Brought to you by TrendLabs, Trend Micro’s global threat research & support organization
Trend Micro™ - Securing Your Journey to the Cloud Follow us on Twitter Like us on Facebook Watch our YouTube Channel
FIRST LINE OF DEFENSE - YOUR REGULAR SECURITY UPDATE FROM TRENDLABS

> SPOTLIGHT

Security in 2012: A look back at Q1

Today, ‘Mobile’ has become a technology buzzword. Mobile technology, of course, refers to portable technology, which run the gamut from mobile phones and laptops to global positioning system (GPS) devices. Like any other kind of technology, mobile technology has its disadvantages and concerns, including that of security.

Android under attack

Android-based smartphones suffered from more criminal attacks this quarter. With the increased use of smartphones for web browsing, it is no surprise that the number of mobile attacks increased. The popularity of apps led to the existence of bogus Android apps like the fake ‘Temple Run’ and optimizer apps. One prominent mobile threat this quarter was one-click billing fraud, which can charge a user up to US$1,300 just for clicking a button.

Data breaches and APTs

As the name implies, persistence is key when it comes to Advanced Persistent Threats (APTs). Attackers go deep into a target’s network to get what they want. Highly targeted attacks are categorized as ‘campaigns’, as these refer to a series of failed or successful attempts to compromise a targeted network. One notable example of this is the Luckycat campaign, which targeted several industries. Common lures for targeted attacks this quarter include popular sports figures and sociopolitical events.

Social engineering lures put not only users at risk, but also the companies they work for

Social media threats

Social networking has created a generation of users more likely to reveal personal data to third parties. Social media has become an effective platform for cybercriminals to spread malware. Even more troubling is the fact that the presence of cybercriminals and cunning social engineering lures put not only users at risk, but also the companies they work for. Even newly formed social networking sites were not spared this quarter, with survey scams finding their way to Pinterest.

Vulnerabilities

The number of reported vulnerabilities this quarter showed that threats can easily spread among systems and possibly even mobile devices. One vulnerability, MS12-020 (CVE-2012-002), was given the highest rating on Microsoft’s exploitability index, as it can consistently be exploited even by unathenticated users. MS12-020 allows cybercriminals to remotely execute commands on infected systems.

Among vendors, Apple posted the highest number of reported vulnerabilities this quarter, along with a record-breaking number of patches.

Cybercrimes

Blended threats are cybercriminals’ answer to causing greater damage to unsuspecting users. Ransomware reared its ugly head once more, taking systems or files ‘hostage’ until victims paid up. One SINOWAL variant spread using a compromised Dutch site. Other notable threats included spoofed emails bearing a malicious JavaScript and backdoors that stole sensitive information.

Learn more

For more information, read the Trend Micro quarterly security roundup report, ‘Security in the Age of Mobility’.

QUICKLINKS

SECURITY RESOURCES

FREE SECURITY TOOLS

Forward to a friend
Subscribe to Trend
  Newsletters

Latest threat information
Threat tracker
New Research Paper:
  2011 Threat Roundup Report

HouseCall
Threat Widget
All Free Tools
 
 
 

We appreciate your interest in Trend Micro’s First Line of Defense newsletter. If you would like to receive future Trend Micro product announcements and special offers, please opt-in to our mailing list.

Copyright © 2012 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change without notice.