Financial attacks migrate to other sectors, McAfee finds

Cyber attacks originally crafted to target the financial services industry are migrating to other sectors, says security firm McAfee.

Cyber attacks originally designed to target the financial services industry are migrating to other sectors, says security firm McAfee.

The security firm’s latest threat report also warns of an emerging set of tactics and technologies that are being implemented to evade industry-standard security measures.

Password-stealing trojans and advanced persistent threats (APTs) such as Operation High Roller continued to proliferate in the last three months of 2012 the report said.

Researchers at the firm note an expansion of such attacks to government, manufacturing and commercial transaction infrastructure targets.

“We are seeing attacks shifting into a variety of new areas, from factories, to corporations, to government agencies, to the infrastructure that connects them together,” said Vincent Weafer, senior vice president of McAfee Labs.

“This represents a new chapter in cybersecurity in that threat-development, driven by the lure of financial industry profits, has created a growing underground market for these cybercrime weapons, as well as creative new approaches to thwarting security measures common across industries,” he said.

Based on data from McAfee’s Global Threat Intelligence (GTI) network gathered in the last three months of 2012, the McAfee Labs team of 500 researchers identified five key trends:

First, they found that more industries are being targeted.

As a group, unique password-stealing trojans grew 72% in Q4 as cybercriminals realised that user authentication credentials constitute some of the most valuable intellectual property stored on most computers.

These trojans are increasingly appearing within customised threats or combined with other “off-the-shelf” threats available on the internet, the report said.

Researchers found that the Citadel Trojan’s information stealing capabilities are being deployed beyond the financial services sector.

Second, Web threats are shifting from Botnets to malicious links (URLs).

Malicious URLs are replacing botnets as the primary distribution mechanism for malware, the researchers found.

An analysis of web threats found that the number of new suspicious URLs increased by 70% in Q4. New suspect URLs averaged 4.6 million a month, almost doubling the previous figure of 2.7 million a month for the preceding six months.

Some 95% of these URLs were found to be hosting malware, exploits or code designed specifically to compromise computers.

Researchers said the decline in the number of infected systems controlled by botnet operators is driven in part by law enforcement efforts to bring botnets down, but probably more by the declining appeal of the botnet business model.

Third, there is an increase in the number of infections beneath the operating system (OS).

The volume of malware related to the Master Boot Record (MBR) climbed 27% to reach an all-time quarterly high.

These threats embed themselves deep within the PC system storage stack, where standard antivirus solutions cannot detect them.

Once embedded, they can steal user information, download other malicious software, or use the infected PC’s computing power to launch attacks against other PCs or networks.

While MBR attacks represent a relatively small portion of the overall PC malware landscape, McAfee Labs expects them to become a primary attack vector in 2013.

Fourth, malicious signed binaries are being used to circumvent system security.

The number of electronically-signed malware samples doubled over the course of Q4. Researchers said this indicates that cybercriminals have decided that signing malware binaries is one of the best ways to circumvent standard system security measures.

Fifth, mobile malware continues to increase and evolve.

The number of mobile malware samples discovered by McAfee Labs in 2012 was 44 times the number found in 2011, meaning 95% of all mobile malware samples appeared in the last year.

Researchers said cybercriminals are dedicating most of their efforts to attacking the Android mobile operating system, with an 85% jump of new Android-based malware samples in Q4.

The motivation for deploying mobile threats, the report said, is rooted in the inherent value of the information found on mobile devices, including passwords and address books, as well as new “business” opportunities that are not available on the PC platform.

These opportunities include Trojans that send SMS messages to premium services, then charge the user for each message sent.


McAfee warns of NFC threat to mobiles

McAfee Focus 2012: McAfee to help secure nuclear plants

McAfee Focus 2012: McAfee evolves to enable orchestrated defence

McAfee Focus 2012: NAC supplier ForeScout joins McAfee SIA scheme

McAfee Focus 2012: Xerox, McAfee partner on embedded security threat

C2000 adds McAfee to software distribution service

McAfee reports largest malware spike in four years

Security needs to be integral part of life, says McAfee

Security data exchange: if McAfee builds it, will they come?

Read more on Hackers and cybercrime prevention