A new report summarizing the malware and cybersecurity trends for the second quarter of 2012 has been released. The report found the biggest spike in malware samples detected in four years, and illustrates the growing threat faced by mobile devicesparticularly Android mobile devices.
There isnt necessarily anything Earth-shattering in the quarterly report. The fact that its essentially more of the same, with slight variations on themes from previous quarterly reports, however, should be cause enough for concern. The bottom line message is that malicious attacks are a serious threat, and theyre not going away any time soon.
How It Spreads
Malicious websites are a popular method for getting malware out there. An average of 2.7 million malicious URLs were detected each month, pointing to approximately 300,000 bad domains. That works out to about 10,000 new malicious domains being created every day with the express purpose of hosting malware and hijacking unprotected PCs or mobile devices.
Another method of propagating malware is through infected USB thumb drives. Attackers put malicious code in AutoRun files that execute automatically when the thumb drive is inserted into a PC. The malware can then compromise the PC, and seek out other connected drives to infect to continue spreading to new PCs.
Return of Botnets
Botnets have been an ongoing threat for years. Thanks to the efforts of security researchers, and major players such as Microsoft, some of the most dangerous and prolific botnets have been crippled or taken offline entirely.
According to the latest quarterly report, though, the victories are apparently short-lived. Botnet activity is at a 12-month high, and the attackers are continuing to evolve clever new ways of managing and controlling the massive armies of compromised computers. Researchers have found that Twitter is now being used by some botnets to issue commands to infected systems.
The Mobile Frontier
The biggest story in malware right now is mobile malware. The shift from traditional mobile phones that simply made phone calls to smartphones containing gigabytes of data has made the pocket-sized computers a prime target for attackers.
Most people are conditioned at this point to run antimalware or other security software on their PCs, and theyve been trained with the common sense to recognize and avoid many types of attacks. However, that security mindset hasnt yet transferred over to smartphones and tablets, so many people lack adequate protection on their mobile devices.
The fact that many companies are embracing BYOD (bring your own device) and allowing employees to use their own personal mobile devices to connect to network resources and company data raises the stakes and makes mobile devices an even greater risk in many cases.
Sign up for CIO Asia eNewsletters.