Sophos recently made its report available for public consumption. The report contains information about new platforms and changing threats, Blackhole, Java, Android as a target, ransomware is back, OS X and the Mac, cybercriminals taken down in 2012, polymorphic and targeted attacks, and what to expect in 2013.
The report opens immediately covering the Blackhole Exploit Kit's 2.0 growing success, which is a crime pack that is taking advantage of software-as-a-service (SaaS) for cybercriminals to rent time to deliver malware during their campaigns. Blackhole Exploit Kit (BHEK) was found representing 27% of the exploited sites and redirects. Redirects are when legitimate websites become compromised and send the user's Web browser to Blackhole for delivering a polymorphic payload.
As stated in the report, "[Blackhole] combines remarkable technical dexterity with a business model that could have come straight from a Harvard Business School MBA case study." That doesn't bode well for security professionals thwarting off cybercriminals and, even worse, for home users.
The Sophos Security Threat Report will take you through the four stages of the Blackhole life cycle. I also recommend reading "Inside a Black Hole" from SophosLabs.
SophosLabs is hard at work tracking Blackhole to detect the changing exploit kit and to counter Blackhole's detection countermeasures. More details are provided in the report, including advice on how to protect your systems.
In 2012, social media sites such as Facebook, Pinterest, and Twitter, to name a few, are where billions of people flocked to provide their statuses, share media, and market their wares. They also were in the company of cybercriminals looking to socially engineer anyone they can in order to deliver malware or phish user account information. The objectives are clear: to steal personal information and deliver more malware.
Social media attacks won't subside in 2013, and they are targeting mobile platforms even more, primarily Android.
From a mobile malware standpoint, Android has become the biggest target, with 52.2 percent market share.
Gerhard Eschelbeck, Sophos' CTO, wrote in the report foreword: "While malware for Android was just a lab example a few years ago, it has become a serious and growing threat."
SophosLabs compiled the Android Threat Exposure Rate (TER), which found countries such as Australia, the U.S., and Germany having a higher percentage of Android devices that experienced a malware attack than PCs over a three-month period.
The report goes on to discuss examples of Android mobile malware techniques to send SMS messages for profit (Andr/Boxer), escalate privileges (i.e. the INSTALL_PACKAGES permission), join the Android device to a botnet (Andr/KongFu-L), and steal banking information (Andr/Zitmo).
Rooting an Android tablet or smartphone is a popular modification to the device for various personal reasons. SophosLabs says in the report, "Rooting bypasses the built-in Android security model that limits each app's access to data from other apps . It's easier for malware to gain full privileges on rooted devices, and to avoid detection and removal."
If mobile malware has an easier opportunity to gain full privileges on rooted devices, then the best advice is to block root devices from getting onto your protected networks.
Get more facts from the full report by downloading the Sophos Security Threat Report 2013 from Sophos directly, without the hassle of a gated registration page. How nice.
David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger for the award winning Naked Security blog. David talks regularly with technology executives and professionals to help protect their organizations against the latest security threats. Follow him on Twitter at @DSchwartzberg