Mobile Malware, Phishing and Ransomware — Oh My! A Quick Look at the Current Threat Landscape

By on Sep 04, 2014

So far, 2014 has been a tumultuous year for the security industry. We’ve seen thousands of computers taken hostage through ransomware—malicious software that encrypts and locks data until the victim pays a ransom; we’ve seen a steady increase in the number of phishing attacks—targeted attacks aimed at tricking unwary victims into loading malware onto their devices; and, as has been the trend for some time, we’ve seen a steadily rising number of mobile malware variants out in the wild. And that’s all without even mentioning the word “Heartbleed.” So what’s changed over the past few months? Our team of security researchers at McAfee Labs™ set out to find the answer to that question. What they found they put into their McAfee Labs Threats Report: August 2014.

Mobile malware: A steady increase

Perhaps the most disconcerting trend in cybersecurity is the steady growth of mobile malware, which is spread through malicious or infected apps. The creation of new mobile malware has consistently remained at the same rate for the past few quarters. This latest quarter is no different, with 700,000 new samples found. That is a 17% growth of mobile malware in Q2. Mobile devices are more prevalent than ever, giving hackers plenty of opportunities to exploit vulnerabilities where they can find them. So what can be done?

  • Protect your mobile devices. For added protection on your mobile device, or for those who already have desktop protection software, McAfee® Mobile Security, free for iOS and Android users, will help protect your data with backup and recovery for contacts, photos and videos. It even includes a location tracker should your physical device get lost or stolen. The Android version also provides app protection, which reviews permissions of downloaded apps to see if they’re requesting too much of your data. It also provides you with an app reputation report, based on a proprietary algorithm that takes into account the app category as well as the developer reputation.

Ransomware: It’s going down

The creation of new ransomware dropped 63% this past quarter, but that doesn’t mean new ransomware isn’t being created. In fact, there’ve been 63,857 new instances found in the past quarter.  Industry efforts to build awareness and protect against ransomware have made it more difficult for hackers to make money from this type of attack. And that’s a good thing. Let’s take a look at one ransomware variant by the name of CryptoLocker. CryptoLocker infects computers when a victim opens a malicious attachment sent via email. Once the computer is infected, the ransomware encrypts the victim’s files and produces a popup demanding that the victim pay to recover the files. Typically, victims are given a set amount of time—72 hours—to pay up. To protect yourself from ransomware, you can download McAfee LiveSafe™ service, which will help lock down your computer and mobile device to keep hackers at bay. Oh, and while it’s great to see ransomware drop on PCs, we have also seen ransomware show up on mobile devices so be careful when using your mobile devices to download apps, surf the web and open emails.

Phishing attacks continue to hook victims

A phishing attack is an attack designed to trick you into downloading a malicious file. The most popular method that hackers use to infect their victims is to send them an email that looks like it’s from a popular web service or brand. Inside this email, there is often a link that sends you to a fake website loaded with malware. Unfortunately, phishing attacks are on the rise. McAfee Labs detected more than 250,000 new phishing URLs last quarter, bringing the total to almost one million new sites within the last 12 months. But it isn’t just the number of malicious websites that are increasing, it’s the sophistication of attacks as well. Thanks to the hyper-personal and hyper-sharing nature of social media, hackers now have the ability to thoroughly research their victims’ habits and interests with little effort. This allows attackers to craft phishing messages that stand a better chance of being clicked on by a victim. Phishing messages are typically short in nature—many attempt to look like order confirmations—and are filled with graphics of the brand being abused. The sense of urgency, along with a convincingly stylized email, can lure in even the most cautious among us.

To protect yourself, you can use McAfee® SiteAdvisor®, which protects your devices from clicking to risky sites. This web protection is also available with our free Android mobile security product, McAfee Mobile Security. If there’s one thing we can take away from the August threats report, it’s that hackers are as active as ever. Whether they’re using mobile malware, ransomware, or phishing attacks to try to extract your personal information—it’s important to never let your guard down when browsing the Web. To stay on top of the latest consumer and mobile security threats, follow @McAfeeConsumer on Twitter and Like us on Facebook.

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs