In a new report examining the threat landscape over the third quarter, PandaLabs researchers found that five million new malware samples were created from July through September, including a peak of new trojans.
In fact, three out of every four new strains created during the quarter was a trojan, the preferred category by which cybercriminals carry out the theft of information.
Among the report’s other findings, the Anonymous group continues making headlines, albeit not for its hacktivist actions, but for the arrest of some members – 15 in Italy, 16 in the Unites States – for their alleged role in the theft of data or disruption of websites, including PayPal.
But, the report pointed out that the actions of Anonymous expose glaring holes in the security postures of the companies they managed to infiltrate – revealing user passwords in plain text in their hack of Universal Music, for example, or servers without anti-virus protection, as in their intrusion intodefense contractor Booz Allen Hamilton.
Despite the arrests, however, the reports said Anonymous seems to have redoubled its efforts, posting links to two NATO confidential documents and stealing more than eight gigabytes of data from Italy’s National Center for Computer Crime and the Protection of Critical Infrastructure. As well, the group continues stealing and then publishing personal information of police officers in retaliation for actions it deems offensive, and breaking into the databases of Vanguard Defense Industries, another defense contractor.
Regardless of the number of arrests, the threat of cybercrime continues to be present throughout the globe, the report found.
International cooperation is the key to fighting the scourge, the researchers said. As many of these assaults cross geographic boundaries, a unified response necessitating law enforcement agencies to partner with peers across national borders is the way to make headway.
On the mobile side, PandaLabs witnessed a significant growth in the amount of malware written for Mac computers, with “increasingly sophisticated attacks that combine vulnerability exploitation and backdoor installation.”
In addition, Zitmo, a new variant of the nefarious Zeus banking trojan, began circulating on the Android platform, opening up users’ cell phones to exploitation, and subsequently allowing cyberthieves to harvest victims’ banking information and one-time passwords transmitted by the banks.
Further, the report found that the Android platform itself has security flaws in allowing the storing of email passwords on the phone’s file system, in plain text with no encryption.
“This makes it an easy target for criminals, who can easily extract all passwords once they have hacked into the device,” the researchers wrote.