Q1, 2012 witnessed India leading the list of spam-sending countries. As per a report by Trend Micro, the quarter’s top spam-sending countries were India (20 percent), Indonesia (13 percent), South Korea (12 percent), and Russia (10 percent).
The report also looks at software vulnerability and for the first time, Apple leads in software vulnerabilities followed by Oracle.
Apple surpassed Oracle, Google and Microsoft in reported vulnerabilities, with a total of 91. Oracle came in second, with 78; Google, 73; Microsoft, 43. Apart from posting the highest number of reported vulnerabilities, Apple also issued a record-breaking number of patches last March. Trailing Apple were Oracle (78 vulnerabilities), Google (73), Microsoft (43), IBM (42), Cisco (36), Mozilla (30), MySQL (28), Adobe (27) and Apache (24). In addition, Apple issued a record number of patches to its Safari browser in March during the period. A year earlier, March was also a mammoth month for patches, with Apple addressing 93 vulnerabilities, a third of them characterized as “critical,” in its Leopard and Snow Leopard operating system.
In recent days, Apple security received a black eye with the outbreak of the Flashback Trojan (and SabPub), which at its height infected more than 600,000 computers. Despite efforts by Apple to eradicate Flashback, recent tallies estimate that 140,000 Macs remain infected with the malware. Meanwhile, Black Hats have started moving away from their initial vehicle for delivering Flashback–a vulnerability in Java for the Mac–and have begun boobytrapping Microsoft Word documents to spread the Trojan.
“we discovered that it had a much more diverse target set than previously thought. Not only did the attackers target military research institutions in India, as earlier disclosed by Symantec, they also targeted sensitive entities in Japan and India as well as Tibetan activists. They used a diversity of infrastructure as well, ranging from throw-away free-hosting sites to dedicated VPSs. We also found that the Luckycat campaign can be linked to other campaigns as well. The people behind it used or provided infrastructure for other campaigns that has also been linked to past targeted attacks such as the ShadowNet campaign. Understanding the attack tools, techniques, and infrastructure used in the Luckycat campaign as well as how an individual incident is related to a broader campaign provides the context necessary for us to assess its impact and come up with defensive strategies in order to protect our customers.”
As per the report, there are close to 5,000 malicious apps in the Android marketplace!
Trends in Targeted Attacks
Targeted attacks that exploit vulnerabilities in popular software in order to compromise specific target sets are becoming increasingly commonplace. These attacks are not automated and indiscriminate nor are they conducted by opportunistic amateurs. These computer intrusions are staged by threat actors that aggressively pursue and compromise specific targets. Such attacks are typically part of broader campaigns, a series of failed and successful compromises, by specific threat actors and not isolated attacks. The objective of the attacks is to obtain sensitive data.
Targeted attacks remain a high priority threat that is difficult to defend. These attacks leverage social engineering and malware that exploits vulnerabilities in popular software to slip past traditional defenses. While such attacks are often seen as isolated events, they are better conceptualized as campaigns, or a series of failed and successful intrusions. Once inside the network, the attackers are able to move laterally in order to target sensitive information for ex-filtration.
The impact of successful attacks can be severe and any data obtained by the attackers can be used in future, more precise attacks. However, defensive strategies can be dramatically improved by understanding how targeted attacks work as well as trends in the tools, tactics and procedures of the perpetrators. Since such attacks focus on the acquisition of sensitive data, strategies that focus on protecting the data itself, wherever it resides, are extremely important components of defense. By effectively using threat intelligence derived from external and internal sources combined with context-aware data protection and security tools that empower and inform human analysts, organizations are better positioned to detect and mitigate targeted attacks.