinning” a Starbucks logo to get supposed gift cards but instead got malware.
This quarter’s top spam-sending countries included: India (20 percent), Indonesia (13 percent), South Korea (12 percent), and Russia (10 percent).
Trend Micro will be at InfoSec 2012, Earls Court, London from April 24 to 26 at stand E10.
