Google Analytics

Search This Blog

Thursday, November 12, 2015

Porn Presents the Greatest Threat For Malware Attacks

Nov 11, 2015 -

Blue Coat Systems, Inc. a market leader in today’s enterprise security announced an alarming hike in more malicious malware attacks. This includes from smaller scale, less disturbing attacks to serious personal ransomware (cyber blackmail) and undetectable inserts of spyware on devices with the intent to profile users’ buying behaviors.
Kenneth Chen, M.D, Blue Coat for ASEAN, Hong Kong & Taiwan

When Blue Coat recently compared the top categories of “infection vectors” from 2014 to 2015, it found that pornography was once again the number one threat vector, taking over from WebAds, which has dropped from almost 20 percent last year to less than five percent this year. The threats on porn sites include both malvertising attacks and sites that host Trojan horse apps.

“It certainly presents a problem whereby upon entering porn sites, users find that there is no easy way out once been exposed to malware attacks,” Chen expresses his concern over the increase in porn surfing activities from 16.55 percent in 2014 to over 36 percent this year. This potentially means that whenever we see a mobile user’s traffic heading to malicious sites, it is most likely 36 percent of the time that that user is following a link from a porn site.



The 2015 Blue Coat Mobile Malware Report highlights three types of malware users should be cautious of:

Potentially Unwanted Software (PUS)

This program typically behaves as “adware” or “spyware”, stalking on users’ online activity and personal data through deceptive advertising or socially-engineered attacks, designed to trick victim into installing these software, unwillingly or without their informed consent. Most junk mobile apps discovered on sites that host these software has been rising steadily which contributes a major shift in its volume within traditional malware and mobile space.

Ransomware

Thanks to the enhanced performance capabilities of smartphones, while some varieties only causes little damage beyond convincing victims to pay, “evil” ransomware resorts to more sophisticated approaches over the past years with the ability to render music files, photographs, videos and other document types unreadable. Such attack is characterized by SimpleLocker, an advanced cryptographic ransomware that allows cyber hostage-taker to demand untraceable form of payment (namely Bitcoin) within a strict time limit given before the files becomes permanently inaccessible to the owner.

Information Leakage

The most vital information of user such as phone’s operating system, manufacturer, specific apps or browsers visited can be stolen right under their noses when their mobile device is at 24/7 and 365-basis reporting and watch. Till today, no system tools can detect the incoming and outgoing data from their devices, however their leaky data will be openly revealed in the “User Agent” string, whether it’s an Android or iOS device.

Prepare Your Defenses against Malware Threats

To avoid these attacks, Blue Coat advocates the following tips and measures to strengthen corporate defenses:
  • Invest in visibility solutions from trusted security vendors that extend to mobile devices.
  • Create protected network such as Guest Wi-Fi with intelligent policies for employees and business guests to use instead of cellular data plans that bypasses corporate visibility.
  • Avoid downloading apps from unofficial sources such as free/cracked versions of popular apps, surfing porn, jailbreak (by overriding inherent security of your phone), and pay close attention to any warnings received especially when connected to free unsecured Wi-Fi networks.
  • Be wary of any suspicious activities indicated by your OS such as sudden installation of third party SSL certification on an Android which enables an unauthorized interception possible, especially in an environment where SSL interception takes place by policy.
  • “Press and hold” technique on your phone to reveal the true destination of on-screen links, like shortened URLs or phishing URLs.

No comments: