AVG unveils global Community Powered Threat Report

AVG unveils global Community Powered Threat Report — Q3-2011

Pickpocketing Digital Currency the new gold mine, criminals outsourcing money collecting to mobile operators and eavesdropping on Android

AUCKLAND and AMSTERDAM, 28 October 2011 — AVG (AU/NZ) Pty Ltd, the Australian, New Zealand and South Pacific distributor of the award-winning AVG Internet and mobile security software, today released the “AVG Community Powered Threat Report — Q3 2011”, providing insight, background and analysis on the trends and developments in the global online security threat landscape. Highlights in this quarter’s report are the risks of digital wallets, using mobile phone operators to collect money and how an Android Trojan records your calls.

• Last month, Keith Alexander, director of the US National Security Agency told attendees of the "Maneuvering in Cyberspace" conference that the global cost of cybercrime is estimated to be US$1 trillion. (1*)
• Last week, the PCeU — the e-crime unit of the UK Metropolitan Police — reported to have prevented over £140 million-worth of cybercrime in the UK over the last six months alone. (2*)
• A recent report by the Ponemon Institute — a U.S. based information security policy research centre — states that over the past year, the median cost of cybercrime increased by 56 percent and now costs companies an average of US$6 million per year. (3*)

Cybercrime has come a long way since it was mostly a digital form of vandalism. It has developed into a criminal business operated for financial gain and is now worth billions. In this report AVG focuses on some of the most notable cybercrime developments in the last quarter.

Stealing digital currency
Digital Currency has become very popular in a short time. Facebook Credits, Xbox Points, Zynga coins and Bitcoin now play a vital role in a multi-billion dollar global gaming economy. Far from being just of virtual value, many of these currencies are actively traded for real currency. This has not gone unnoticed by cyber criminals, now aiming to steal digital wallets from people’s computers. In June a digital wallet containing close to US$500,000 was stolen when someone broke into the victim’s computer and transferred most, but not all, of the money out of his wallet.

Outsourcing the hard part, collecting the money
In a bid to outsource the hassle and risks of collecting the money, cyber criminals are moving beyond credit cards details and are increasingly using mobile phone operators to do the collecting for them. A criminal might install a Trojan on to a victim’s smartphone that sends premium SMS messages when the owner is asleep. They might use a Facebook scam to get hold of people’s phone numbers and sign them up for an expensive monthly phone charge. A victim’s mobile operator will process the charges and transfer the money to the criminal organisation, even if they reside on the other side of the world. If and when a victim notices the charge and the mobile operator is alerted to stop processing payments, considerable amounts may already have been stolen. If the amounts are small enough, many victims may not even notice for months.

Eavesdropping on Android
With Android taking almost 50% of the world’s smartphone market share, it is no wonder that cyber criminals consider the platform an attractive target. Most Android malware focuses on making money from premium SMS. However, in July AVG investigated a Trojan that records a victim’s phone conversation and SMS messages and sends them to the attacker’s servers for analysis to identify potential confidential data. This clearly demonstrates the power of modern mobile operating systems but also the tremendous risks unprotected mobile users are open to.

Other key findings in the report:
• Rogue AV Scanner is currently the most active threat on the web
• Exploit Toolkits account for over 30% of all threat activity on malicious websites (‘Fragus’ is most popular, closely followed by ‘Blackhole’)
• Angry Birds Rio Unlocker is the most popular malicious Android application
• The USA is still the largest source of spam, followed by India and Brazil

“In Q3 we started to see a clear trend in cybercriminals shifting their focus to simplifying money collection,” said Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies. “Well-organised criminal gangs are now letting mobile phone operators handle the money collecting part by focusing on mobile phones and setting victims up for charges that will appear on their phone bill some time later. Not only is it a lot easier, it also scales to tremendous volumes making money by stealing small amounts from very large groups of victims.”

A recent report authored by the research agency The Future Laboratory (Cybercrime_Futures), reveals that while cyber criminals and malicious programs are becoming increasingly sophisticated and difficult to detect, users are, alarmingly, becoming the weakest link as they are less vigilant about protecting their online devices. The combination of these two factors presents a potentially disastrous cybercrime scenario.
JR Smith, CEO of AVG Technologies, said “It’s increasingly evident that each unprotected individual makes us all more vulnerable, so it’s vital that as a global society we find ways to address this trend and ensure that we are protected together. We’re securing people’s digital life, or as we like to say: Providing Peace of Mind to the Connected World.”

About the report
The AVG Community Powered Threat Report is based on the Community Protection Network traffic and data, collected over a three-month period, followed by analysis by AVG. It provides an overview of web, mobile devices, Spam risks and threats. All statistics referenced are obtained from the AVG Community Protection Network.

The AVG Community Protection Network is an online neighbourhood watch, helping everyone in the community to protect each other. Information about the latest threats is collected from customers who choose to participate in the product improvement program and shared with the community to make sure everyone receives the best possible protection.
AVG has focused on building communities that help millions of online participants support each other on computer security issues and actively contribute to AVG’s research efforts.

Full Q3 Threat Report: AVG_Community_Powered_Threat_Report_Q3_2011 (33 pages, 3.5 Mb PDF)

1*http://www.computerworlduk.com/news/security/3303786/us-needs-to-be-prepared-for-a-big-cyber-attack/
2* http://www.guardian.co.uk/uk/2011/oct/02/cyber-crime-unit-met-police
3* http://www.ponemonorg/blog/post/second-cost-of-cyber-crime-study-is-released-today

Keep in touch with AVG (AU/NZ)
• For breaking news, follow AVG (AU/NZ) on Twitter at twitter.com/avgaunz
• Join our Facebook community at www.facebook.com/avgaunz
• For security trends, analysis, follow the AVG (AU/NZ) blog at resources.avg.com.au

### ENDS ###

About AVG (AU/NZ) Pty Ltd — www.avg.co.nz
Based in Melbourne, AVG (AU/NZ) Pty Ltd distributes the AVG range of Internet and mobile security products in Australia, New Zealand and the South Pacific. AVG software solutions provide complete real-time protection against the malware, viruses, spam, spyware, adware, worms, Trojans, phishing and exploits used by cyber-criminals, hackers, scammers and identity thieves. AVG protects everything important and personal inside computers — documents, account details and passwords, music, photos and more — all while allowing users to work, bank, shop and play games online in safety.

AVG provides outstanding technical solutions and exceptional value for consumers, small to medium business and enterprise clients. AVG delivers always-on, always up-to-date protection across desktop, and notebook PCs, plus file and e-mail servers in the home and at work in SMBs, corporations, government agencies and educational institutions.

© Scoop Media