Malnets to Continue Targeting Mobile Devices in 2013

Cybercriminals tested the water in 2012 with malnets — collections of domains, servers and websites designed to deliver malware -– and appear poised to target mobile devices even more so in 2013, according to a new report released yesterday.

Cybercriminals tested the water in 2012 with malnets — collections of domains, servers and websites designed to deliver malware -– and appear poised to target mobile devices even more so in 2013, according to a new report released yesterday.

Blue Coat Systems’ 2013 Mobile Malware Report (PDF) posits that what they call malnets will continue to revolutionize the way criminals distribute attacks since the infrastructure behind them is already in place. The report cites three particular malnets: Criban, along with two that have recently shuttered: Narid and Devox, for spreading malware on mobile devices exclusively in 2012.

The security firm sounded the alarm on malnets around this time last year, predicting they’d contribute to two thirds of online attacks in 2012. In this year’s report however, Blue Coat notes that in 2012 malnets were in more of an “experimental phase.” That’s not to say their prediction was far off. Malnets may not have totaled two thirds of attack vectors but still made a big showing. Forty percent of the mobile malware Blue Coat claims its WebPulse service blocked last year came from malnets such as Criban and Narid. Overall, mobile traffic to malnets jumped to two percent and according to the report, is further evidence they’re set to make an continued impact in 2013.

Malnets first popped up in 2011 but it wasn’t until February 2012 that infections started to ramp up. It was then that the cybercriminals behind malnets became more skilled at dodging antivirus programs. According to the firm, one attack that emanated from a malnet in September 2012 tricked users into downloading a phony Android version of Skype and at the time, only 10 of the 41 antivirus engines in the free malware scanning website Virustotal acknowledged the attack.

Beyond malnet analysis, the report said pornographic sites and suspicious-looking domains peddling fake downloads and PDFs continue to act as surefire gateways to malicious content. Meanwhile, malware propagating through the Android platform continued to rise as well, with the firm’s Security Labs division reporting a 600 percent increase through 2012.

Blue Coat Mobile Malware Report

The Android numbers are more or less in line with a report released this week by Canadian security firm Kindsight Security that predicts the platform will move from an “emerging threat” to a “new level” this year. While it’s not entirely clear that that level is, when looking at aggregated numbers from the last quarter of 2012, the firm found that Android malware sample numbers remain on the rise, increasing by 5.5 times from Q3 to Q4.

The report also goes on to cite a 67 percent increase in high threat level malware on mobile networks from Q3 to Q4. Like Blue Coat, the firm credits much of the increase to mobile spyware, Android malware and the further proliferation of the Bring Your Own Device (BYOD) policy in workplaces.

As it does every year, Blue Coat’s Mobile Malware Report bases its findings on “real-time requests” from the company’s 75 million users worldwide while Kindsight’s report arrives at its numbers by monitoring networks where its Mobile Security solution is deployed.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.