Phyllis Schneck, McAfee's public sector chief technology officer. (File photo: FedScoop)
After three straight quarters of increasing growth rates for malware and suspicious web addresses, cybercriminals reverted to tried and true methods of cyberattacks — spam, phishing, etc. — in the first quarter of 2013, according a McAfee’s quarterly report on cyber threats released Monday.
“Those old tools, they’re effective. Spam works,” said Brent Conran, McAfee’s chief security officer, after a press conference announcing the findings. In Q1, McAfee found the first increase in global spam volume in more than three years; it nearly doubled. “As we take down botnets and create more and more controls, the bad guys have to replace them," Conran said.
While the total number of malware samples McAfee found still increased in Q1 — up to 128 million — the growth rate slowed to 28 percent, down from 38 percent in the fourth quarter of 2012. Similarly, the overall amount of Android mobile malware samples and suspicious web addresses grew, but at a slower rate than during Q4 of last year.
According to the report, the lagging growth rate represents a cybercriminal community “becoming smarter and more disciplined as it develops a preference for targeted attacks.” The report called the trend, “a new and more dangerous direction.”
“This is seen as part of a much more global interlocked ecosystem,” said Phyllis Schneck, McAfee’s public sector chief technology officer. “Every part of one network is communicating with another part of a network.”
To replace thwarted cyberattacks, cybercriminals are going where the people are: social media. And they're increasingly using “spray and pray” spamming techniques, as Conran put it. In the first quarter, the presence of Koobface — a computer worm targeting social media users — tripled, after remaining flat through most of 2012.
According to a Nielsen report released in December, total time spent on social media sites overall in the United States increased 37 percent between July 2011 and July 2012. As of December, 17 percent of all time spent online via personal computer in the United States was spent on Facebook.
“You see an increase in hacking social media because people are there,” Conran said.
While the growth rate of mobile malware samples slowed in Q1, mobile malware is still “exploding,” Conran said. From almost nothing 18 months ago, total Android mobile malware samples nearly topped 50,000 in 2013’s first quarter, a 40 percent increase from 2012’s last quarter.
For now, the vast majority of mobile malware is focused on the Android market because it has the biggest footprint in the global market. The Android’s open platform (compared to Apple’s closed platform) also plays a role, Schneck said.
The open platform is “a lot more inviting and probably less expensive and risky to create something if you’re an adversary team,” she said. “The Mac side of the world has some vetting for their apps. Will that level off? Probably.”
Mobile and social are not the only new points of entrance for cyberattacks, the report emphasized. Public and private organizations need a “layered approach” to truly fend off new attacks before they enter the organization’s infrastructure. But, as Conran said, hacking is “going to go to places you’ve never imagined.”