Australia lags rest of world as malware, phishing, Bitcoin mining target: F-Secure

An F-Secure Response Labs analysis found Australia and the Asia-Pacific region are well below European metrics in areas such as phishing, penetration by a diversity of exploit kits, targeting by advanced persistent threats (APTs) and exploitation of systems for Bitcoin mining.

The F-Secure Threat Report H1 2013, published recently by the Finnish security firm and based on analysis of its cloud-based security statistics reporting, found Java to be exploit kits’ largest single target.

Nearly 60 per cent of the top ten threats detected by F-Secure were derived from exploit kits, and 80% of those targeted Java vulnerabilities. Yet while five exploit kits – BlackHole, SweetOrange, Crimeboss, Styx and Cool – were blamed for 70 per cent of exploit-based attacks, the distribution of these kits in Australia was much different than in other geographies.

APAC targets were hit at the same rate as European targets by malware based on the Blackhole exploit kit; had the world’s highest incidence of SweetOrange-based malware infections; were in the middle when it came to Styx-based malware; and had a much lower rate of infection by malware derived from the Cool exploit kit.

The CrimeBoss exploit kit, by contrast, made up 31 per cent of infections in the Americas but did not show up at all in Europe or the APAC region.

Indeed, Australia did not even show up on the list of the top ten countries hit by the company’s ten most-detected malware variants. By contrast, other countries – including the US, France, Finland, Sweden, Germany and Brazil – were targeted across the board and showed high prevalence of the major threats.

Brazil, France, Italy and the UAE stood out as showing lingering signs of the Downadup/Conficker attacks, which represented 14 per cent of all detected threats despite largely successful efforts to stamp out the years-old malware in the US, Finland, Sweden, Germany, United Kingdom, and other countries.

Majava, the largest single attack with 45 per cent of detected threats, was mainly focused on US and France victims, while smaller attacks such as Ramnit and Sality were focused across the likes of Brazil, India, Turkey, and Tunisia. Phishing statistics showed that Oceania brands were a relatively small proportion of the targets, with just 6 per cent of observed phishing targets based in the region.

Among the other trends observed by the F-Secure team were a shift in Android malware apps away from the Google Play store to third-party sites, as well as a massive leaning amongst phishing bait: fake PayPal sites alone comprised almost 73 per cent of the phishing sites analysed within the company’s report.

Australia was also unscathed when it came to detected advanced persistent threats (APTs), with China, the USA, India, Iran, Japan and France called out as major targets for APTs. Politically-related documents were used to entice victims in 65 per cent of cases, with corporate (14 per cent) and military (11 per cent) language the next most-common; interestingly, military targets were increasingly targeted with malicious files attached to emails purporting to relate to terms such as ‘spouse’, ‘pay’, ‘tax’, ‘due’, ‘returns’, and other personal matters.

Interestingly, the analysis found a relatively low incidence of ransomware in the Asia region, which it attributed to the relatively low availability of anonymous payment systems like Europe’s Ukash, Moneypak and Paysafecard; online money transfers, favoured in Australia and elsewhere in the region, require more effort to spoof.

One particularly significant finding in the company’s analysis was the strong financial rewards for botnet operators using victim computers to run processor-intensive Bitcoin mining scams: ZeroAccess malware, in particular, was noted for its on-again, off-again links to Bitcoin mining.

Bitcoin was floated as a potential driver for increased prevalence of regional ransomware infiltration, by providing an alternative payment method that’s expected to become more prevalent over time. For now, however, Australia did not rank in the top ten countries for use of the ZeroAccess Bitcoin plugin; that honour goes to France, United States, Sweden, Finland, and other countries.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags f-securephishingmalwareBitcoin

More about APACCSOF-SecureGooglePayPal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts