Malware and Mac attacks at forefront of online threats: report

Internet security software company AVG has unveiled the latest threats to internet users in a new report, with new forms of malware and Mac attacks among the growing list of dangers.


The AVG Community Powered Threat Report is based on the company’s Community Protection Network traffic and data, collected over three months.


In its latest report, AVG says cybercriminals are using their increased knowledge to explore “new markets” to increase revenue from their operations.


“These criminals are performing even more sophisticated attacks in order to steal assets that can later be used to simplify other, more sophisticated attacks,” the report says.


The report reveals trusted malware is continuing to grow at an alarming rate. As digitally signed code unlocks “doors” to enable binary code to execute on a PC, hackers have increased their efforts in stealing digital certificates to sign their malware with it.


“We have detected 53,834 pieces of signed malware in the first five months of the year, compared to 39,102 during the whole of 2010, indicating an increase of over 300%,” AVG says.


“Although in the last few years we have seen many faked digital certificates in use by cyber criminals, the use of stolen legitimate keys is a major trend these days.”


According to the report, Mac users have become an increasingly common target for cyber criminals, as the platform continues to rise in popularity.


“While it may be a new target platform, cyber criminals are using tried and tested social engineering techniques to attack Mac OS users,” the report says.


Increasingly, cyber criminals are using mobile malware to monetise, using premium SMEs and fake apps. According to AVG, monetising techniques via mobile are much easier to operate than those in use on PCs.


“By spamming users to download apps or simply posting them on download stores or markets, the software distribution is easy and scalable,” it says.


The report reveals the rise in SpyEye – the most prevalent malware targeting online banking –means internet banking customers need to remain vigilant. Help protect yourself by remaining up to date with the latest anti-virus software, and changing passwords regularly.


The changing nature of the web has been identified as another growing threat.


“Cyber criminals have clearly been shifting their focus to new markets, with a clear goal on increasing revenue from their operations,” AVG chief technology officer Yuval Ben-Itzhak says.


“The world wide web might as well be re-branded as the world wild web. Our research indicates that hundreds of live servers operating all around the world are active 24/7 to steal users’ credentials for online banking and other private assets.”


“As attack techniques of hackers continue to get more advanced, users need to take action. Security products, with multi-layers of protection, are a must-have to protect against the potentially damaging threats that lurk on the web.”


“The user’s computer platform is becoming irrelevant for these cyber criminals – Windows, Android, Mac and iOS are all targeted now.”


The report comes on the bank of a revelation that Australian businesses suffered more than a quarter of a million cyber security breaches in the first six months of the year.


Attorney-general Robert McClelland told The Australian Financial Review a computer emergency response team alerted businesses to more than 250,000 pieces of “stolen information, including passwords and account details” between June and July.


Earlier this week, McClelland introduced tougher laws to combat cyber crime, including a series of new offences to cover crimes committed via the internet such as fraud and breaches of high-security networks.


Meanwhile, a newly-formed coalition of hacking groups – with a history of attacking Australian targets – has declared cyber war against banks, governments and major corporations.


The two groups at the core of the collective are Anonymous and LulzSec, whose top priority is to “steal and leak classified government information”.


LulzSec recently succeeded in stealing the personal information of millions of customers of Sony and other major organisations.


Notify of
Inline Feedbacks
View all comments