News

Ransom Attacks Spreads to Mobile

The first half 2014 saw an increase in online attacks that lock up user data and hold it for ransom – even on mobile devices. According to F-Secure Labs’ brand new Threat Report H1 2014, rising numbers of attacks from malicious software known as ransomware underscore the importance of data security for home, enterprise and government users. Ransomware demands payment of a sum in exchange for unlocking a user’s files.

On the mobile front, in Q2 of 2014, 295 new threat families and variants were discovered – 294 on Android and one on iOS. That’s up from the first quarter, during which 277 threats were discovered, 275 targeting Android. The top Android threats in Q2 were Trojans that either send SMS messages to premium numbers, or harvest data from a device and forward it on to a remote server. The Slocker malware reported in June, which pretends to be a legitimate app, was the first ransomware to appear on the mobile platform.

In PC threats, of the Top 10 detections, the largest share (31%) were of the six-year-old Downadup/Conficker worm. The worm has infected millions of computers in over 200 countries. This worm’s long life is mostly due to computers that run old software – illustrating the importance of keeping a computer’s software up to date so that old security flaws will be patched.

New Mac malware continues to surface. 25 new Mac threat variants were discovered in the first half of 2014, some of which were used in targeted attacks against organisations. That’s up from 18 discovered in July-December of last year, but lower than the 33 discovered in H1 of last year.

Mikko Hypponen, chief research officer, and Sean Sullivan, security advisor, both of F-Secure Labs, discussed the first half of the year’s events in a webinar on Friday. They also discussed the Havex trojan, which F-Secure researchers in June revealed was targeting industrial control systems.

“Details emerged earlier this year that paint a fascinating picture of crime-based malware evolving into espionage-ware,” says Sullivan. “The bad guys out there are targeting far more that credit cards these days. Everything is of interest and there are likely a significant number of buyers for corporate data.”