Hackers focus on stealing money, especially via mobiles

Cyber criminals are "obsessed" with stealing money from banking apps and organisations "don't have a clue" where the next advanced attack is coming from, according to authoritative reports released this week.

Hackers focus on stealing money, especially via mobiles
Hackers focus on stealing money, especially via mobiles

A FireEye report on APT attacks reveals that enterprises were hit by an advanced attack every 1.5 seconds on average last year – twice the level recorded in 2012. Advanced attack servers are now found in 206 countries and territories, 81 percent of the entire United Nations.

Dr Kenneth Geers, FireEye senior global threat analyst, warned: “The global scale of the threat has put cyber defenders in the very difficult position of not having any clue where the next attack will come from.”

A separate Kaspersky report on mobile malware is equally sobering. It found 20 times more mobile banking Trojans at the end of 2013 than at the start of the year. “At the beginning of the year we knew only 67 banking Trojans, but by the end of the year there were already 1,321 unique samples,” the report says.

The number of malware apps targeting smartphone and tablet users more than doubled last year. Kaspersky found almost 100,000, up from just over 40,000 in 2012 – and 98 percent of them targeted Android devices.

The report says: “The cyber industry of mobile malware is becoming more focused on making profits more effectively, ie, mobile phishing, theft of credit card information, money transfers from bank cards to mobile phones and from phones to the criminals' e-wallets. Cybercriminals have become obsessed by this method of illegal earnings.”

Rob Miller, security consultant at MWR InfoSecurity, said the report exposes a security ‘blind spot' among users when it comes to their mobile devices.

He told SCMagazineUK.com via email: “For many PC users now, it is common knowledge that we should not be opening and running executable files that are sent to us by email. We understand that this can lead to our PCs being compromised so we take reasonable steps to stay safe online.

“Sadly this sense of responsibility has not been transferred to the phone in our pocket. It is common these days for us to use our phone for all manner of actions that involve sensitive information and financial data. This is leading criminals to shift their focus from PCs to mobile.”

Miller said the Trojans involved are “not particularly impressive or complex” but warned: “It is likely that we will see an increase in this sort of malware in the near future. It is quick to develop, initially difficult for anti-virus to detect and results in a quick profit for its creator. In the future it is likely that mobile malware will become more advanced as it has with PCs.”

David Emm, senior security researcher at Kaspersky, agreed the key to defending against mobile malware is to ensure smartphones and tablets are protected like other endpoint devices.

He told SCMagazineUK.com via email: “People need to be aware that the threat is growing and apply the same ‘online common sense' guidelines as they do for any other type of online activity. Only download apps from trusted sources; be wary of conducting sensitive online transactions using public, untrusted WiFi networks; pay close attention to the permissions that an app requests (if it's a weather app, for example, why would it need access to contacts or your messages?); don't store confidential data on the device longer than is necessary, in case it's lost or stolen; and finally, protect your smartphone with a PIN (at least) and ideally a passphrase.” 

FireEye's Advanced Threat Report

The report tracked 159 distinct APT-associated malware families in 2013 and found:

• The UK was the fifth most targeted country, behind the US, South Korea, Canada and Japan.

• Government, services/consulting, technology and financial services were the most targeted verticals.

• The US, Germany, South Korea, China, Netherlands, UK and Russia were home to the most attack servers.

• In the first half of 2013, Java was the most common zero-day focus for attackers. In the second half, there was a burst of Internet Explorer zero-days used in watering hole attacks.

• Publicly available hacker tools such Dark Comet, LV, Gh0stRAT and Poison Ivy were also used by APTs.

Kaspersky's Mobile Malware Evolution: 2013 Report

The report found that:

• The UK was the fifth most attacked country (3.42 percent of attacks) behind Russia (40.34 percent), India (7.90 percent), Vietnam (3.96 percent) and Ukraine (3.84 percent). Mobile banking Trojan activity is expected to grow in other countries in 2014.

• Over 70 percent of the mobile malware detected in the UK is made up of SMS-Trojans – malicious apps designed to silently sent messages to premium-rate numbers. The remainder comprises RiskTools, adware and monitoring software.

• The most advanced malware programs are Trojans targeting users' bank accounts.

• Mobile Trojans are currently hitting a limited number of bank customers, but cyber criminals are expected to invent new techniques, to expand the number and the geography of potential victims.

Sign up to our newsletters