AVG unveils global Community Powered Threat Report – Q3-2011
October 2011 by AVG
AVG Technologies, a provider of internet and mobile security, today presents the “AVG Community Powered Threat Report – Q3 2011”, providing insight, background and analysis on the trends and developments in the global online security threat landscape. Highlights in this quarter’s report are the risks of digital wallets, using mobile phone operators to collect money and how an Android Trojan records your calls.
· Last month, Keith Alexander, director of the US National Security Agency told attendees of the "Maneuvering in Cyberspace" conference that the global cost of cybercrime is estimated to be US$1 trillion. (1*)
· Last week, the PCeU -the e-crime unit of the Metropolitan Police- reported to have prevented over £140 million-worth of cybercrime in the UK over the last six months alone. (2*)
· A recent report by the Poneman Institute -a U.S. based information security policy research center- states that over the past year, the median cost of cyber crime increased by 56 percent and now costs companies an average of US$6 million per year. (3*)
Cybercrime has come a long way since it was mostly a digital form of vandalism. It has developed into a criminal business operated for financial gain and is now worth billions. In this report AVG focuses on some of the most notable cybercrime developments in the last quarter.
Stealing digital currency
Digital Currency has become very popular in a short time. Facebook Credits, Xbox Points, Zynga coins and Bitcoin now play a vital role in a multibillion dollar global gaming economy. Far from being just of virtual value, many of these currencies are actively traded for real currency. This has not gone unnoticed by cyber criminals, now aiming to steal digital wallets from people’s computers. In June a digital wallet containing close to US$500,000 was stolen when someone broke into the victim’s computer and transferred most, but not all, of the money out of his wallet.
Outsourcing the hard part, collecting the money
In a bid to outsource the hassle and risks of collecting the money, cyber criminals are moving beyond credit cards details and are increasingly using mobile phone operators to do the collecting for them. A criminal might install a Trojan on to a victim’s smartphone that sends premium SMS messages when the owner is asleep. They might use a Facebook scam to get hold of people’s phone numbers and sign them up for an expensive monthly phone charge. A victim’s mobile operator will process the charges and transfer the money to the criminal organization, even if they reside on the other side of the world. If and when a victim notices the charge and the mobile operator is alerted to stop processing payments, considerable amounts may already have been stolen. If the amounts are small enough, many victims may not even notice for months.
Eavesdropping on Android
With Android taking almost 50% of the world’s smartphone market share, it is no wonder that cyber criminals consider the platform an attractive target. Most Android malware focuses on making money from premium SMS. However, in July AVG investigated a Trojan that records a victim’s phone conversation and SMS messages and sends them to the attacker’s servers for analysis to identify potential confidential data. This clearly demonstrates the power of modern mobile operating systems but also the tremendous risks unprotected mobile users are open to.
Other key findings in the report:
· Rogue AV Scanner is currently the most active threat on the web
· Exploit Toolkits account for over 30% of all threat activity on malicious websites (‘Fragus’ is most popular, closely followed by ‘Blackhole’)
· Angry Birds Rio Unlocker is the most popular malicious Android application
· The USA is still the largest source of spam, followed by India and Brazil
“In Q3 we started to see a clear trend in cybercriminals shifting their focus to simplifying money collection,” said Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies. “Well-organized criminal gangs are now letting mobile phone operators handle the money collecting part by focusing on mobile phones and setting victims up for charges that will appear on their phone bill some time later. Not only is it a lot easier, it also scales to tremendous volumes making money by stealing small amounts from very large groups of victims.”
A recent report authored by the research agency The Future Laboratory (Cybercrime_Futures), reveals that while cybercriminals and malicious programs are becoming increasingly sophisticated and difficult to detect, users are, alarmingly, becoming the weakest link as they are less vigilant about protecting their online devices. The combination of these two factors presents a potentially disastrous cybercrime scenario.
JR Smith, CEO of AVG Technologies, said “It’s increasingly evident that each unprotected individual makes us all more vulnerable, so it’s vital that as a global society we find ways to address this trend and ensure that we are protected together. We’re securing people’s digital life, or as we like to say: Providing Peace of Mind to the Connected World.”