ESET: Trends for 2013: Astounding growth of mobile malware

/Home/Internet Security: Blogs/Internet Security: ESET blog

Introduction

At the end of each year, ESET Latin America's Lab prepares a document about trends in malware, cybercrime and other types of malicious computer attacks, based on what has been observed and analyzed throughout the current year. It is important to point out that by a trend we mean a projection performed by the company according to the present state of computer threats and cybercriminal behavior.

This is the background to the investigation we carry out in order to predict the way IT security is most likely to evolve during the coming year. Even while this report was being written, the trends have continued to change. For example, the main trend for 2010 was “Crimeware Maturity”, for 2011 “Botnets and Dynamic Malware”, and for 2012, “Malware Goes Mobile”. Even though all these issues are related to each other, and although behind each one of them there is always the pursuit of financial revenue by cybercriminals, it is quite noteworthy when a single trend experiences such high growth in such a short period as has happened with the mobile malware phenomenon.

During 2012 it was possible to observe how malicious programs designed for Android consolidated their position as a fundamental objective for cybercriminals, who, facing a market that grows by leaps and bounds, have started to generate malware that targets these devices much more quickly.

During the First Quarter of 2012, according to IDC, the Google operating system has recorded a year-over-year rise of 145% in market share and in sales. Furthermore, Juniper Research estimates that in 2013, the number of users accessing banking services from their smartphones will rise to 530 million people. According to the same study, in 2011 there were only 300 million individuals who accessed banks from their phones. In this context of growing sales and different patterns of use, and considering the rapid evolution both of this technology and of malicious programs for mobiles during 2012, we see as the main trend for 2013 an exponential growth of mobile malware. We also see them becoming more complex, thus expanding the range of malicious actions they perform on an infected device.

In 2013 we also expect to see the consolidation of a paradigm shift that has been developing in recent years: that is, in the ways in which cybercriminals propagate malicious code. Malware propagation by means of removable storage devices is decreasing in favor of the use of an intermediary in order to attract new victims. The intermediary is a web server that has been compromised by a third party in order to host computer threats. Having compromised the server, cybercriminals send out hyperlinks leading the user to the malware in question. At the same time all the stolen information has to be stored on these compromised servers to so as to avoid involving personal computers which may be better protected and where detection and cleaning of malware may result in the criminals losing their stolen data.

Taking all this into account, what trends will we see next year? The purpose of this report is to provide clarification and answers to this question so that both corporate and home users can adopt the measures necessary if they are to be properly protected against the latest computer threats.

Click the URL above to read the full whitepaper