The third quarter saw a significant event with the new critical vulnerability, known as Shellshock, that threatenedmore than half a billion servers and devices worldwide.
This major development, as well as an uptick in volume and sophistication of cyber-attacks are detailed in Trend Micro Incorporated’s (TYO: 4704; TSE: 4704) latest quarterly security roundup report, “VulnerabilitiesUnder Attack:Shedding Light on the Growing Attack Surface.”The reportalso reveals web platform and mobile app vulnerabilities that have broadened significantly, resulting in high-impact attacks on businesses and consumers alike.
In the Middle East, the top threat is adware, while the region saw 1.5 million malware detections in Q3 2014. Online banking malware, ransomware, malicious websites and mobile apps continue to present high risk. Email reputation queries (spam email) totalled 24 million in Q3 2014, including 14 million in the Kingdom of Saudi Arabia, 8 million in the UAE, and 2 million in the rest of the Middle East.
“Our findings confirm that we are battling rapidly moving cybercriminals and evolving vulnerabilities simultaneously,” said Raimund Genes, CTO, Trend Micro. “With this fluidity, it’s time to embrace the fact that compromises will continue, and we shouldn’t be alarmed or surprised when they occur.”
“Preparation is key and as an industry we must better educate organizations and consumers about heightened risks as attacks grow in volume and in sophistication. Understanding that cybercriminals are finding vulnerabilities and potential loopholes in every device and platform possible will help us confront these challenges so technology can be used in a positive way,” added Raimund Genes.
The report dissects vulnerabilities, such as Shellshock, which threatens popular operating systems, including Linux, UNIX and Mac OS X. The surprising discovery of the Shellshock vulnerability emerged after going unnoticed for more than 20 years, suggesting the likelihood of more long, undiscovered vulnerabilities lurking withinwithoperating systems or applications.
Vulnerabilities in mobile platforms and appsare also proving to be a greater challenge. As in previous quarters, the report cites that significant and critical vulnerabilities were found in mobile platforms, such as Android.Exploit kits were highly utilized in Web platforms and provided cybercriminals another resource to compromise victim’s systems.
In an effort to steal credit card information and money, the report also reveals that threat actors are targeting large retailers’ Point-of-Sale (PoS) systems to execute massive data breaches. This ongoing practice further indicates that PoS networks are highly accessible and vulnerable. Cyber thieves also utilized updated versions of older versions of popular malware and online banking malware to successfully target victims.