Australia lags rest of world as malware, phishing, Bitcoin mining target: F-Secure
- — 25 September, 2013 16:54
An F-Secure Response Labs analysis found Australia and the Asia-Pacific region are well below European metrics in areas such as phishing, penetration by a diversity of exploit kits, targeting by advanced persistent threats (APTs) and exploitation of systems for Bitcoin mining.
The F-Secure Threat Report H1 2013, published recently by the Finnish security firm and based on analysis of its cloud-based security statistics reporting, found Java to be exploit kits’ largest single target.
Nearly 60 per cent of the top ten threats detected by F-Secure were derived from exploit kits, and 80% of those targeted Java vulnerabilities. Yet while five exploit kits – BlackHole, SweetOrange, Crimeboss, Styx and Cool – were blamed for 70 per cent of exploit-based attacks, the distribution of these kits in Australia was much different than in other geographies.
APAC targets were hit at the same rate as European targets by malware based on the Blackhole exploit kit; had the world’s highest incidence of SweetOrange-based malware infections; were in the middle when it came to Styx-based malware; and had a much lower rate of infection by malware derived from the Cool exploit kit.
The CrimeBoss exploit kit, by contrast, made up 31 per cent of infections in the Americas but did not show up at all in Europe or the APAC region.
Indeed, Australia did not even show up on the list of the top ten countries hit by the company’s ten most-detected malware variants. By contrast, other countries – including the US, France, Finland, Sweden, Germany and Brazil – were targeted across the board and showed high prevalence of the major threats.
Brazil, France, Italy and the UAE stood out as showing lingering signs of the Downadup/Conficker attacks, which represented 14 per cent of all detected threats despite largely successful efforts to stamp out the years-old malware in the US, Finland, Sweden, Germany, United Kingdom, and other countries.
Majava, the largest single attack with 45 per cent of detected threats, was mainly focused on US and France victims, while smaller attacks such as Ramnit and Sality were focused across the likes of Brazil, India, Turkey, and Tunisia. Phishing statistics showed that Oceania brands were a relatively small proportion of the targets, with just 6 per cent of observed phishing targets based in the region.
Among the other trends observed by the F-Secure team were a shift in Android malware apps away from the Google Play store to third-party sites, as well as a massive leaning amongst phishing bait: fake PayPal sites alone comprised almost 73 per cent of the phishing sites analysed within the company’s report.
Australia was also unscathed when it came to detected advanced persistent threats (APTs), with China, the USA, India, Iran, Japan and France called out as major targets for APTs. Politically-related documents were used to entice victims in 65 per cent of cases, with corporate (14 per cent) and military (11 per cent) language the next most-common; interestingly, military targets were increasingly targeted with malicious files attached to emails purporting to relate to terms such as ‘spouse’, ‘pay’, ‘tax’, ‘due’, ‘returns’, and other personal matters.
Interestingly, the analysis found a relatively low incidence of ransomware in the Asia region, which it attributed to the relatively low availability of anonymous payment systems like Europe’s Ukash, Moneypak and Paysafecard; online money transfers, favoured in Australia and elsewhere in the region, require more effort to spoof.
One particularly significant finding in the company’s analysis was the strong financial rewards for botnet operators using victim computers to run processor-intensive Bitcoin mining scams: ZeroAccess malware, in particular, was noted for its on-again, off-again links to Bitcoin mining.
Bitcoin was floated as a potential driver for increased prevalence of regional ransomware infiltration, by providing an alternative payment method that’s expected to become more prevalent over time. For now, however, Australia did not rank in the top ten countries for use of the ZeroAccess Bitcoin plugin; that honour goes to France, United States, Sweden, Finland, and other countries.