With news of cyber-espionage making headlines, enterprises are taking a closer look at the threats that can impact their business and ultimately their bottom line. McAfee Labs has analyzed the threats of the past quarter for emerging trends, which center on mobile and overall malware. With BYOD becoming ubiquitous, threats that once were considered consumer problems are now becoming issues for the enterprise as well. Following are the top six threats to enterprise security. This presentation originated at Information Management magazine.
Attackers use legitimate apps as cover for their malicious code. In the case of KaoSpy, attackers used modified versions of the Kakao talk app and targeted Tibetan activists; this malware is distributed using phishing emails. The malicious spyware collects a large amount of sensitive user information (contacts, call logs, SMS messages, installed applications, and location) and uploads the data to the attackers server. But not all Trojans are so narrowly targeted; BadNews pretended to be a legitimate game app, which in turn collected sensitive user information and sent it to the attacker. As far as BYOD goes, if employees have access to sensitive information, this can be disastrous to an organization.
Mobile spyware, which forwards SMS messages, call logs and location information to the attackers server, has seen a small increase from the previous quarter. For instance, the Android virus Vzw.A" downloads a spyware app from the attackers website. Pretending to be a legitimate font installer app, the downloaded spyware forwards SMS messages, call logs and location information to the attackers server.
An increasing problem in the last couple quarters, ransomware holds a computer hostage until the victim pays to free it. Samples of ransomware this quarter were over 320,000, more than double as many as last quarter. One reason for its exponential growth is that an ecosystem is already in place to help with services such as pay-per-install on computers that are infected by other malware, such as Citadel, and easy-to-use crime packs are available in the underground market.
After peaking during the fourth quarter of 2012, the number of new phishing URLs dropped sharply last quarter, with a modest decrease this quarter. Some of the most heavily targeted companies include Deloitte, Wells Fargo, American Express and JPMorgan Chase.
Database breaches have been dominated by vulnerabilities in MySQL, comprising almost 60 percent of all vulnerabilities discovered during 2013. Although database breaches overall have been on the decline since the fourth quarter of 2012, McAfee says that its too early to deem this a long-term trend.
Browser-based threats, including hidden iframes and malicious Java code, comprise almost three-fourths of the Internets malicious activity. Remote procedure call and SQL-injection attacks, which poison legitimate websites, are the next biggest threats.