Kaspersky Lab released its annual Kaspersky Security Bulletin, which
provides the overall malware and cyber-threat statistics for 2012. The
data analyzed in the report was obtained using the Kaspersky Security
Network (KSN), the cloud-based infrastructure used by Kaspersky Lab
products to report telemetry and to deliver instant protection in the
forms of blacklists and heuristic rules, which are designed to catch the
newest threats. The 2012 report revealed significant growth of
Mac-specific malware and an explosive growth in the number of threats
targeting the Android platform. Overall, Kaspersky Lab's products
detected and blocked more than 1.5 billion web-based attacks in 2012 and
more than 3 billion infected files.
At the present time Kaspersky Lab detects and blocks more than 200,000
new malicious programs every day, a significant increase from the first
half of 2012, when 125,000 malicious programs were detected and blocked
each day on average.
2012 Threats Overview
One of the most important news in the beginning of 2012 was the
discovery of Flashback, a 700,000 strong botnet comprised of infected
Apple computers running Mac OS X. The significant
outbreak was caused by a new variant of the Flashfake malware and
the security incident put an end to the perception of the Mac OS X
platform as being invulnerable to exploitation. In addition to
mass-malware, Mac OS X computers also became frequent victims of
targeted attacks. The main reason for this is that Apple products are
popular with many influential politicians and prominent businessmen, and
the information stored in the devices owned by these people is of
interest to a certain category of cybercriminals. In total, Kaspersky
Lab's antivirus experts created 30% more signatures to detect various
Mac Trojans in 2012 compared to 2011.
Another key trend of 2012 is the continued rapid growth of Android
malware. The Android platform has firmly established itself as the
main point of interest for cybercriminals. Although malicious programs
for other mobile platforms, such as Symbian, Blackberry or J2ME, are
still being developed, 99% of newly discovered malicious programs
targeted the Android platform. Despite attempts by Google to introduce
its own anti-malware technology, malicious applications continue to
appear in the official Google Play store. In 2012 the first incident
with an ambiguous app collecting the address book data and sending spam was
recorded at Apple App Store as well. Just like traditional PCs,
mobile devices are now targeted with high-profile cybercriminal
operations, including targeted attacks and creating "mobile" botnets.
In 2012 Kaspersky Lab's products blocked an average of more than 4
million browser-based attacks every day, with the total number web-based
attacks surpassing 1.5 billion for the year. The most frequently used
technique for attacking users online is exploiting vulnerabilities in
programs or applications. Throughout the year Kaspersky Lab's experts
registered both large-scale and targeted attacks utilizing vulnerable
software, with Oracle Java being the most frequently targeted (50% of
attacks). Adobe Reader ranked second (28%) and Adobe Flash player
occupies the fourth place with only 2% share, thanks to efficient
automatic updating system that promptly closes security holes. In
addition, some of the exploits actively used targeted older
vulnerabilities that still existed in various Windows operating systems.
One of the explanations for this is that older versions of Windows are
still actively used. For example, share of computers with Windows XP in
2012 was 44%, compared to 63% in 2011 - not a significant drop given
Windows 7 has been available for three years and Windows 8 was recently
released this year.
More than 3 billion malware incidents were detected and blocked by
Kaspersky Lab's software on users' local hard drives and external
storage. In total, 2.7 million unique modifications of malware and
potentially unwanted programs attempting to launch on users' computers
were detected during these incidents. The majority of local infections
were blocked by Kaspersky Lab's behavior-based heuristic technology. It
is notable that different versions of years-old Kido (Conficker) and
Sality are still present in the list of the most frequently blocked
malware. Overall, the number of new malicious applications has increased
rapidly: in the first half of 2012 Kaspersky Lab recorded an average
number of 125,000 new malware every day. Toward the end of the year this
figure has grown to 200,000.
Servers located in the United States were the most frequently used to
host and deliver malicious objects (25.5% of all incidents). Russia
occupies the second place with 19.6% followed by the Netherlands,
Germany and the United Kingdom. This is a significant change compared to
years past: in 2010 the majority of malware was hosted in China. Changes
in domain registration policies and other regulations taken by Chinese
authorities resulted in the rapid decline of malicious hosts originating
from the country. On the contrary, the United States, Russia and other
European countries have seen a major increase in the number of malicious
hosting sites as cybercriminals compromise legitimate online resources
in large quantities in addition to registering purely malicious websites.
Based on the number of blocked web attacks and local malicious files,
Kaspersky Lab's experts calculated the "risk level" for different
countries, defined as the share of attacked users. Russia and former
USSR republics occupy the top places in the web attacks chart, but 31
countries (including UK, Australia and Canada) in total have also joined
them in the "high risk" group. In these countries at least 41% of users
were attacked online in 2012. Bangladesh, Sudan, Malavi, Tanzania and
Rwanda form the top five countries where users are most frequently
attacked with local malware infections. 7 countries in total were
categorized as "maximum risk", where 75% or more users were at least
once attacked with a malicious file. Another 41% countries joined the
"high risk" group (56-75% of attacked users), including Indonesia,
Ethiopia and Kenya. In contrast, Denmark was deemed as the safest
country, as the country had the lowest rate of infected computers (15%).
Japan, Finland, Sweden and Czech Republic were the other countries
listed with the lowest infection rates.
Costin Raiu, Director of Global Research & Analysis TeamKaspersky
"What 2012 has shown is the strong inclination of cybercriminals to
steal data from all devices used by consumers and businesses, be it a
PC, Mac, smartphone or tablet. This is one of the most important trends
of 2012. We are also observing a strong increase in the overall number
of threats, affecting all popular software environments."
About Kaspersky Lab
Kaspersky Lab is the world's largest privately held vendor of endpoint
protection solutions. The company is ranked among the world's top four
vendors of security solutions for endpoint users*. Throughout its
15-year history Kaspersky Lab has remained an innovator in IT security
and provides effective digital security solutions for consumers, SMBs
and large enterprises. The company currently operates in almost 200
countries and territories across the globe, providing protection for
over 300 million users worldwide. Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and
trends, please visit www.securelist.com.
Follow @Securelist on Twitter. For the most up-to-date world security
news, visit www.threatpost.com.
*The company was rated fourth in the IDC rating Worldwide Endpoint
Security Revenue by Vendor, 2010. The rating was published in the IDC
report Worldwide IT Security Products 2011-2015 Forecast and 2010 Vendor
Shares - December 2011. The report ranked software vendors according to
earnings from sales of endpoint security solutions in 2010.
[ Back To NFVZone's Homepage ]