Examining the patterns taken from data collected in the aftermath of more than 140 million blocked infection attempts, security vendor Trend Micro says that targeted attacks against individuals and organizations are on the rise.
According to the data, focused attacks against SMBs – as apparent from the types of attempts blocked by Trend Micro – increased 27% in Q2 2012 when compared to last quarter’s figures. Trend Micro’s report also outlines increasingly sophisticated attacks against individuals in the form of ATS (Automatic Transfer System) attacks. Large organizations weren’t exempt either.
The IXESHE attack campaign, which has existing since at least July 2009, showed cybercriminals stepping up their tactics to gain access to large multinational corporations without notice. Trend found that IXESHE has been targeting East Asian governments, electronics manufacturers, and telecommunications companies, and has used compromised servers housed inside targeted organizations as command-and-control (C&C) servers.
In late May, Tom Kellermann, vice president of cybersecurity at Trend Micro, told SecurityWeek that the technique of using compromised servers as C&C servers is being adopted by elite hacker crews, and he rated the sophistication of the IXESHE campaign as a 9.3 out of 10.
Other data from Trend’s Q2 report includes the rise of malicious Android applications in Q2 2012, marking a 300% increase when compared to last quarter. Moreover, ransomware attacks are making a comeback, but the mainstays (Blackhole Exploit Kit) are still proven methods of victimization for cybercriminals.
“Cybercriminals are cherry-picking their targets to launch more successful campaigns,” the report notes. “Based on Trend Micro observations this quarter, cybercriminals are poised to become more aggressive, using more sophisticated tools like automatic transfer systems (ATSs) and the Blackhole Exploit Kit to enhance the power of their respective ZeuS, SpyEye, and other botnets.”
The report also makes note of how Pinterest has become the social media platform of choice among criminals in Q2 2012; and examines the top 5 social engineering lures being used across all social networking sites, including Diablo 3, Instagram Android, Angry Birds Space, the London 2012 Olympics, and Tibet.
Trend’s Q2 2012 report is available here.