Zeus 2.1 (P2P Zeus, Gameover Zeus) Chrome Citadel In 2012 Citadel and Zeus 2.1 (aka P2P Zeus, Gameover Zeus) began targeting Google Chrome with Man-in-the- Browser (MitB) attacks Why it's dangerous: Why it's dangerous: The emergence of malware targeting the Google Chrome browser MOST DANGEROUS MALWARE TRENDS OF 2013 DANGER DANGER DANGER DANGER DANGER DANGER DANGER Detection-aware malware targeting enterprises The emergence of native 64-bit Windows malware Big increase in new and modified financial malware families In 2012, the number of completely new financial malware families almost doubled from 3 in 2011 to 5 in 2012. It’s important to note that many different configurations (variants) can exist within one malware family. We expect this trend to continue with even more new malware families introduced next year. In 2012, the four phases of the malware lifecycle (incubation, outbreak, botnet and retirement) among the variants we investigated accelerated significantly compared to 2011. Because security products continue to improve detection, the window of opportunity for malware to remain undetected is decreasing. The incubation and outbreak phases decreased from one month or more in 2011 to approximately two weeks in 2012. We expect this time frame to shrink even further next year. 2011 2012 2013 5 3 Malware families 8 In 2012, financial and non-financial malware variants that could detect virtualization, debugging, sandboxing, and monitoring processes on the host machine became more prevalent. For example, a recent Shylock variant will not install when it detects a Remote Desktop session, most likely to avoid detection in a “lab” environment. Why it's dangerous: These capabilities present a serious threat to virtual machine-based detection and protection products, since the malware would appear to be harmless to these security tools. Malware lifecycle is accelerating In 2012, we began seeing financial malware developing native 64-bit Windows capabilities 64 bit 32 bit VS + Lifecycle i n c u b a t i o n o u t b r e a k b o t n e t r e t i r e m e n t 2011 2012 2013 2 1 3 4 5 32-bit malware is handicapped when it runs on 64-bit machines. That’s because the 32-bit malware cannot see or penetrate the “native” 64-bit system processes it uses to evade detection. As malware variants start supporting 64-bit processes, they will once again be difficult to detect on 64-bit machines. Why it's dangerous: The faster the malware lifecycle, the more difficult it is for security products to detect, block and remove malicious software. In an accelerated lifecycle environment, the fraud is already committed before traditional anti-virus/anti-malware products discover the malware. Why it's dangerous: More financial malware families mean more infections, longer detection times, and consequently more financial fraud incidents. Google Chrome is no longer immune to MitB malware

INFOGRAPHIC: 5 Most Dangerous Malware Trends of 2013

Download PDF Report

Upload
ibm-security-systems
View
616
Download
1

Embed Size (px)

DESCRIPTION

The five most dangerous malware trends of 2013: http://securityintelligence.com/5-dangerous-trends-malware-2013/

Citation preview

Page 1: INFOGRAPHIC: 5 Most Dangerous Malware Trends of 2013

Zeus 2.1(P2P Zeus, Gameover Zeus)

ChromeCitadel

In 2012 Citadel and Zeus 2.1 (aka P2P Zeus, Gameover Zeus) began targeting Google Chrome with Man-in-the-Browser (MitB) attacks

Why it's dangerous:

The emergence of malware targeting the Google Chrome browser

MOST DANGEROUSMALWARE TRENDS OF

2013DANGER DANGER

DANGER DANGER

DANGERDANGER

DANGER

Detection-aware malware targeting enterprises

The emergence of native 64-bit Windows malware

Big increase in new and modified financial malware families

In 2012, the number of completely new financial malware families almost doubled from 3 in 2011 to 5 in 2012. It’s important to note that many different configurations (variants) can exist within one malware family. We expect this trend to continue with even more new malware families introduced next year.

In 2012, the four phases of the malware lifecycle (incubation, outbreak, botnet and retirement) among the variants we investigated accelerated significantly compared to 2011. Because security products continue to improve detection, the window of opportunity for malware to remain undetected is decreasing.The incubation and outbreak phases decreased from one month or more in 2011 to approximately two weeks in 2012. We expect this time frame to shrink even further next year.

2011

2012

2013

Malware families

In 2012, financial and non-financial malware variants that could detect virtualization, debugging, sandboxing, and monitoring processes on the host machine became more prevalent. For example, a recent Shylock variant will not install when it detects a Remote Desktop session, most likely to avoid detection in a “lab” environment.

Why it's dangerous:These capabilities present a serious threat to virtual machine-based detection and protection products, since the malware would appear to be harmless to these security tools.

Malware lifecycle is accelerating

In 2012, we began seeing financial malware developing native 64-bit Windowscapabilities

64bit32

bit

VS +

Lifecycle

incubation

outbreakbotnet

retirement

2011 2012 2013

32-bit malware is handicapped when it runs on 64-bit machines. That’s because the 32-bit malware cannot see or penetrate the “native” 64-bit system processes it uses to evade detection.

As malware variants start supporting 64-bit processes, they will once again be difficult to detect on 64-bit machines.

Why it's dangerous:

The faster the malware lifecycle, the more difficult it is for security products to detect, block and remove malicious software.

In an accelerated lifecycle environment, the fraud is already committed before traditional anti-virus/anti-malware products discover the malware.

Why it's dangerous:

More financial malware families mean more infections, longer detection times, and consequently more financial fraud incidents.

Google Chrome is no longer immune to MitB malware