Tuesday, March 4, 2014

[computerweekly] Web-based attacks double in 2013, study finds

Web-based malware attacks doubled in the second half of 2013 in comparison with the first half, according to the latest threat report from F-Secure Labs.
Threats targeting Google’s Android mobile operating system accounted for 97% of mobile threats for the whole year, the report revealed.

Web-based attacks represented 26% of detections, followed by the Conficker worm with 20%.Web-based attacks, which typically involve techniques that redirect the browser to malicious sites, were the most commonly reported type of attack for the period covered by the report.
The three most common exploits detected during the period were all Java-related. Java exploits, however, declined compared with the first half of 2013.

The majority of mobile threats in 2013 were directed at the Android platform, which racked up 804 new families and variants, compared with only 238 new Android threats in 2012.Mac malware continues a slight but steady increase, with 51 new families and variants detected in 2013.
The remaining 3% of mobile threats were directed at theSymbian platform, with no threats detected against any other platform. 
The top 10 countries reporting Android threats saw a little over 140,000 Android malware detections. Most reported detections came from Saudia Arabia (42%) and India (33%). European countries accounted for 15% and the US 5%.  
F-Secure used the publication of the report to reiterate the security firm’s policy of no tolerance for governmental malware and mass surveillance.The report noted that because the Android platform itself has relatively few vulnerabilities, the main distribution method is still compromised apps downloaded via third-party app stores.
“It has always been F-Secure’s policy to detect any malware, regardless of its source,” the company said.
Mikko Hypponen (pictured), chief research officer at F-Secure Labs, said governmental surveillance is not about governments collecting the information people are sharing publicly and willingly.
“It is about collecting the information you do not think you are sharing at all. Just because it can technically be done does not make it right,” he said.

No comments:

Post a Comment