AVG (AU/NZ) presents the ‘AVG Community Powered Threat Report - Q3 2011’, a quarterly analysis of trends and developments in the global online security threat landscape.
AVG (AU/NZ) is the Australian, New Zealand and South Pacific distributor of the award-winning AVG Internet and mobile security software.
This quarter’s online security report focuses on the risks associated with digital wallets, using mobile phone operators to collect money and Android Trojans.
Speaking at the ‘Maneuvering in Cyberspace’ conference last month, Keith Alexander, director of the US National Security Agency informed attendees that the global cost of cybercrime was estimated to be US$1 trillion.
The e-crime unit of the UK Metropolitan Police, the PCeU is reported to have prevented over £140 million-worth of cybercrime in the UK over the last six months alone.
A recent report by the Ponemon Institute, a US-based information security policy research centre states that over the past year, the median cost of cybercrime increased by 56% and now costs companies an average of US$6 million per year.
Cybercrime has transformed from a mere digital form of vandalism into a serious criminal business now worth billions.
The latest AVG report focuses on some of the most notable cybercrime developments in the last quarter.
Stealing digital currency
Digital currency’s increased popularity has attracted the attention of cyber criminals who now aim to steal digital wallets from people’s computers. In June a digital wallet containing close to US$500,000 was stolen when someone broke into the victim’s computer and transferred most, but not all, of the money out of his wallet.
Outsourcing the hard part, collecting the money
Cyber criminals are moving beyond collecting credit card details to increasingly using mobile phone operators to do the collection for them. A Trojan installed on a victim’s smartphone can send premium SMS messages when the owner is asleep. Alternatively, a Facebook scam can be used to get hold of people’s phone numbers and sign them up for an expensive monthly phone charge.
A victim’s mobile operator will process the charges and transfer the money to the criminal organisation, even if they reside on the other side of the world. The victim could lose significant amounts of money if the charges are not noticed.
Eavesdropping on Android
Most Android malware focus on making money from premium SMS. A new Trojan investigated by AVG in July this year could record the victim’s phone conversation and SMS messages, sending them to the attacker’s servers for analysis to identify potential confidential data.
With Android taking almost 50% of the world’s smartphone market share, cyber criminals consider the platform an attractive target. The latest Android Trojan clearly demonstrates the power of modern mobile operating systems as well as the tremendous risk to unprotected mobile users.
Key findings in the AVG report:
- Rogue AV Scanner is currently the most active threat on the web
- Exploit Toolkits account for over 30% of all threat activity on malicious websites
- Angry Birds Rio Unlocker is the most popular malicious Android application
- The USA is still the largest source of spam, followed by India and Brazil
Well-organised criminal gangs are now letting mobile phone operators handle the money collection part by focusing on mobile phones and setting victims up for charges that will appear on their phone bill some time later.
Small amounts not only add up to tremendous volumes but may also go unnoticed by victims.
A recent report authored by the research agency The Future Laboratory (Cybercrime_Futures) reveals that while cyber criminals and malicious programs are becoming increasingly sophisticated and difficult to detect, users are alarmingly becoming the weakest link as they are less vigilant about mobile device security. The combination of these two factors presents a potentially disastrous cybercrime scenario.
JR Smith, CEO of AVG Technologies comments that it is important for the global society to find ways to arrest the current cybercrime trends and ensure protection for everyone.