- 8 December 2012 01:52
Trusteer Research Identifies Five Most Dangerous Malware Trends for 2013
BOSTON, Dec. 5, 2012 – Trusteer, the leading provider of endpoint cybercrime prevention solutions, today released the Top Five Most Dangerous Malware Trends for 2013. According to Trusteer’s security research group the biggest threats facing financial institutions and enterprises next year will include attacks against the Google Chrome Browser, the emergence of native 64-bit Windows malware and crimeware that can detect and evade virtual machine, sandboxing, and other containment mechanisms. An infographic that summarizes the findings is available here: http://bit.ly/SDZ4yw.
“2012 was characterized by the increasing sophistication of malware’s ability to evade detection and the beginning of financial fraud platforms like Zeus, SpyEye and others crossing over to attack enterprise endpoints,” said Amit Klein, CTO of Trusteer and head of the company’s security research group. “We expect criminals to continue to innovate in 2013 and step up attacks against enterprises. Our researchers have identified evidence of what we believe will be the top five most dangerous trends in malware next year, including Google attacks, native 64-bit Windows malware and increasingly advanced evasion techniques.”
Five Most Dangerous Malware Trends of 2013
1) The emergence of malware targeting the Google Chrome browser In 2012 Citadel and recent Zeus 2.1 (aka P2P Zeus, Gameover Zeus) began targeting Google Chrome with Man in the Browser (MitB) attacks.
Why it's dangerous: Google Chrome is no longer immune to MitB malware.
2) The emergence of native 64-bit Windows malware In 2012, we began seeing financial malware developing native 64-bit Windows capabilities.
Why it's dangerous: 32-bit malware is handicapped when it runs on 64-bit machines. That’s because the 32-bit malware cannot see or penetrate the “native” 64-bit system processes it uses to evade detection. As malware variants start supporting 64-bit processes, they will once again be difficult to detect on 64-bit machines.
3) Detection-aware malware targeting enterprises In 2012, both financial and non-financial malware variants were discovered that could detect virtualization, debugging, sandboxing and monitoring processes on the host machine. For example, a recent Shylock variant will not install when it detects a Remote Desktop session, most likely to avoid detection in a “lab” environment.
Why it's dangerous: These capabilities present a serious threat to virtual machine-based detection and protection products, since the malware would appear to be harmless to these security tools.
4) Big increase in new and modified financial malware families In 2012, the number of completely new financial malware families almost doubled from three in 2011 to five in 2012. It’s important to note that many different configurations (variants) can exist within one malware family. We expect this trend to continue with even more new malware families introduced next year.
Why it's dangerous: More financial malware families mean more infections, longer detection times, and consequently more financial fraud incidents.
5) Malware lifecycle is accelerating In 2012, the four phases of the malware lifecycle (incubation, outbreak, botnet and retirement) among the variants we investigated accelerated significantly compared to 2011. Because security products continue to improve detection, the window of opportunity for malware to remain undetected is decreasing. The incubation and outbreak phases decreased from one month or more in 2011 to approximately two weeks in 2012. We expect this time frame to shrink even further next year.
Why it's dangerous: The faster the malware lifecycle, the more difficult it is for security products to detect, block and remove malicious software. In an accelerated lifecycle environment, the fraud is already committed before traditional anti-virus/anti-malware products discover the malware.
Boston-based Trusteer is the leading provider of endpoint cybercrime prevention solutions that protect organizations against financial fraud and data breaches. Hundreds of organizations and millions of end users rely on Trusteer to protect their computers and mobile devices from online threats that are invisible to legacy security solutions. Trusteer’s Cybercrime Prevention Architecture combines multi-layer security software with real-time threat intelligence to achieve sustainable protection against malware and phishing attacks and meet regulatory compliance requirements. Global organizations such as HSBC, Santander, The Royal Bank of Scotland, SunTrust and Fifth Third use Trusteer’s solutions and leading online banking providers such as First Data, Harland Financial Solutions, Intuit and S1 integrate with Trusteer to provide world-class protection for financial institutions of all sizes. www.trusteer.com.
# # #
Sign up now »
Improve the effectiveness of your security or get unique network threat discovery and remediation
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.