Internet safety tips from the Finally Fast team
Google replaced Microsoft as the number one vendor for reported vulnerabilities, with a total of 82, due to existing vulnerabilities in Chrome as the browser grows in popularity. Oracle came in second, with 63; Microsoft fell to third place, with 58, all according to Trend Micro’s Third Quarter Threat Report.
Trend Micro threat researchers also witnessed a significant shift from mass compromises to targeted attacks, particularly against large enterprises and government institutions. Their work led them to the uncovering of one of the most notable groups of targeted attacks during the third quarter – the LURID downloader.
These attacks, which were classified by Trend Micro as advanced persistent threats (APTs), targeted major companies and institutions in over 60 countries, including Russia, Kazakhstan, and the Ukraine. The cybercriminals behind these attacks launched over 300 malware campaigns in order to obtain confidential data from and take full control of affected users’ systems over an extended period of time. LURID was successful because it was targeted by its nature. By zoning in on specific geographic locations and entities, LURID compromised as many as 1,465 systems.
Other notable security attacks, scams, breaches and exploits
Trend Micro threat analysts came across a new DroidDreamLight variant with enhanced capabilities and routines. Disguised as battery-monitoring or task-listing tools or apps that allow users to see a list of permissions that installed apps utilize, copies of this new Android malware littered a Chinese third-party app store.
In the first half of July, Trend Micro researchers spotted a page that enticed users to click a link to get free invitations to Google’s latest stab at taking a slice of the social media pie—Google+. Instead of invitations to join the site, however, all the users got was an “opportunity” to take part in a survey that put them at risk.
LinkedIn users were also part of a criminal scam that tricked them into clicking a malicious link to a supposed Justin Bieber video that redirected them to a malicious site.
The most notorious spam runs this quarter led to the download and execution of two banking Trojans: The first campaign featured a spam that purported to come from the Spain National Police; the second supposedly came from the Internal Revenue Service.
India and South Korea was part of the top three spam-sending countries. The United States, which commonly takes the top spot, was not on the top 10 spam-sending countries list most likely due to the arrest of several spambot operators.
Notable security research wins
In addition to the discovery of the LURID downloader, Trend Micro and other global security teams made impressive takedowns in Q3:
After months of monitoring, Trend Micro researchers uncovered a SpyEye operation controlled by a cybercriminal residing in Russia with the handle, “Soldier,” and his accomplice in Hollywood, California. This botnet operation, which amassed more than US$3.2 million within six months, targeted large enterprises and government institutions in the United States, as well as organizations in Canada, the United Kingdom, India, and Mexico. More details on this win can be found in Trend Micro’s research paper, “From Russia to Hollywood: Turning Tables on a SpyEye Cybercrime Ring.”
Trend Micro researchers were also able to gather in-depth information on two of the largest FAKEAV affiliate networks to date—BeeCoin and MoneyBeat. More details on how FAKEAV affiliate networks work can be found in the research paper,”Targeting the Source: FAKEAV Affiliate Networks.”