Within cyber crime realm, big growth of malware

It’s everywhere, it’s seemingly unstoppable and it’s growing by the day. That, in a nutshell, is how most of us view malware – and for good reason. There’s no such thing as a typical malware target – every person and business is vulnerable. It’s this vulnerability, coupled with the sheer number of malicious strains out there, that makes for a truly intimidating climate of cyber crime.

Unfortunately, this is an issue that does not look like it will be on the decline anytime soon. In recent years, the tide of malware has become massive – all the more so because individuals, businesses and governments are having difficulty keeping pace with the cyber criminals. Here are some recent malware statistics that are getting sensible individuals and businesses out there concerned:

• New malware comes out every four seconds. That statistic, from an industry report, illuminates just how constant the flow of new malware is. For every stain of malware that’s defeated, there’s a new one to take its place.
• Over 4 million malware strains unleashed in latter half of 2014. In case the four seconds figure wasn’t enough to get your attention, this number surely is. The 4.1 million new strains found in the second half of 2014 represent a nearly 125 percent incline over the first half figures. It’s this kind of massive growth that’s become characteristic of the malicious sector. Just as we’re shocked by one statistic, an even bigger one takes its place.
• 90 percent of malware is recycled: You’d think that with the onslaught of new malware, most of the attacks taking place would involve emerging strains. But that’s actually not the case, as an industry report discovered. According to the report, roughly nine out of 10 malware attacks in 2014 happened via attackers leveraging bugs that had been around for more than 10 years. Far from being a comforting statistic, this nine out of 10 figure starkly reveals how little progress we’ve made in combating longstanding attacks.

There’s no question as to the virulence – or dominance – of malware these days. It’s truly a force to be reckoned with, whether you’re a business, individual or government agency. But merely being presented with the numbers – i.e. the 125 percent boost in cyber crime in the second half of 2014 – doesn’t tell you anything about the specific nature of the threats out there. In order to truly keep cyber crime to a minimum, individuals, IT workers and business administrators must work to understand the trends that underlie the huge surge in malware. Here are some of those trends:

• Boost in banking trojans: Not that there’s any surprise here, but cyber criminals are after money. In its earliest incarnation, cyber crime wasn’t a practice that reaped big monetary rewards, but that’s changed, particularly in recent years. Now, attacks that offer the most potential for financial gain are the ones that are most lucrative for attackers to carry out. In 2014, as Softpedia pointed out, banking trojans experienced a huge increase over the previous year. In terms of financial institutions targeted, they ranged across the globe, with the largest percentages concentrated in the U.S., U.K. and Canada.
• Mobile payments giving rise to possibility of new attacks: The advent of mobile payments has ushered in another likely attack method for cyber criminals, and it’s one that threat actors will be eager to exploit, as a report from Trend Micro stated. While at the moment only mobile attacks are a trend – not intrusions via mobile payments – it’s reasonable to expect that the growth of the technology and its increasingly widespread use will bring with it emerging threats. In the meantime, there’s plenty of existing mobile attack trends to contend with, especially with regard to Android devices, which are projected to experience a doubling in threat volume this year.
• Rise of targeted attacks: The same Trend Micro threat report pointed out that targeted attacks will become increasingly commonplace. This is highly problematic, because such attacks have the potential to do a significant amout of damage. Targeted attacks also illuminate the way in which virtual crime has crossed into the intelligence-gathering realm, and can be deployed to do things like get ahold of nation-state secrets.
• Increasing exploits of existing software: Let’s say you use a certain software package and you’ve never experienced any difficulties with it, let alone something like a malicious intrusion. Should that give you confidence that the software is immune to hacks? Unfortunately, it can’t. Just as cyber criminals are working to roll out new malicious strains, they’re also looking into current software that’s on the market to see if there are any vulnerabilities that can be exploited. For hackers, the code of any software is fair game, and if there’s a vulnerability in it, they’ll find it.
• Shortage of workers to combat cyber crime: In recent years, there have been huge advances in the growth of a cyber-specific workforce, one trained to combat the many threats out there. But in numbers and experience, the cyber security workforce in no way matches that of the cyber crime world. This disparity is one of the contributing factors to the growth of cyber crime. With preventive measures continually lagging, malicious forces are left to enjoy growth unencumbered by rigorous attempts to stop them. However, the tide may soon be shifting in this regard, since businesses and government agencies are putting more time and money into bringing on individuals with cyber expertise. For those graduating from the various cyber-related programs that are cropping up at the college and graduate levels, it’s safe to say there will be a job waiting.

These trends may be alarming, but they don’t need to continue that way. When individuals and businesses make an effort to combat cyber crime, they can take a significant step toward curbing even the most potent malicious threats. A cyber sphere that’s poorly guarded is inevitably one in which threats will run rampant. By contrast, a better system of defense will make the job of cyber criminals a lot harder – as it should be.

from Trend Micro Simply Security http://ift.tt/1LCDbZt
via IFTTT