Our global research team, McAfee Labs™, is constantly on the lookout for new and evolving security threats. Each quarter, the most notable trends are compiled into a report, and this quarter we’ve got both good new and bad news. The bad news? As shown in the McAfee Labs Threats Report: Third Quarter 2013, a majority of threats are on the rise. The good news? We’ve got solutions to help you avoid them. Below I’ll share some of the report’s more prominent findings, as well as some helpful tips of avoidance.
Mobile malware is up by 33%
This quarter, the count of mobile malware increased by one-third, to more than 680,000 samples. Android-focused threats made up the bulk of mobile malware, while issues targeting Apple’s iOS and other mobile operating systems are much less pervasive. If you’ve got an Android device, there are several measures you can take to avoid falling victim to mobile malware.
- Stick to the official Google Play store when downloading apps. Most mobile malware comes from apps, so take extra caution before adding a new app to your device. Unlike third party app stores, Google checks all apps for malicious intent prior to approving them for download. Play it safe and only download apps from Google Play.
- Update your Android OS. In August 2013, the Department of Homeland Security published a report on the dangers of operating on an outdated version of the Android OS, stating that it significantly increased the likelihood of contracting malware. Depending on if your mobile carrier allows for it, updating your OS can immediately improve the security of your device.
- Check app permissions. Apps that request too much access to your social networks, contacts, and other such information are oftentimes malicious. Pay attention to the permissions an app is asking for access to when you install the app and if it’s asking for more permissions than it needs, consider removing it from your device.
Suspicious URLS represent nearly 50% of all malicious online activity
Despite the increase in mobile attacks, cybercriminals still largely prefer their native stomping ground—the browser-based web. The number of suspicious URLs found by McAfee Labs rose by 14% in Q3, surpassing a total of 85 million. The majority of these suspicious URLs (94%) host malware, malicious code, or other exploits that have been specifically designed to compromise computers.
Also on the rise this quarter? Spam. In September alone, McAfee Labs saw a total of 4 trillion spam messages sent, the highest figure seen since 2010. Despite this global increase, there is a silver lining for US residents: the volume of spam in the United States has been on a steady decline since this time last year. How can you protect yourself from the various browser-based threats that cybercriminals continue to master?
- Double check the URL of the webpage you’re visiting. Often times cybercriminals create malicious websites that are just one or two characters off from an official, well-known site. Double check the spelling of URLs and consider using a safe search tool like McAfee® SiteAdvisor®, part of the McAfee LiveSafe™ service that works on PCs, Macs, and Android devices.
- Never click links from unknown senders. Creators of spam messages lure victims into clicking a link, only to lead them to a website that infects their device with malware. Never open links sent from strangers or via text messages from unknown numbers.
Digital dollars continue to make the news
I’ve written several times this quarter about the increasing pervasiveness of virtual currency. Bitcoin, an online form of cash most notoriously known for its use in purchasing illegal drugs, weapons, and other illicit items on the Internet’s black market, has had a big year—and an especially big Q3.
From the emergence of the first ever Bitcoin automated teller machine (ATM) to one of the biggest Bitcoin heists in the currency’s history—we’ve been following its adoption across the web—and the security threats that come along with it. The proliferation of Bitcoin and other unregulated virtual currencies helps fuel the growth in cybercrime with targeted attacks on financial exchanges and malware developed to target digital wallets. If you’re dabbling in digital currency, follow the below tips to stay safe while navigating these relatively uncharted waters.
- Forget anonymity. Though anonymity is a huge sell for many on the Bitcoin bandwagon, be sure to obtain the true identity of a user prior to conducting any Bitcoin transactions.
- Keep your bank account out of it. If you intend to invest in any sort of virtual currency, do so using PayPal or a money order—not your bank account.
- Store Bitcoins on an external hard drive. Cybercriminals can hack their way in and steal your precious digital dollars from devices that are connected to the Internet. Keep those valuable Bitcoins secure by storing them offline.
AutoRun malware is on the rise
AutoRun threats are particularly problematic as they can allow an attacker to take complete control of a system through something as small as a USB drive. AutoRun malware usually comes from external USB or hard drives and as soon as you attach the drive to your computer or mobile device, it runs automatically, even if you don’t open anything on the drive or click on any file in it. Instances of this malware doubled at the start of 2013 and remained high in Q3, with more than 700,000 new samples discovered. Despite the stealth of these threats, there remain ways to protect yourself and your devices from a hostile takeover.
- Don’t plug unknown USB or external hard drives into your computer. Because AutoRun threats often find their way onto devices using external drives as a vessel, be sure that the items you’re plugging into your computer are trusted.
- Install comprehensive security software. Many of this quarter’s biggest threats can be avoided by installing a comprehensive security solution like McAfee LiveSafe. This comprehensive solution will guard smartphones, tablets, PCs, and Macs from malware and other malicious threats. Visit our site for a complete list of product offerings, learn how this service can guard your identity and data, and begin protecting all of your devices today.
While our quarterly threats reports help provide a summation of the biggest and baddest online security trends, we like to keep our customers current on a day-to-day basis as well. For the latest in consumer security news, be sure to follow @McAfeeConsumer on Twitter and Like us on Facebook.