Social networking scams, exploits, mobile malware, spam and and data breaches top the list of top brewing threats for the first half of this year, computer security firm Trend Micro said. In its Cyber Report for the second quarter of 2011, Trend Micro said that Web threats have evolved from mere viruses to a "serious money game" for cybercriminals who hack for profit. "The war on the web is no longer only about viruses. It's become a serious money game for cybercriminals, and everybody else hooked to the Internet—whether through a PC or even on a smartphone—is a potential victim. If you think you're already equipped with Internet security savvy to protect you from their schemes, think again," it said. It listed at least five looming trends that threaten one's online experience, including:
- Social networking scams
- Vulnerability exploits
- Mobile malware
- Malicious spam runs
- Targeted attacks and data breaches
In the Philippines, Trend Micro's research and development center, TrendLabs, warned the public to be more careful of their computing activities "both on their PCs and mobile devices." "We expect more sophisticated attacks before the end of 2011," it added.
Facebook: 'A minefield of scams' Trend Micro said the biggest trend involves social engineering, using trending or popular terms and topics to catch the interest of unsuspecting users. "What better venue to make use of social engineering tactics than on the most popular network there is, right? Facebook has become a minefield of scams in the recent months, despite the site’s addition of security features," Trend Micro said. It said the use of enticing links to hot news stories, videos and images, intriguing figures like “Nicole Santos" and even links to supposedly special Facebook features like Facebook Messenger has hooked several unsuspecting Facebook users, With the social engineering trick, cybercriminals also tricked the users into spreading their malicious codes and links. The links would lead to malicious sites that have fake antivirus systems, other malware, or phishing sites, or surveys that would give cybercriminals access to private information.
Vulnerability exploits Trend Micro urged users to patch and update their programs and systems regularly as software vulnerabilities are considerably one of the most overlooked security loopholes. Trend Micro noted several targeted attacks exploiting vulnerabilities in programs such as Adobe's Flash Player, Reader, and Acrobat; and even Microsoft's email service Hotmail. "Although software updates might seem pesky and negligible, the same updates could also dictate whether your system is secure or not," it said. * mobile malware With smartphones becoming more powerful and popular, cybercriminals are making a crossover to the mobile realm. Trend Micro noted a spike in the frequency of the mobile threat incidences, especially on the Android platform. "Over the first half of the year, Android malware has been reported to perform a wide range of tasks including stealing personal and device information, downloading malicious application components, and even abusing premium services by making calls and sending messages without the Android owner’s knowledge. These all inevitably cost extra charges for mobile users," it said. * spam Eleven years after the Filipino-authored ILOVEYOU virus made the rounds, spam email with malicious URLs continue to proliferate online. "Targeted attacks like that of the Jasmine Revolution in China, tricked users into downloading a seemingly harmless RTF file that was really a Trojan. Other noteworthy spam made use of URLs which directed users to pages tainted with FAKEAV or fake antivirus software that scare users into downloading a Trojan and purchasing a bogus product," Trend Micro said.
Targeted attacks, data breaches Hacker groups Lulz Security and Anonymous managed to hack sites of corporations and government agencies, stealing data and shaming the targets. But Trend Micro said cybercriminals took this a step further with their attack on the marketing firm Epsilon, released a spoofed tool claiming to help clients determine if their personal information was in the breached systems. The tool turned out to steal more data, it noted. Also, many local hackers claiming to be affiliated with LulzSec surfaced, spurring recent reports of government website defacements.
Positive developments However, Trend Micro also noted "wins" involving impressive takedowns in the second quarter of 2011. It participated in the takedown of a CARBERP command-and-control (C&C) server, which had been stealing personal information from users worldwide since early 2010. Also, Trend Micro helped block malicious URLs throughout and was placed on Microsoft's leader board for the seventh straight month in a row. "We also witnessed the successful takedown of CoreFlood botnet by the U.S. DOJ and FBI," it said. It also noted the Japanese Parliament approved the revised Cybercriminal Law, which will start penalizing malware writers who create malicious wares without legitimate reasons and/or for the purpose of running these on others' systems without their consent.
— TJD, GMA News 
GMA Brandtalk
Tracking
Archives
