Trend Micro’s Q3 security roundup report has revealed a steady rise in malicious links across Australia for 2014. Australians clicked on more than 45.5 million malicious links in the third quarter of 2014, up from 39 million in Q2 and nearly 27 million malicious links in Q1. This ranks Australia fifth in the world for countries with the highest number of visits to malicious sites after the US, Japan, France and Italy.
The report, titled “Vulnerabilities under attack: shedding light on the growing attack surface,” showed malware continued to be a threat throughout the country, with the number of malware detections in Australia at more than 14.4 million in Q3, up from 11.2 million in Q2 and 10.5 million in Q1.
The third quarter of 2014 saw a significant event with the new critical vulnerability, known as Shellshock, that threatened more than half a billion servers and devices worldwide. This major development, as well as an uptick in volume and sophistication of cyber-attacks is detailed in Trend Micro’s latest report, together with web platform and mobile app vulnerabilities that have broadened significantly, resulting in high-impact attacks on businesses and consumers alike.
“Our findings confirm that we are battling rapidly moving cybercriminals and evolving vulnerabilities simultaneously,” said Jon Oliver, Senior Software Architect Director at Trend Micro Australia and New Zealand. “With this fluidity, it’s time to embrace the fact that compromises will continue, and we shouldn’t be alarmed or surprised when they occur.”
“Preparation is key and as an industry we must better educate organisations and consumers about heightened risks as attacks grow in volume and in sophistication,” continued Oliver. “Understanding that cybercriminals are finding vulnerabilities and potential loopholes in every device and platform possible will help us confront these challenges so technology can be used in a positive way.”
In an effort to steal credit card information and money, the report also reveals that threat actors are targeting large retailers’ Point-of-Sale (PoS) systems to execute massive data breaches. Australia ranked fifth in the world for countries with the most PoS malware infections. This ongoing practice further indicates that PoS networks are highly accessible and vulnerable. Cyber thieves also utilised updated versions of older versions of popular malware and online banking malware to successfully target victims.
“This Q3 report is a clear indication that Australian consumers still need to be educated about their online vulnerability, especially as cyber threats become more complex,” said Tim Falinski, Director, Consumer, Australia and New Zealand at Trend Micro. “Considering Australia was ranked fifth in the world for countries with the most point-of-sale malware infections, consumers need to be extra vigilant heading into the holiday shopping season and new year sales, which is typically a time of year that sees an increase in cybercrime.”
Australia was also ranked third in the world for countries with the most number of affected endpoints to Command and Control (C&C) Servers, after the US and Japan.
The report dissects vulnerabilities, such as Shellshock, which threatens popular operating systems, including Linux, UNIX and Mac OS X. The surprising discovery of the Shellshock vulnerability emerged after going unnoticed for more than 20 years, suggesting the likelihood of more long, undiscovered vulnerabilities lurking within with operating systems or applications.
Vulnerabilities in mobile platforms and apps are also proving to be a greater challenge. As in previous quarters, the report cites that significant and critical vulnerabilities were found in mobile platforms, such as Android. Exploit kits were highly utilised in Web platforms and provided cybercriminals another resource to compromise victim’s systems.
Report global highlights include:
– Online banking malware infections rose from 112k in Q2 to 137k in Q3
– Number of phishing URLs blocked surges to 721k in Q3, up from 138k in Q2
– Cumulative Android threat volume reached 3.5M in Q3
For the complete report, please visit: http://www.trendmicro.com.au/cloud-content/au/pdfs/securityintelligence/reports/rpt-vulnerabilities-under-attack.pdf
A blog post regarding the report can be viewed here: http://blog.trendmicro.com/vulnerabilities-attackshedding-light-growing-attack-surface/