Top 10 security threat patterns

The type and variety of network and application security threats continues to change, according to the latest quarterly report from Trend Micro. Multiple Bitcoin exchanges were hit and, following up on last fall’s attack on Target, more point-of-sales terminals were attacked. Here’s 10 of the latest developments that were found in the data. Images from Shutterstock.

Bitcoin holders get bit
The digital world is ripe for exploitation, so why not digital currencies? This March, for instance, BitCrypt, an addition to ransomware threats, stole various cryptocurrency wallets, including Bitcoin wallets. MtGox, Flexcoin, new Silk Road, and Poloniex are among the exchanges that have recently been robbed. With 12 million Bitcoins in existence they are a natural target, but the result is a devaluation of the currency.


No escape with mobile
Bitcoin-mining malware exhibited new abilities and routines this quarter. They have started targeting mobile devices with the emergence of a malware family Trend Micro detects as ANDROIDOS_KAGECOIN. HBT, which installed cryptocurrency miners into infected devices. These allowed cybercriminals to use infected mobile devices’ computing resources to mine for Bitcoins, Litecoins, and Dogecoins.

SLIDE SIZE man with smart phone

Attacks on online banks continue
Online banking malware continued to rise. In Q1 of this year over 116,400 variants were found compared to 112,980 in Q1 of 2013. Another way of looking at it, in January of this year there were just over 39,300 variants. The total slipped in February but hit 44,671 in March. A BANLOAD variant was discovered that useds a different infection approach— checking for security plug-ins before executing malicious routines.


Ransomware gets honed
During the quarter already-widespread ransomware went through even more advancements after cybercriminals seemed to have figured out their global “appeal.” Scaring people into submission proved effective no matter where the victims resided. Case in point: In February, a CryptoLocker-like ransomware targeted users in Hungary and Turkey.

SLIDE SIZE suitcase with cash, ransom SHUTTERSTOCK

No place to hide
Tor’s main purpose as a worldwide network of servers is to foster online privacy. The cloak of anonymity Tor provides, however, also made it an attractive platform for cybercriminals. In. March CRIGENT used Windows. PowerShell to spread through scripts before downloading two well-known online anonymity tools, one of which involved the Tor network.


More zero-day exploits
Various zero-day exploits were found this quarter for a mix of browser, browser plug-in, and other software vulnerabilities including Microsoft Word, Internet Explorer 9 and 10. Adobe Flash was exploited to spread PlugX, a remote access tool.


Cheap exploit
The number of mobile malware and high-risk apps hit 2 million this quarter. One reason for the volume growth could be the growing demand for malicious tools and services that can be used to create and distribute mobile malware underground. One such tool, DENDROID—a remote administration tool—made it convenient to Trojanize legitimate mobile apps for a mere US$300.


Assault on Android continues
Another sign that today’s mobile threat landscape has matured was a spike in the number of vulnerabilities found in the Android platform. In March, Trend Micro analyzed an Android bug that affected versions 4.0 and above, which could be used to trap devices in an endless cycle of reboots, rendering them unusable. Also discovered was a vulnerability that put at least 10,000 apps at risk of leaking user data by bypassing certain customized device permissions.

SLIDE SIZE Google mobile screen SHUTTERSTOCK

Terminal attack
Seven times more PoS malware were seen in the first quarter of 2014 compared with the whole 2013. -In recent months, we identified several PoS malware families that could scrape and send credit card information to attackers. ALINA or Trackr, for instance, scanned systems’ memory to check if their contents match regular expressions, which indicate the presence of card information that could be stolen. Other destructive PoS malware include FYSNA, which is known for using the Tor network, and vSkimmer or HESETOX, which uploaded stolen data to C&C servers


Bad news, good news
Canada is in the top 10 of countries where malicious URLs originate. But it has a mere 1 per cent of the sites, compared to 22 per cent from the U.S. Other countries also pale by comparison — France, Japan and the Netherlands tie for second with 3 per cent.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Slideshows

Top Tech News