Welcome!

News Feed Item

F-Secure Deems 2012 the Year of the Exploit Kit

Strong Passwords Are Important but, as Detailed in F-Secure's Latest Threat Report, a Commoditized and Professional Malware Industry Brings Its Own Challenges

SAN JOSE, CA -- (Marketwire) -- 02/05/13 -- Business is booming for exploits, mobile malware is still dominated by Android and Symbian, and botnets are back and retooled, according to the new Threat Report H2 2012 from F-Secure Labs. Released in conjunction with Safer Internet Day, the report also provides tips for managing the cumbersome yet necessary problem of passwords.

"The world of malware today is commoditized and professionalized," said Mikko Hypponen, Chief Research Officer at F-Secure. "We saw this especially in the second half of last year in the form of more standardization of vulnerability exploitation and the increased use of automated exploit kits."

Exploit kits and old software vulnerabilities

2012 saw the exploitation of software vulnerabilities become the most popular way to gain access to a user's machine. In the second half of the year, exploit-related detections accounted for 28 percent of all detections, with 68 percent of those related to vulnerabilities in Java.

The majority of exploits detected were related to four vulnerabilities (two Windows and two Java), most likely a result of the fact that today's popular exploit kits, BlackHole and Cool Exploit, include exploits for these vulnerabilities. All of these vulnerabilities were reported in the last two years and have already had security patches released by their vendors -- a reminder of the importance of keeping software updated.

"Criminals in the malware system each handle their own little niches, their own little links in the chain," said Sean Sullivan, Security Advisor at F-Secure. "And exploits are the first link. They're how the criminals get in the door."

Mobile malware in numbers: Samples, or families and variants?

Android malware accounted for 79 percent (238) of all new, unique mobile malware variants in 2012, a number that speaks to the platform's domination of the mobile market. Symbian took up the next largest share, with 19 percent of detected variants.

2012 witnessed security vendors exclaiming about the growth of Android malware samples, from tens to hundreds of thousands, depending on the report. While sample count has increased, F-Secure Labs resists focusing merely on them, "as samples just represent the outer layer of the malware package," stated Sullivan.

"On the inside it's still the same malware family, but there can be a myriad of different ways to dress it up to try to disguise it. We instead prefer to focus on the number of families and variants." Sullivan points out that growth in malware samples is evidence of commoditization and automation on the production side, not necessarily of more malware families in the wild.

"At F-Secure, we have a more holistic understanding of the security landscape, that it cannot be dependent on merely one data point," commented Sullivan. "To base a security analysis on a single data point is either foolish, or marketing hype."

Botnets, banking trojans and the problem of passwords

Botnets, which had been handicapped in recent years by efforts from players in various affected fields, resurfaced in 2012 with new packaging and different methods. New business models like "rent-a-botnet" schemes are flourishing, where cybercriminals rent a whole network of infected computers and use it to perform their attacks. ZeroAccess, the fastest growing botnet, infected millions of computers globally in 2012, with up to 140,000 unique IPs in the US and Europe. Botnet Zeus, which is also a banking trojan, continues to reign, with the United States, Italy and Germany as the most affected countries.

The password, as the report says "is dead and we all know it." Strong enough passwords are often too cumbersome to remember, and complicating matters, a separate password should be used for each account. Even strong passwords can be reset with the right social engineering tactics. But until a better solution comes along, the report offers tips for safe password management.

For more details on the latest trends in threats, see F-Secure's Threat Report H2 2012.

More information: http://www.f-secure.com/en/web/home_us/

How do I remember strong passwords?
http://safeandsavvy.f-secure.com/2013/01/21/how-do-i-remember-strong-passwords/

Safe Banking - Part 1: Strong Passwords
http://youtu.be/FkBJOW9fnNg

F-Secure - Protecting the irreplaceable

While you concentrate on what is important to you, we make sure you are protected and safe online whether you are using a computer or a smartphone. We also backup and enable you to share your important files. Our services are available through over 200 operators around the world and trusted in millions of homes and businesses. Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | facebook.com/f-secure

Add to Digg Bookmark with del.icio.us Add to Newsvine

Press contact:

Melanie Lombardi
LEWIS PR for F-Secure
+ 1 (415) 432-2400
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
As enterprise cloud becomes the norm, businesses and government programs must address compounded regulatory compliance related to data privacy and information protection. The most recent, Controlled Unclassified Information and the EU’s GDPR have board level implications and companies still struggle with demonstrating due diligence. Developers and DevOps leaders, as part of the pre-planning process and the associated supply chain, could benefit from updating their code libraries and design by in...
"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when it comes to hybrid IT," explained Michael Fuhrman, Chief Technology Officer at Peak 10, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
"We are an IT services solution provider and we sell software to support those solutions. Our focus and key areas are around security, enterprise monitoring, and continuous delivery optimization," noted John Balsavage, President of A&I Solutions, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.