The key highlights from the AVG Q4 2012 Threat Report are:
1) The Blackhole exploit kit dominated malware in 2012, accounting for 49% of attacks detected. It is a sophisticated, powerful, and heavily obfuscated exploit kit.
2) During 2012, mobile device penetration increased dramatically. Android is the most popular mobile OS, and thus attacks targeting Android have increased. Over 3.9 million mobile threats were detected by AVG in Q4 2012.
3) Exploit toolkits accounted for 60% of attacks in 2012. Established cybercriminals are creating commercial exploit toolkits that less technical criminals can use, fueling the rise in toolkit attacks.
The document analyzes application usage and cyber threats across over 5,500 organizations. It finds that while common sharing applications like email, social media and file sharing represent a high percentage of total applications and bandwidth used, they account for a relatively low percentage of observed threat activity. Specifically, these applications delivered 32% of threats but exhibited only 5% of threat activity. The majority of threats instead were concentrated in a small number of "workhorse" applications. Code execution exploits that allow malware installation were the most common threat type delivered via common sharing applications.
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
In 2012, cybercriminals increasingly targeted mobile devices like Android smartphones and embraced new platforms beyond PCs. The number of Android malware grew explosively to over 350,000, mirroring the growth of the Android OS. Data breaches and targeted attacks continued at an alarming rate, with the cost of the Global Payments breach reaching $94 million. Cybercriminals also refined existing attack methods, with ransomware, automatic transfer systems, and the Blackhole Exploit Kit all becoming more sophisticated. While zero-day vulnerabilities still emerged, attackers also effectively exploited older vulnerabilities since many systems remained unpatched.
Malware poses a serious and growing threat to organizations. Viruses, worms, spyware and other malware are becoming more sophisticated and adept at evading traditional defenses. A single integrated platform like VIPRE Antivirus Business that provides high-performance malware detection across multiple threat types with minimal system impact may be needed to effectively address the new wave of malware.
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
1. The document presents HoneypotLabsac, a virtual honeypot framework for Android that aims to learn more about targeted mobile device attacks.
2. The framework allows emulating services like telnet, HTTP, and SMS to collect log data from interactions without compromising the actual device.
3. HoneypotLabsac generates log files of all emulated service connections and SMS messages, stores them on the device, and sends them periodically to a log server for analysis.
The unprecedented state of web insecurityVincent Kwon
The document summarizes security trends from IBM's X-Force research and development team. It discusses the increasing sophistication of cyber attacks, vulnerabilities in web browsers and document readers, the rise of exploit kits and malware creation tools, and challenges in keeping pace with evolving threats through rapid patching and detection techniques.
Information security is the process of protecting digital information and systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. The document discusses challenges to information security like identity theft, malware, patch management failures and distributed denial of service attacks. It provides best practices for protecting digital assets such as using antivirus software, updating systems, and implementing personal firewalls and wireless security measures. There is a growing need for information security professionals to address issues around security, education and workforce development.
The document summarizes mobile threat data from January to June 2018. It finds that every customer saw mobile OS threats, MITM attacks increased over the last half of 2017, and one in three devices detected a mobile threat. Specific threats discussed include Meltdown and Spectre CPU vulnerabilities, vulnerabilities in Apple's Bluetooth daemon, the ZipperDown app vulnerability affecting 100 million iOS users, cryptojacking malware, and threats from unpatched vulnerabilities, malicious apps, and network attacks like MITM and rogue access points.
Mobile malware targeting Android devices has surged 400% since 2010 according to a recent report. Hackers are taking advantage of users who download apps from unknown sources and do not use mobile security software. As more users adopt smartphones running major platforms like Android and iOS, these devices are becoming increasingly attractive targets for attackers. This is driving increased spending on mobile security solutions as software companies and mobile operators recognize the business opportunity in helping users protect their devices.
The document analyzes application usage and cyber threats across over 5,500 organizations. It finds that while common sharing applications like email, social media and file sharing represent a high percentage of total applications and bandwidth used, they account for a relatively low percentage of observed threat activity. Specifically, these applications delivered 32% of threats but exhibited only 5% of threat activity. The majority of threats instead were concentrated in a small number of "workhorse" applications. Code execution exploits that allow malware installation were the most common threat type delivered via common sharing applications.
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
In 2012, cybercriminals increasingly targeted mobile devices like Android smartphones and embraced new platforms beyond PCs. The number of Android malware grew explosively to over 350,000, mirroring the growth of the Android OS. Data breaches and targeted attacks continued at an alarming rate, with the cost of the Global Payments breach reaching $94 million. Cybercriminals also refined existing attack methods, with ransomware, automatic transfer systems, and the Blackhole Exploit Kit all becoming more sophisticated. While zero-day vulnerabilities still emerged, attackers also effectively exploited older vulnerabilities since many systems remained unpatched.
Malware poses a serious and growing threat to organizations. Viruses, worms, spyware and other malware are becoming more sophisticated and adept at evading traditional defenses. A single integrated platform like VIPRE Antivirus Business that provides high-performance malware detection across multiple threat types with minimal system impact may be needed to effectively address the new wave of malware.
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
1. The document presents HoneypotLabsac, a virtual honeypot framework for Android that aims to learn more about targeted mobile device attacks.
2. The framework allows emulating services like telnet, HTTP, and SMS to collect log data from interactions without compromising the actual device.
3. HoneypotLabsac generates log files of all emulated service connections and SMS messages, stores them on the device, and sends them periodically to a log server for analysis.
The unprecedented state of web insecurityVincent Kwon
The document summarizes security trends from IBM's X-Force research and development team. It discusses the increasing sophistication of cyber attacks, vulnerabilities in web browsers and document readers, the rise of exploit kits and malware creation tools, and challenges in keeping pace with evolving threats through rapid patching and detection techniques.
Information security is the process of protecting digital information and systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. The document discusses challenges to information security like identity theft, malware, patch management failures and distributed denial of service attacks. It provides best practices for protecting digital assets such as using antivirus software, updating systems, and implementing personal firewalls and wireless security measures. There is a growing need for information security professionals to address issues around security, education and workforce development.
The document summarizes mobile threat data from January to June 2018. It finds that every customer saw mobile OS threats, MITM attacks increased over the last half of 2017, and one in three devices detected a mobile threat. Specific threats discussed include Meltdown and Spectre CPU vulnerabilities, vulnerabilities in Apple's Bluetooth daemon, the ZipperDown app vulnerability affecting 100 million iOS users, cryptojacking malware, and threats from unpatched vulnerabilities, malicious apps, and network attacks like MITM and rogue access points.
Mobile malware targeting Android devices has surged 400% since 2010 according to a recent report. Hackers are taking advantage of users who download apps from unknown sources and do not use mobile security software. As more users adopt smartphones running major platforms like Android and iOS, these devices are becoming increasingly attractive targets for attackers. This is driving increased spending on mobile security solutions as software companies and mobile operators recognize the business opportunity in helping users protect their devices.
Commercial Cyber Crime - Social Networks MalwareAditya K Sood
Social networks are vulnerable launch pads for malware infections due to insufficient security protections. Attackers can exploit human emotions and curiosity to spread malicious content through social networks. Common techniques include injecting malicious URLs or exploiting browser vulnerabilities to download malware. The lack of URL scanning, warning mechanisms, and user knowledge about authenticity make social networks easy targets for these types of attacks.
This document summarizes predictions for cyber threats in 2013 from McAfee Labs researchers. They predict:
- Mobile worms that buy malicious apps and steal payment info using NFC. Malware that blocks security updates on phones. Ransomware "kits" for mobile.
- Covert, persistent attacks targeting below the kernel of Windows. Rapid development of ways to attack the new Windows 8 and HTML5.
- Large-scale infrastructure attacks like Stuxnet. Highly targeted attacks using the Citadel Trojan to evade detection. Malware that reconnects after botnets are taken down.
Malware detection techniques for mobile devicesijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most the needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to
the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In
this paper, we will study and analyze different malware detection techniques used for mobile operating systems. We will focus on the to two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
The document discusses the need for information security professionals and provides an overview of information security. It describes how connecting to the internet exposes computers to risks from malicious actors. It then covers key topics in information security including identity theft, malware, patch management failures, and distributed denial of service attacks. The document concludes by recommending best practices for protecting digital assets such as using antivirus software, firewalls, and keeping systems updated with the latest patches.
The document summarizes Trend Micro's 2012 Mobile Threat and Security Roundup. It found that in 2012 there was a significant increase in detected Android malware, reaching 350,000 samples by year's end. Premium service abusers that charge users fraudulent fees were the most common mobile threat. The document also notes that threats are increasing in sophistication, with cybercriminals developing new methods of attacking users beyond traditional social engineering. As Android grows in popularity, it faces similar threats to what Windows faced as the dominant desktop platform.
Storm was a significant web threat in 2007 that spread through successive waves using various techniques. It combined aspects of viruses, worms, and botnets to infect hundreds of thousands of computers and send massive amounts of spam. The document analyzes data on Storm malware detections and spam volumes to correlate them with the timeline of Storm's attacks throughout 2007. It finds that each wave resulted in initial suppression of malware detections followed by peaks in detections and sustained high spam volumes.
Maximize Computer Security With Limited RessourcesSecunia
Presentation from Stefan Frei on how patches are an effective method to escape the arms race with cybercriminals. The majority of vulnerabilities have patches ready on the day of disclosure, which means that the right patch strategy is evident to maximize risk reduction.
The document discusses the challenges of combating computer viruses given their ability to spread rapidly. It notes that a single virus writer can trigger a chain reaction that infects thousands of computers. Recent viruses like SoBig demonstrated this danger, with one version found in half of all emails scanned. While some blame careless users, the document argues users are overwhelmed by the complex tech landscape. It also discusses challenges faced by administrators and software companies in keeping systems fully protected given the difficulties of eliminating all vulnerabilities from hugely complex programs like Windows.
Symantec's Internet Security Threat Report, Volume 18 revealed a 42 percent surge during 2012 in targeted attacks compared to the prior year. Designed to steal intellectual property, these targeted cyberespionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.
- Cybercrime profits drove cybercriminals to shift techniques in 2013 away from attachments towards malicious links as anti-spam measures improved. Ransomware targeting desktop computers also increased.
- Overall malware and spam levels decreased in 2013 from 2012 levels as botnets were disrupted, though mobile malware targeting Android devices significantly increased.
- Web security threats rose in 2013 as more websites were compromised to host exploit kits and malware, with education sites most commonly hacked. Current events were increasingly used to lure users to infected websites.
Healthcare forum perry-david m-everything you know is wrong!ISSA LA
This document discusses the challenges of educating users about cybersecurity threats. It notes that users are often the weakest link due to lack of understanding, and that simply patching systems is not enough. The document advocates focusing on user education to help users understand what assets need protection, common threats, and how to identify compromises or when protection measures are working. It acknowledges that providing this education is difficult given the complexity of technology and threats, as well as changing user understanding over time.
The document discusses cyber security threats and vulnerabilities. It provides statistics on malware attacks, vulnerable areas when online, and costs of cyber crimes. Emerging technologies like moving target and remote agent technologies are aimed to constantly change networks and monitor security, but collective global measures are still needed to maximize security as cyber attacks can significantly impact individuals, organizations, and entire economies.
The document discusses several guidelines for improving operating system security:
1) It provides tips for securing Windows systems such as enabling BitLocker, creating strong passwords, applying updates, and using the Windows firewall.
2) It explains how malware can propagate through email attachments, infected websites, USB drives and other methods.
3) Mac malware was previously rare but is becoming more common as the Mac market share increases, potentially validating a previous security prediction.
Contending Malware Threat using Hybrid Security ModelIRJET Journal
The document proposes a hybrid security model to combat malware threats across different types of IT systems. It analyzes positive and negative security models and their advantages and disadvantages. A hybrid model is proposed that uses a combination of whitelisting, blacklisting, firewalls, antivirus software and other tools depending on the system type. For example, corporate systems would use application whitelisting to only allow approved enterprise apps, while home systems rely more on antivirus and firewalls for flexibility. The goal is to provide effective security tailored to each system's environment and business needs.
Review on mobile threats and detection techniquesijdpsjournal
Since last-decade, smart-phones have gained widespread usage. Mobile devices store personal details
such as contacts and text messages. Due to this extensive growth, smart-phones are attracted towards
cyber-criminals. In this research work, we have done a systematic review of the terms related to malware
detection algorithms and have also summarized behavioral description of some known mobile malwares
in tabular form. After careful solicitation of all the possible methods and algorithms for detection of
mobile-based malwares, we give some recommendations for designing future malware detection algorithm
by considering computational complexity and detection ration of mobile malwares.
The document summarizes key findings from IBM's 2009 X-Force Trend & Risk Report. It found that vulnerabilities in document readers like Adobe PDF surpassed those in office documents. Most web-based exploits targeted vulnerabilities in Adobe products via toolkits. The US continued to host many malicious websites, while new malicious links increased 345% from 2008.
In the first six months of 2012, the malware landscape remained relatively constant, with Trojan.AutorunInf, Win32.Worm.Downadup and Exploit.CplLnk as the top three e-threats worldwide. The first two pieces of malware are more than four years old and, even though the vulnerabilities that allow them to infect systems have been addressed, they still claim victims.
The Android operating system continued to be the primary target for mobile malware in 2012, with the number of malware attacks more than doubling from 2011. Cybercriminals expanded beyond China and Eastern Europe to target consumers in the United States, Saudi Arabia, and other markets. One of the most profitable trends for cybercriminals was combining mobile malware with social engineering techniques like phishing and smishing to steal users' financial information.
Mobile security is a growing issue, with the increased uptake of smartphones and tablets. Learn what risks exist and how you can protect your devices from malware and data loss.
As if running a business isn't hard enough!
AVG (AU/NZ)'s Security Advisor, Michael McKinnon, presents 10 simple tips to secure your business from online threats.
This document describes a sports injury stabilizer device being developed by a student group. The device aims to effectively stabilize an injured hand while providing mobility and comfort, replacing bandages. The group's presentation will include the detailed design, assembly process, progress made, and estimated costs and time to complete the project. Components of the design include an inflatable cuff or bladder, pipes to connect to a distributor, and valves. The group has researched material options and begun contacting manufacturers.
Commercial Cyber Crime - Social Networks MalwareAditya K Sood
Social networks are vulnerable launch pads for malware infections due to insufficient security protections. Attackers can exploit human emotions and curiosity to spread malicious content through social networks. Common techniques include injecting malicious URLs or exploiting browser vulnerabilities to download malware. The lack of URL scanning, warning mechanisms, and user knowledge about authenticity make social networks easy targets for these types of attacks.
This document summarizes predictions for cyber threats in 2013 from McAfee Labs researchers. They predict:
- Mobile worms that buy malicious apps and steal payment info using NFC. Malware that blocks security updates on phones. Ransomware "kits" for mobile.
- Covert, persistent attacks targeting below the kernel of Windows. Rapid development of ways to attack the new Windows 8 and HTML5.
- Large-scale infrastructure attacks like Stuxnet. Highly targeted attacks using the Citadel Trojan to evade detection. Malware that reconnects after botnets are taken down.
Malware detection techniques for mobile devicesijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most the needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to
the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In
this paper, we will study and analyze different malware detection techniques used for mobile operating systems. We will focus on the to two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
The document discusses the need for information security professionals and provides an overview of information security. It describes how connecting to the internet exposes computers to risks from malicious actors. It then covers key topics in information security including identity theft, malware, patch management failures, and distributed denial of service attacks. The document concludes by recommending best practices for protecting digital assets such as using antivirus software, firewalls, and keeping systems updated with the latest patches.
The document summarizes Trend Micro's 2012 Mobile Threat and Security Roundup. It found that in 2012 there was a significant increase in detected Android malware, reaching 350,000 samples by year's end. Premium service abusers that charge users fraudulent fees were the most common mobile threat. The document also notes that threats are increasing in sophistication, with cybercriminals developing new methods of attacking users beyond traditional social engineering. As Android grows in popularity, it faces similar threats to what Windows faced as the dominant desktop platform.
Storm was a significant web threat in 2007 that spread through successive waves using various techniques. It combined aspects of viruses, worms, and botnets to infect hundreds of thousands of computers and send massive amounts of spam. The document analyzes data on Storm malware detections and spam volumes to correlate them with the timeline of Storm's attacks throughout 2007. It finds that each wave resulted in initial suppression of malware detections followed by peaks in detections and sustained high spam volumes.
Maximize Computer Security With Limited RessourcesSecunia
Presentation from Stefan Frei on how patches are an effective method to escape the arms race with cybercriminals. The majority of vulnerabilities have patches ready on the day of disclosure, which means that the right patch strategy is evident to maximize risk reduction.
The document discusses the challenges of combating computer viruses given their ability to spread rapidly. It notes that a single virus writer can trigger a chain reaction that infects thousands of computers. Recent viruses like SoBig demonstrated this danger, with one version found in half of all emails scanned. While some blame careless users, the document argues users are overwhelmed by the complex tech landscape. It also discusses challenges faced by administrators and software companies in keeping systems fully protected given the difficulties of eliminating all vulnerabilities from hugely complex programs like Windows.
Symantec's Internet Security Threat Report, Volume 18 revealed a 42 percent surge during 2012 in targeted attacks compared to the prior year. Designed to steal intellectual property, these targeted cyberespionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.
- Cybercrime profits drove cybercriminals to shift techniques in 2013 away from attachments towards malicious links as anti-spam measures improved. Ransomware targeting desktop computers also increased.
- Overall malware and spam levels decreased in 2013 from 2012 levels as botnets were disrupted, though mobile malware targeting Android devices significantly increased.
- Web security threats rose in 2013 as more websites were compromised to host exploit kits and malware, with education sites most commonly hacked. Current events were increasingly used to lure users to infected websites.
Healthcare forum perry-david m-everything you know is wrong!ISSA LA
This document discusses the challenges of educating users about cybersecurity threats. It notes that users are often the weakest link due to lack of understanding, and that simply patching systems is not enough. The document advocates focusing on user education to help users understand what assets need protection, common threats, and how to identify compromises or when protection measures are working. It acknowledges that providing this education is difficult given the complexity of technology and threats, as well as changing user understanding over time.
The document discusses cyber security threats and vulnerabilities. It provides statistics on malware attacks, vulnerable areas when online, and costs of cyber crimes. Emerging technologies like moving target and remote agent technologies are aimed to constantly change networks and monitor security, but collective global measures are still needed to maximize security as cyber attacks can significantly impact individuals, organizations, and entire economies.
The document discusses several guidelines for improving operating system security:
1) It provides tips for securing Windows systems such as enabling BitLocker, creating strong passwords, applying updates, and using the Windows firewall.
2) It explains how malware can propagate through email attachments, infected websites, USB drives and other methods.
3) Mac malware was previously rare but is becoming more common as the Mac market share increases, potentially validating a previous security prediction.
Contending Malware Threat using Hybrid Security ModelIRJET Journal
The document proposes a hybrid security model to combat malware threats across different types of IT systems. It analyzes positive and negative security models and their advantages and disadvantages. A hybrid model is proposed that uses a combination of whitelisting, blacklisting, firewalls, antivirus software and other tools depending on the system type. For example, corporate systems would use application whitelisting to only allow approved enterprise apps, while home systems rely more on antivirus and firewalls for flexibility. The goal is to provide effective security tailored to each system's environment and business needs.
Review on mobile threats and detection techniquesijdpsjournal
Since last-decade, smart-phones have gained widespread usage. Mobile devices store personal details
such as contacts and text messages. Due to this extensive growth, smart-phones are attracted towards
cyber-criminals. In this research work, we have done a systematic review of the terms related to malware
detection algorithms and have also summarized behavioral description of some known mobile malwares
in tabular form. After careful solicitation of all the possible methods and algorithms for detection of
mobile-based malwares, we give some recommendations for designing future malware detection algorithm
by considering computational complexity and detection ration of mobile malwares.
The document summarizes key findings from IBM's 2009 X-Force Trend & Risk Report. It found that vulnerabilities in document readers like Adobe PDF surpassed those in office documents. Most web-based exploits targeted vulnerabilities in Adobe products via toolkits. The US continued to host many malicious websites, while new malicious links increased 345% from 2008.
In the first six months of 2012, the malware landscape remained relatively constant, with Trojan.AutorunInf, Win32.Worm.Downadup and Exploit.CplLnk as the top three e-threats worldwide. The first two pieces of malware are more than four years old and, even though the vulnerabilities that allow them to infect systems have been addressed, they still claim victims.
The Android operating system continued to be the primary target for mobile malware in 2012, with the number of malware attacks more than doubling from 2011. Cybercriminals expanded beyond China and Eastern Europe to target consumers in the United States, Saudi Arabia, and other markets. One of the most profitable trends for cybercriminals was combining mobile malware with social engineering techniques like phishing and smishing to steal users' financial information.
Mobile security is a growing issue, with the increased uptake of smartphones and tablets. Learn what risks exist and how you can protect your devices from malware and data loss.
As if running a business isn't hard enough!
AVG (AU/NZ)'s Security Advisor, Michael McKinnon, presents 10 simple tips to secure your business from online threats.
This document describes a sports injury stabilizer device being developed by a student group. The device aims to effectively stabilize an injured hand while providing mobility and comfort, replacing bandages. The group's presentation will include the detailed design, assembly process, progress made, and estimated costs and time to complete the project. Components of the design include an inflatable cuff or bladder, pipes to connect to a distributor, and valves. The group has researched material options and begun contacting manufacturers.
This is the AVG Community Powered Threat Report for Q3 2012.
The report investigates a number of malicious software developments including the newly launched 2.0 version of the Blackhole Exploit Toolkit, the evolution in malware targeting mobile banking services, a surge in malicious ads targeting social network users and a trick to hide malware inside image files.
The document discusses cyber threats from Q1 2012. It finds that the Blackhole exploit kit dominated web threats, accounting for 43.55% of detected malware. It was used by criminals due to its powerful and polymorphic nature. The report also finds that Android malware increased its use of social networks like Facebook and Twitter to spread. Overall, cyber criminals are increasingly professionalizing and monetizing cyber crime.
M5 evaluating and competitive positionMentari Pagi
The document discusses evaluating a company's strategy, resources, competitive position, and costs relative to rivals. It provides questions to guide the analysis, including how well the current strategy is working based on qualitative and quantitative assessments, identifying the company's strengths, weaknesses, opportunities, and threats, assessing if prices and costs are competitive using value chain analysis and benchmarking, and determining if the company is stronger or weaker than key rivals by rating them on key success factors. The overall goal is to understand the company's situation to identify strategic issues.
The document provides tips on how businesses can protect themselves from cyber attacks. It begins by introducing common hacker tactics like phishing, exploiting wireless networks, and scanning for website vulnerabilities. It then discusses the types of attackers and their motives, usually to steal financial information or damage a company's reputation. Several specific attack vectors are outlined, including using default passwords, vulnerable websites, insecure wireless networks, flaws in internet banking, and social engineering through phishing emails. The presentation emphasizes adopting a "protect, detect, correct" mindset and classifying sensitive data, as well as following security best practices like enabling two-factor authentication, using strong unique passwords, and keeping software updated. The key message is that businesses of any size can take
The number of devices running with the Android operating system has been on the rise. By the end of 2012, it will account for nearly half of the world's smartphone market. Along with its growth, the importance of security has also risen. A proportional increase in the number of vulnerabilities is also happening to the extent that there are a limited number of security applications available to protect these devices. The efficacies of these applications have not been empirically established. These slides analyzes some of the security tools written for the Android platform to gauge their effectiveness at mitigating spyware and malware
Since its debut, Android has quickly claimed significant market share in the mobile market. Unfortunately, such popularity (amongst other factors) makes Android a lucrative target for malware authors. New families and variants of malware keep cropping up each quarter, and this trend shows no sign of slowing down. In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new
families and variants discovered in Q1 2012 alone.
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
This document discusses several new methods for detecting malware, including CPU analyzers, holography, eigenvirus detection, differential fault analysis, and whitelist protection. It notes that due to a focus on deobfuscation, these ideas have only recently been explored and are still underdeveloped. Specific methods like CPU analyzers and holography are examined in more detail.
This document summarizes the mobile threat landscape in Q1 2012 based on analysis by F-Secure Response Labs. There was a significant increase in malicious Android application package files (APKs) detected, rising from 139 in Q1 2011 to 3063 in Q1 2012. New Android malware families and variants also increased sharply from 10 to 37 between the same periods. Existing malware families like DroidKungFu improved evasion techniques using encryption and randomization, while new threats like RootSmart.A demonstrated more complex infection behaviors like downloading root exploits. Overall, Android threats continued optimizing detection evasion and infection methods while mainly focusing on generating profit through premium SMS.
The document reports on web, mobile, and email threats from Q2 2011, finding that rogue antivirus scanners were the most prevalent web threat, the "com.noshufou.android.su" application was the most popular malicious Android app, and the United States was the top source of spam messages. It also analyzes the use of stolen digital certificates to sign malware, known as "trusted malware", and the SpyEye banking Trojan.
Adaptive Mobile Malware Detection Model Based on CBRijtsrd
Today, the mobile phones can maintain lots of sensitive information. With the increasing capabilities of such phones, more and more malicious software malware targeting these devices have emerged. However there are many mobile malware detection techniques, they used specified classifiers on selected features to get their best accuracy. Thus, an adaptive malware detection approach is required to effectively detect the concept drift of mobile malware and maintain the accuracy. An adaptive malware detection approach is proposed based on case based reasoning technique in this paper to handle the concept drift issue in mobile malware detection. To demonstrate the design decision of our approach, several experiments are conducted. Large features set with 1,065 features from 10 different categories are used in evaluation. The evaluation includes both accuracy and efficiency of the model. The experimental results prove that our approach achieves acceptable performance and accuracy for the malware detection. Kyaw Soe Moe | Mya Mya Thwe "Adaptive Mobile Malware Detection Model Based on CBR" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd28088.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/28088/adaptive-mobile-malware-detection-model-based-on-cbr/kyaw-soe-moe
The document summarizes a mobile threat report for Q3 2013. It finds that 252 of the 259 new mobile threat families and variants discovered were for Android, with trojans making up the largest percentage at 88%. It also notes an increasing trend of profit-motivated mobile malware, with 81.1% of new threats aiming to generate money through unauthorized SMS messages. The report discusses recent developments like the identification of the creator of the Pincer Android banking trojan and the emergence of tools that simplify inserting malware into legitimate apps.
The document summarizes malware threats from Q1 2012. There was significant growth in PC malware, mobile malware (especially on Android), and rootkits like ZeroAccess. Signed malware and password-stealing Trojans also increased substantially. Overall, 2012 is shaping up to be a challenging year for cybersecurity as attackers continue pushing technological boundaries.
This document provides a summary of the top 10 findings from Microsoft's 2016 Trends in Cybersecurity report. Key findings include:
- 41.8% of all vulnerability disclosures were rated as highly severe, a 3-year high risk level.
- Encounters with exploits of the Java programming language are on the decline likely due to changes in how web browsers handle Java applets.
- Consumer computers encounter malware at twice the rate of enterprise computers likely due to stronger security protections in business networks.
- Locations with the highest malware infection rates were Mongolia, Libya, Palestinian territories, Iraq and Pakistan.
The document summarizes the top 10 cybersecurity trends found in Microsoft's research in 2016. These include: an increase in highly severe vulnerabilities; a decline in Java exploits; consumer computers encountering twice as many threats as enterprise computers; locations like Mongolia and Libya having the highest malware infection rates; exploit kits accounting for 40% of commonly encountered exploits; Adobe Flash Player being the most commonly detected object on malicious pages; over 40% of vulnerabilities being in non-browser or OS applications; an increase in Trojan encounters; threats varying dramatically by country; and less than 10% of vulnerabilities being in Microsoft software.
Cyber Malware Programs And The InternetHeidi Maestas
Malware programs have increased with greater internet usage, infecting systems and threatening security. There are various types of malware like viruses, trojans, worms, spyware and adware that infect systems through emails, downloads and other methods. While technologies like firewalls, antivirus software and encryption help secure systems and networks, the growing sophistication of malware poses ongoing challenges to internet security. Teaching users about malware types and prevention methods is important for protecting systems and information.
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
The document examines major software vulnerabilities and exploits from 2017-2018, including EternalBlue, WannaCryptor, CoinMiner, Diskcoder (aka Petya), and Meltdown/Spectre. It discusses how the number of reported vulnerabilities reached a historic peak in 2017, with the number of high severity vulnerabilities increasing by 68% from 2016. Exploits like EternalBlue were utilized by ransomware like WannaCryptor to devastating effect by taking advantage of vulnerabilities in older, unpatched systems. The risk posed by vulnerabilities underscores the need for multilayered endpoint security through timely patching and protection layers.
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
Malware is a nuisance for smartphone users. The impact is detrimental to smartphone users if the smartphone is infected by malware. Malware identification is not an easy process for ordinary users due to its deeply concealed dangers in application package kit (APK) files available in the Android Play Store. In this paper, the challenges of creating malware datasets are discussed. Long before a malware classification process and model can be built, the need for datasets with representative features for most types of malwares has to be addressed systematically. Only after a quality data set is available can a quality classification model be obtained using machine learning (ML) or deep learning (DL) algorithms. The entire malware classification process is a full pipeline process and sub processes. The authors purposefully focus on the process of building quality malware datasets, not on ML itself, because implementing ML requires another effort after the reliable dataset is fully built. The overall step in creating the malware dataset starts with the extraction of the Android Manifest from the APK file set and ends with the labeling method for all the extracted APK files. The key contribution of this paper is on how to generate datasets systematically from any APK file.
The document provides an overview of threats in the first quarter of 2012 according to McAfee Labs. It saw significant increases in many areas of malware and threats after declines in late 2011. Mobile malware targeting Android devices increased dramatically, reaching nearly 7,000 samples. Established rootkits like Koutodoor rebounded and the new ZeroAccess rootkit emerged. Signed malware and password-stealing Trojans also increased substantially. Spam volume grew early in the quarter but resumed its downward trend. The US continued to host the most malicious web content.
Protecting Against the New Wave of MalwareGFI Software
This Osterman Research white paper examines why older, traditional antivirus approaches don't work and why a new approach to endpoint security is required to better protect your users, your data and your long-term viability as a company from malicious threats. Learn about the scope of the malware problem and strategies that can help you defend against evolving malware threats.
The document discusses malware improvements on Android OS. It provides an introduction to the growth of smartphones and Android's dominance of the market. It then covers the organization of the paper and defines malware. It reviews the Android OS architecture and literature on Android security. The objectives are to increase awareness of the Android security model and analyze malware development. The findings show Android security relies on user awareness and the open source nature makes it vulnerable. Future scopes include modifying the permission model and alpha testing apps for the Play Store.
This document provides an overview of 16 dynamic analysis platforms for analyzing Android applications and detecting malware. It evaluates these platforms' effectiveness using known malware samples and known Android bugs. The results show low diversity among platforms due to code reuse, making them vulnerable to evasion. Additionally, the platforms could be exploited by malware using the Master Key bugs to hide malicious behavior.
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...AM Publications
Due to tremendous development and growth in mobile phone software and hardware technologies now Security issues is a very big challenge to all concerned persons such as scientists, manufacturers, designers, industrialists and so on. Usually, such technology takes time to be absorbed into the market and this gives time to the security teams to develop effective security controls. The rapid growth of the smart-phone market and the use of these devices for email, online banking, and accessing other forms of sensitive content has led to the emergence of a new and ever-changing threat landscape [1]. Along with this, the fact that anyone can be a user has led to the smart-phone appearing in the hands of almost every person before the proper security controls can be developed. Currently, android has the biggest share in the market among all the smart-phone operating systems. As the powers and features of such phones increase, their vulnerability also increases and makes them prone towards security threats. In the present paper, the authors have made a systematic study on why android security is important, what some of the potential vulnerabilities are and what security measures have been adopted currently to ensure security.
This document summarizes key trends seen in malware and security threats in 2013 according to a security threat report from Sophos. Some of the main trends discussed include botnets growing larger and more stealthy through the use of techniques like decentralized command and control and hiding in the dark web. Android malware also evolved to be more sophisticated at avoiding detection. Ransomware, including the widespread Cryptolocker variant, emerged as a growing threat delivered by botnets.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. Contents
Table of Contents
2....................Introduction
3....................Executive summary: Q4 2012 Highlights
4....................Top Trends
5....................About this report
Quarterly Key Metrics: September-December 2012
6....................Web Threats
8....................Mobile Threats
9....................Email Threats
Part 1: 2012 Summary
10..................Blackhole: King of the Malware Universe
11..................Mobile Targeted Malware
12..................The Rise of Exploit Toolkits
Part 2: Web Risks and Threats
13..................Blackhole and Cool Exploit Kits: More of the Same?
17..................Is Your Child a Malware Writer?
19..................2013 Threat Predictions
Part 3: Appendix
20..................Other reports from AVG Technologies
21..................About AVG
21..................About the AVG Community
21..................Keep in Touch With AVG
1
3. Introduction
Welcome to the AVG Q4 Community
Powered Threat Report
During the final quarter of 2012, we saw the continued rise
of off-the-shelf malware ‘toolkits’ and ongoing growth in
the mobile malware market. However, while these are the
work of professional cyber-criminals, we also discovered
several attacks involving basic Trojans developed by very
young amateur coders – in one case, the author was just
11 years old.
In this Q4 Community Powered Threat Report, we investigate
these subjects and more, round up the latest web, mobile and
email threats, and set out our predictions for the key threats that
will shape 2013’s security landscape. It is, of course, an ever-
shifting landscape, though, so to keep up to date with the latest
security developments, remember to look out for AVG Threat
Labs’ regular threat bulletins on the AVG News & Threats blog.
I hope that you enjoy reading this quarter’s Threat Report.
Yuval Ben-Itzhak, CTO, AVG Technologies
2
4. Executive summary:
Q4 2012 Highlights
“60% of attacks Key points for Q4 2012
detected by during The quarterly AVG Community Powered Threat Report for
2012 were performed Q4 2012 was released on 6 February 2013.
by exploit toolkits” Blackhole: King of the Malware Universe
The Blackhole toolkit was by far the most dominant malware in
the market, accounting for 49% of attacks detected by AVG
Threat Labs during 2012. In this report, we analyze the top
Blackhole incidents we saw this year.
Mobile Targeted Malware
During 2012, mobile device penetration rates dramatically
increased. Android is the most popular operating system with
72.4% of market share, which has resulted in a big increase in
attacks that target it. In this report, we look at the main threats
to smartphones and tablets.
The Rise of Exploit Toolkits
AVG Threat Labs found that 60% of the attacks during 2012 were
performed by exploit toolkits. A new trend has developed as
established cyber-criminals realize they can create commercial
toolkits that they can sell at a premium to less technically savvy
peers, who in turn see such kits as an easy way to get into the
market.
Blackhole and Cool Exploit Kits
A new exploit toolkit emerged during the last quarter of 2012
called Cool Toolkit. We believe that this kit is produced by
the creators of the Blackhole Exploit Kit as it has many
similarities. In this report we analyze Cool Toolkit and compare
it with Blackhole.
Is Your Child a Malware Writer?
Could your pre-teen be writing malicious code? We analyze a
Trojan developed by an 11-year-old child to steal account login
information of online gamers, and discuss the risks involved.
3
5. Top Trends
“During 2012, AVG The AVG Q4 2012 Community Powered
detected almost Threat Report Top Trends
4,000,000 threats Web Threats
to mobile devices”
Blackhole Exploit Kit The most active threat on the
web, accounting for 39.9% of
all detected malware and
84.1% of all toolkits
59% Exploit toolkits account for well
over half of all threat activity on
malicious websites
12.74% Of malware relies on Autorun
and external hardware devices
(such as flash drives) as a
distribution method
Mobile Threats
com.utooo. The most detected malicious
android.compass Android application, which
pretends to be a compass tool
~3,930,500 The total number of mobile
threats detected by AVG Threat
Labs during Q4 2012
Messaging Threats (Spam)
United States Is the top spam source country
45.7% Of spam messages originated
from the USA, followed by the
UK with 9.3%
Facebook.com The top domain in spam
messages
English Is by far the most popular
language used in spam
messages at 70.3%
4
6. About This Report
“The AVG Community Working Together
Protection Network is The AVG Community Protection Network is an online
an online neighborhood neighborhood watch where community members work to protect
each other. Information about the latest threats is collected from
watch, where community customers who participate in the product improvement program
members work to protect and shared with the community to make sure everyone receives
each other” the best possible protection.
The AVG Community Powered Threat Report is based on the
Community Protection Network traffic and data collected from
participating AVG users over a three-month period, followed by
analysis by AVG. It provides an overview of web, mobile devices,
spam risks and threats. All statistics referenced are obtained
from the AVG Community Protection Network.
AVG has focused on building communities that help millions
of online participants support each other on computer security
issues and actively contribute to AVG’s research efforts.
5
7. Quarterly Key Metrics:
September-December 2012
Top 10 Web Threats Q4 Web Threats: Top 10 Threats Q4 2012
2012
This prevalence table shows the top web threats
as reported by the AVG community.
Blackhole Pages containing fake virus scanners, or
Exploit Kit appear to be pages pushing fake antivirus
products. Such pages intend either (or
both) to lure end user to buy worthless
software, or to install malware under the
cover of seemingly useful software
Cool Exploit Kit Exploit toolkit used to install malware
Redirect to Injected code which redirect the visitor to
Rogue Scanner a malicious site that tries to install
Rogueware
Rogue Scanner Pages containing fake virus scanners, or
appear to be pages pushing fake antivirus
products. Such pages intend either (or
Blackhole 39.9 both) to lure end user to buy worthless
software, or to install malware under the
C ool Exploit 15.5 cover of seemingly useful software
Redirect to Rogue 14.5
Facebook Scam Utilizing Facebook to scam people into
Rogue Scanner 9.2 revealing personal or financial data
Facebook 6.6
Parallels Plesk Parallels Plesk Panel is website control
Parallels Plesk 5.2 Panel panel software widely used by web hosting
Redkit Exploit 3 compromise companies. The vulnerability was
discovered in older versions (using plain
Nuclear Exploit 2.2
text to store password data), this
Pharmacy 2.1 vulnerability allows cyber criminals to
Script Injection 1.8 extract all website account
Redkit Exploit Exploit toolkit used to install malware
Kit
Nuclear Exploit Exploit toolkit used to install malware
Kit
Pharmacy Spam Pharmacy Spam Sites look like legitimate
Site online pharmacies, but are usually copies
of real sites. These fake pharmacies often
supply generic, or even fake, drugs rather
than the brands advertised, and reportedly
often deliver no drugs at all
Script Injection Injection of code by an attacker, into a
Redirect computer program to change the course
of execution
6
8. Quarterly Key Metrics:
September-December 2012
Top 10 Behavior Web Threats: Top 10 Malware Q4 2012
C ategories Q4 2012
This prevalence table shows the top malware threats
as reported by the AVG community.
Worm/AutoRun 12.74%
Win32/Heur 12.49%
Worm/Downadup 8.14%
Win32/Sality 5.07%
Win32/Cryptor 4.4%
Crack.CO 3.83%
HTML/Framer 2.98%
Win32/Virut 2.93%
Trojan 34.49%
Adware 19.14% Generic20.GJD 2.93%
Adware/Spyware 10.62%
Luhe.Exploit.LNK.CVE- 2.78%
Downloader 8.85%
2010-2568.A
Malware 8.52%
Virus 4.60%
Potentially Unwanted Web Threats: Top 5 Exploit Toolkits Q4 2012
Application 4.03%
Backdoor 2.19% These metrics represent the top five exploit toolkits in terms
of malicious web activities. Criminals are increasingly using
Network Worm 2.00% toolkits to carry out cyber-attacks. In many cases, using
Rootkit 0.85% these attack toolkits does not require technical expertise.
Blackhole 84.1%
Fragus 8.4%
Phoenix 4.15%
Seosploit 2.09%
Bleeding Life 0.55%
7
9. Quarterly Key Metrics:
September-December 2012
Top 10 Mobile Malware Mobile Threats: Malware Detections by
Detections by C ountry
Q4 2012 Country Q4 2012
Russian Federation 14.1%
Thailand 8.32%
United kingdom 6.68%
USA 6.43%
Spain 5.34%
Malaysia 4.46%
Germany 4.45%
Russian Federation 14.10% Italy 4.09%
Thailand 8.32%
Netherlands 3.99%
United kingdom 6.68%
USA 6.43% Indonesia 3.15%
Spain 5.34%
Malaysia 4.46%
Germany 4.45%
Italy 4.09%
Netherlands 3.99%
Indonesia 3.15%
8
10. Quarterly Key Metrics:
September-December 2012
Email Threats: Top Domains Q4 2012
no domain in message 16.4%
facebook.com 8.2%
twitter.com 5.4%
bit.ly 3.7%
gmail.com 3.1%
youtube.com 2.7%
amazonaws.com 2.1%
hotmail.com 2.1%
Linkedin.com 1.8%
yahoo.com 1.75%
google.com 1.7%
Email Threats: Top 5 Languages in Spam
Messages Q4 2012
English 70.3%
Spanish 6.7%
Portuguese 5.5%
Dutch 3.1%
Chinese 3%
9
11. Part 1: 2012 Summary
The King of the Malware Universe:
The Blackhole Phenomenon
The Blackhole Exploit toolkit is without doubt the King of 2012
malware universe with almost 50% of the market share (fig 1).
This means that a staggering 49% of attacks during 2012 were
performed using the Blackhole Exploit Toolkit.
The Blackhole toolkit dominated malware in 2012. It is a
sophisticated and powerful exploit kit and mainly due to its
polymorphic nature it is heavily obfuscated to evade detection by
anti-malware solutions.
Figure 1: 2012 Blackhole Market Share
The success of the kit lies in its straightforward user interface,
sophisticated design, encryption and successful marketing model.
Blackhole creators ‘commercialized’ their product by providing a
subscription-based service meaning it’s available to purchase
online and effectively gives anyone the tools to become a
cybercriminal.
AVG Threat Labs detected some major Blackhole exploits in 2012:
Spoof FBI legal action ransomware demands fine for
alleged PC misdemeanours: In June 2012, AVG found a
new ransomware page delivered by the Blackhole exploit
kit which claims to be a legal action by the US Federal
Bureau of Investigation. The malware locks up the
machine’s Windows operating system and demands
payment of a ‘fine’ to unlock it.
‘Commercialized’ Malware, the Blackhole Toolkit,
continues its upward trajectory: For those who are
interested in becoming a sophisticated cybercriminal, the
notorious Blackhole Toolkit has been the kit of choice for
the last few years.
10
12. Part 1: 2012 Summary
Mobile Targeted Malware
During 2012 smartphone device penetration dramatically
increased. According to ComScore, 55% of European mobile users
1 2
have a smartphone , 81% of Americans and 81.7% of Japanese.
Android is the most popular operating system with 72.4% of
3
market share . Consumers are going mobile and following closely
behind are cyber criminals, who have focused on the Android
operating system as a lucrative hunting ground.
AVG Threat Labs found during 2012 that:
Social media and Smartphone: Nearly half of the world’s
social network users visit social media sites via their
4
phones . Cyber criminals realize that through social
networks, they have access to a large number of
potential victims that can be converted into a considerable
amount of income.
Malicious Apps: the Google Play Store has had more than
5
25 billion app downloads ; the number of apps on the
6
Android market is more than 600,000 . During 2012 we
have covered several stories relating to malicious apps on
Google Play and other third party apps markets, such as:
The First Android Rootkit
Mobile banking targeted for attack: By installing malware
on the phones of people who internet bank, cybercriminals
can steal large sums in a single transaction
Malicious apps which send text messages from a device to
premium rate services
Trojan-infected version, uploaded to the unofficial Android
app stores, of the hugely popular Android application
'Angry Birds Space'
1
http://techcrunch.com/2012/12/17/smartphone-penetration-in-europes-
big-5-markets-now-at-55-apple-continues-to-feel-the-heat-from-fast-
rising-samsung/
2
http://mobithinking.com/mobile-marketing-tools/latest-mobile-
stats/a#topmobilemarkets
3
http://mashable.com/2012/11/14/android-72-percent/
4
http://thenextweb.com/asia/2012/11/16/report-half-of-worlds-social-
media-users-go-mobile-as-us-and-europe-lag-asia/
5
http://techcrunch.com/2012/09/26/google-play-store-25-billion-app-
downloads/
6
http://www.appbrain.com/stats/number-of-android-apps
11
13. Part 2: Web Risks and Threats
The Rise of Exploit Toolkits
A crimeware toolkit is a ‘commercial’ software program that can
be used by novices and experts alike to facilitate the launch of
widespread attacks on networked computers. With the attack
toolkit, cyber criminals can launch an attack using pre-written
malicious code that exploits a number of vulnerabilities in popular
applications. These attacks often target un-patched security bugs
in widely used products such as Adobe® Flash® Player, Adobe®
Reader, Internet Explorer® and the Java Runtime Environment.
Fig 2: 2012 Exploit Toolkit Market Share The ease of use and accessibility of these toolkits has seen them
gain popularity in recent years and allowed a new group of cyber
criminals to enter the market, who would normally lack the
required technical expertise to succeed.
Tech-savvy criminals realized they could ’monetize’ their malicious
code writing exploits by selling toolkits to less savvy individuals
who would pay good money for them.
As seen in fig 2, almost 60% of attacks in 2012 were
performed by toolkits.
12
14. Part 2: Web Risks and Threats
Blackhole and Cool Exploit Kits:
More of the Same?
AVG Web Threats Research Group has analyzed a new exploit kit
called ‘Cool’. At first it looked like a new variant of Blackhole
Exploit kit. We have investigated the differences and similarities
of the two exploit kits and it seems, Cool is either a copycat or it
was created by the same author.
Code Similarities
Both exploit Java, Flash, PDF vulnerabilities
in the same way.
The shell code used in both is very similar.
Both the Cool and Blackhole Exploit kits try to install a
specific vulnerable JVM version from the now disabled
page http://java.sun.com/update/1.6.0/jinstall-6u60-
windows-i586.cab#Version=6,0,0,0.
Obfuscated code examples
The Blackhole sample snippet below (fig 3) is shown after
the outer layer of obfuscation is removed. The Cool
sample snippet below it is verbatim (fig 4).
Fig 3 - Blackhole Code Obfuscation
Fig 4 - Cool Code Obfuscation
13
15. Part 2: Web Risks and Threats
Code Differences
At this point we see two main differences:
Blackhole obfuscates the code (fig 5), changing it every
few days to evade detection, unlike Cool (fig 6).
Blackhole, since version 2.0, has become much more
consistent in its blocking of visitors IPs across their vast
networks with the aim to make a ‘second look’ at the code
difficult. This is done to discourage (or fool) investigators
such as webmasters, automated web spiders and anti-
virus researchers.
Fig 5 – Obfuscated Blackhole Cool Toolkit Code
Fig 6 - Cool Toolkit Code
14
16. Part 2: Web Risks and Threats
About the Cool Exploit Kit
Cool Exploit Kit appears to use the same business model as
Blackhole. The customer licenses the exploit kit from the authors
and specifies various options to customize it7. They place the
code on hacked servers or other web servers and then attract
victims using spam email or links on other webpages such as
social media sites.
So far, Cool has largely been used to install ransomware on
victims’ machines. The ransomware locks up a victim’s PC and
presents a phony web page that purports to be a notice of an
enforcement action by a major law enforcement agency, such
as the FBI in the US or the Metropolitan Police in the UK.
Typically, the pages state that the victim’s machine has been
used to view child pornography or for downloading copyrighted
material. It demands payment of a ‘fine’ (generally $200) via
the untraceable MoneyPak payment system. Victims who pay
the fine find out that it does not unlock their machine.
The first indication of the installation of the ransomware is
shown in fig 7:
7
http://en.wikipedia.org/wiki/Blackhole_exploit_kit
15
17. Part 2: Web Risks and Threats
A ransomware page quickly follows. This is one of the most recent
examples (fig 8):
Ransomware is still a profitable business that extorts over five
million dollars a year from victims.
It is also worth noting that Cool Exploit Kit detections statistics
are closing the gap on the Blackhole statistics, as seen in fig 9.
16
18. Part 2: Web Risks and Threats
Is Your Child a Malware Writer?
Today's children use computers as second nature, but would you
suspect your youngster to be able to create malware? I doubt it,
but we have found evidence that children as young as 11 are
writing malicious code.
Of course, today’s kids have ready access to the Internet and
most homes now have a personal computer, so their technology
skills are way beyond the computer skills of previous generations,
but as their skills have evolved, so has the propensity to create
mischief.
Fig 10 – One of the fake game hacks.
You may not believe that an 11-year-old schoolboy or schoolgirl
Game login data will be sent to the
could design a Trojan horse that is able to steal the account
author and no reward is forthcoming.
login information of your favorite online game, but we see
these cases on a daily basis.
These childish Trojans have several common characteristics.
First of all, most of them are written using .NET framework (Visual
Basic, C#) which is easy to learn for beginners and is easy to
deploy – you can download Microsoft Visual Studio Express edition
for free and use it to start coding malware, or you can download
pirated full versions of Borland Delphi for rapid (malware)
application development.
Second, these malicious applications are often targeting online
games, social networks or email, by either pretending to give
away more virtual currency (as shown in fig 10) to an online
game or hack somebody's Facebook profile to attract other peers.
The main purpose is to get your sensitive data.
17
19. Part 2: Web Risks and Threats
These young code authors unintentionally leave traces in the
malware's binary files, which is quite surprising as they are
technically savvy. Their creations may not be state-of-the-art
programming, but they still they require a degree of technical
knowledge.
For example, many of these password stealers send gathered data
to the author's personal email address, which they may use to
login to other online services, such as YouTube or blogs. This
makes it easy to locate their personal data such as their real
name, photos, their school, Facebook profile, using any web
search engine.
One demonstration of this type of attack is where we detected
Fig 11 – Email sending routine with malware written by an 11-year-old boy from Canada, who played
gathered stolen login details. Team Fortress with his friends and got his new iPhone a few days
before.
Although AV researchers would never misuse this kind of
information, there are plenty of other people peeking into binary
files and some will likely have malicious intentions.
One of the ‘better’ scenarios could be a victim's revenge, whereby
they change the password and blocked the malware author's
email/Facebook profile. A much more serious scenario would be
complete identity theft and misuse.
What is the motivation for this behavior? Most probably these
child script writers are not doing it for financial gain, but more
likely for a thrill. Essentially, young geeks seek to outsmart their
friends and win the games or show off their computer skills.
However, this game can quickly get out of hand. After all, stealing
somebody's account details, such as a Steam account with
software attached to it worth $500, or a game account with
hundred of dollars of virtual currency attached to it, is no laughing
matter. Furthermore, if the account details are shared with other
accounts such as email or social media, there is a very real risk of
cyber-bullying and identity theft.
18
20. Part 2: Web Risks and Threats
2013 Threat Predictions
Mobile: We expect to see more high-profile attacks on
mobile users, especially ones that target Android devices.
As China overtook US as the world’s top smartphone
market with over 1 billion mobile subscribers, we expect
a major increase in mobile attacks originating from China.
Cool and Blackhole Exploit toolkits will continue to
dominate the malware market.
Cyber-warfare between nations will continue to increase.
Privacy: Online advertising on PCs, tablets and
smartphones will become even more aggressively
personalized as businesses seek to increase monetization
by compromising users’ privacy. Advertisers will use
browser tracking, social media trawling and location data
to identify individual users, and then serve them a
bespoke program of adverts, without the users’ consent.
Cloud security: Attacks against virtualized cloud
infrastructure will expose the risk in public cloud services
and the large additional investments needed to better
secure them. Well-known cloud systems such as Dropbox,
SkyDrive, Cloud Drive (Amazon) and Google Drive have
reportedly been attacked by malware, and we will see
an increase in attacks against such systems from
DoS/DDoS attacks.
PC threats: The steady increase in popularity of Windows
8 will inspire hackers to reveal new vulnerabilities,
develop new-style malware and fraudware, and present
new proof-of-concept exploits. The number of infected
websites targeting PCs will also increase with the growing
popularity of ‘commercial’ exploit kits such as Blackhole,
while users’ problems will be compounded by an increased
reliance on built-in security systems.
Mobile-to-PC threats: Increased connectivity between
mobile devices and PCs, combined with the growing BYOD
(Bring Your Own Device) trend will make it much easier
for malware and viruses to spread across business and
home networks. We also expect to register more MITMO
(Man-In-The-Mobile) attacks that target PC and mobile
internet banking apps. These multi-factor authentication
attacks will be stealthier, more polished and more
location-oriented.
19
21. Part 3: Appendix
Other reports from AVG Technologies
AVG Community Powered Threat Report Q3 2012 (October)
AVG Community Powered Threat Report Q2 2012 (July)
AVG Community Powered Threat Report Q1 2012 (April)
AVG Community Powered Threat Report Q4 2011 (January)
AVG Community Powered Threat Report Q3 2011 (October)
AVG and GfK: AVG SMB Market Landscape Report 2011
(September)
AVG and Future Laboratories: Cybercrime Futures (September)
AVG Community Powered Threat Report Q2 2011 (June)
AVG Community Powered Threat Report Q1 2011 (April)
AVG and Ponemon Institute: ‘martphone Security - Survey of U.S.
Consumers (March)
20
22. Part 3: Appendix
About AVG Technologies About the AVG Community
(NYSE: AVG) The AVG Community Protection Network is an online
AVG’s mission is to simplify, optimize neighborhood watch where community members work to protect
and secure the Internet experience, each other. Information about the latest threats is collected from
providing peace of mind to a connected customers who participate in the product improvement program
world. AVG’s powerful yet easy-to-use and shared with the community to make sure everyone receives
software and online services put users in the best possible protection.
control of their Internet experience. By The AVG Community Powered Threat Report is based on the
choosing AVG’s software and services, Community Protection Network traffic and data collected from
users become part of a trusted global participating AVG users over a three-month period, followed by
community that benefits from inherent analysis by AVG. It provides an overview of web, mobile devices,
network effects, mutual protection and spam risks and threats. All statistics referenced are obtained from
support. AVG has grown its user base to the AVG Community Protection Network.
143 million active users as of September
30, 2012 and offers a product portfolio AVG has focused on building communities that help millions of
that targets the consumer and small online participants support each other on computer security issues
business markets and includes Internet and actively contribute to AVG’s research efforts.
security, PC performance optimization,
online backup, mobile security, identity
protection and family safety software. You can read more about the threats featured
in this report at:
www.avg.com
blogs.avg.com/news-threats/
Keep in touch with AVG:
For breaking news, follow AVG on Twitter
at www.twitter.com/officialAVGnews
For privacy and security trends analysis and opinion,
read AVG blogs at blogs.avg.com/
Join our Facebook community
at www.facebook.com/AVGfree
Join our LinkedIn community
www.linkedin.com/groups?gid=2719797
21