Cloud security vendor Trend Micro Inc. has released its 2011 Q2 report on the state of the cyber security threat landscape that shows an uptick in Android malware and malicious links in Facebook that pose significant risks to enterprises.
Given the Android operating system’s fast growing popularity and relatively open platform, it makes sense for hackers to want to target the lush market, said Ian Gordon, Trend Micro Canada’s marketing and channel chief.
“It’s not surprising that people are going after it and attacking it,” said Gordon.
Nominate yourself or someone you know for ComputerWorld Canada’s IT Leadership Awards
Moreover, the Android platform is not like the closed and protected Apple operating system where it’s trickier to get fake apps in the store. “To get on the Apple store, you have to go talk to Apple,” said Gordon. “But, with Android, it’s a little bit easier to get on that store.”
The popularity of Facebook, too, as a social networking site is encouraging to hackers who are relying a lot on malicious links that appear to have been sent from familiar contacts. “You get a Facebook message from someone who says ‘Go take a look at this link’ … it’s the whole social engineering,” said Gordon.
Trend Micro’s report reveals Microsoft Corp. as the number one vendor targeted by attackers, with Google and Adobe taking second and third place, respectively. However, Apple did not place in the top 10 targeted vendors this time despite being number one in Q1.
Gordon’s recommendation to IT departments is to ensure the choice of security technology includes the sort that can counteract Web threats.
But IT departments these days have the tricky job of balancing the consumerization of IT and the BYOD (bring your own device) trend that sees personal devices becoming commonplace at work.
The dilemma, said Gordon, is whether a black and white approach to banning personal devices and social networking sites, while good for mitigating risk, is the right thing to do given user expectations.
Also in August, McAfee Labs released the results of a long-term analysis of a specific cyber security threat wreaking havoc since 2006 and that has been targeting government and large corporations, including the Canadian government.
The data stolen, here, is more than just the usual financial information. Instead, McAfee Labs said it’s information the likes of national secrets, source code, bug databases, confidential e-mail archives, negotiation plans and legal contracts.
The threat in question—dubbed Operation Shady RAT by McAfee vice-president of threat research Dmitri Alperovitch—has also targeted the U.S., Vietnamese and Taiwanese governments, as well as satellite communications companies, and a U.S. national security non-profit organization.
In his blog, Alperovitch writes that it is still largely unknown what happens to the petabytes of proprietary data stolen from governments and corporations, but the consequence is clear. “… if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation … the loss represents a massive economic threat not just to individual companies and industries but to entire countries,” wrote Alperovitch
Follow Kathleen Lau on Twitter: @KathleenLau