A hacker's work is never done. According to new data from McAfee, scammers continue to hone their craft, turning in recent months to exploits like password-stealing trojans, malicious URLs, and mobile malware.
Hackers who previously only targeted the financial industry are turning their attention to other sectors, while new tactics and technologies are successfully bypassing traditional security measures, McAfee said in a new report that examined the top threats from the fourth quarter.
"We are seeing attacks shifting into a variety of new areas, from factories, to corporations, to government agencies, to the infrastructure that connects them together," Vincent Weafer, senior vice president of McAfee Labs, said in a statement.
"This represents a new chapter in cybersecurity in that threat-development, driven by the lure of financial industry profits, has created a growing underground market for these cybercrime weapons, as well as creative new approaches to thwarting security measures common across industries."
McAfee identified a few trends that have emerged in the past few months, including password-stealing trojans, which were up 72 per cent in Q4.
"Cyber criminals realised that user authentication credentials constitute some of the most valuable intellectual property stored on most computers," McAfee said.
Evidence suggests that the Citadel trojan, which targeted dozens of banks back in October, is being deployed beyond the financial services sector, McAfee said.
Meanwhile, web-based attacks appear to be relying more on malicious URLs than botnets, lately. The number of suspicious URLs were up 70 per cent in Q4, for an average of 4.6 million per month. About 95 per cent of these URLs hosted malware, codes, or exploits designed to compromise computers. Apple and Facebook recently fell prey to web-based malware, though the companies said the incidents did not result in the theft of personal data.
The decline of botnets, McAfee said, was mostly related to law enforcement efforts to take them down. Back in December, for example, the FBI and US DoJ arrested 10 people associated with an international cyber crime ring that targeted Facebook users via the Butterfly Botnet.
McAfee also noted an increase in the use of infections that were embedded deep within a PC's operating system, quietly capturing information or launching attacks on other PCs. Dubbed Master Boot Record (MBR) attacks, they "represent a relatively small portion of the overall PC malware landscape, [but] McAfee Labs expects them to become a primary attack vector in 2013."
Finally, smartphones and tablets are still a popular target, with McAfee finding 44 times the number of mobile malware samples in 2012 than it did in 2011. That means 95 per cent of all mobile malware samples appeared last year.
"Cybercriminals are now dedicating the majority of their efforts to attacking the mobile Android platform, with an 85 per cent jump of new Android-based malware samples in Q4 alone," McAfee said. "The motivation for deploying mobile threats is rooted in the inherent value of the information found on mobile devices, including passwords and address books, as well as new 'business' opportunities that are not available on the PC platform."
That includes SMS-based attacks that wind up charging people for each message sent. More details are available in McAfee's recent mobile security report.
For more on mobile security, make sure to check out the "Android mobile security: what's the best bet?" feature.