Ransomware, the Pinkslipbot Trojan, and mobile app collusion are the growing cybersecurity threats of note in the past quarter, according to Intel Security this week.

The issue of ransomware has been in the news lately — most recently at the University of Calgary. According to the Santa Clara, Calif.-based firm in its McAfee Labs Threats Report: June 2016, new ransomware samples rose 24 per cent this quarter.

The relatively low skill bar of entry for perpetrating ransomware attacks — it can be as easy as gaining access to an exploit kit to deploy the malware — has created a thriving underground cybercrime community, Intel Security said.

The backdoor W32/Pinkslipbot Trojan worm has also re-emerged as a security threat; first launched in 2007, the worm is capable of stealing sensitive information such as email passwords, signing certificates and financial information. Since December 2015, McAfee Labs has received more than 4,200 unique Pinkslipbot binaries primarily in the United States, United Kingdom, and Canada, who ranks third in terms of infection share at 3.6 per cent.

App collusion

The “mobile app collusion” term refers to a scenario when savvy cybercriminals manipulate two or more apps to instigate malicious attacks capable of exfiltrating user data, inspecting files, sending fake SMS messages, loading additional apps without user consent, and sending user location information to control servers, according to Intel Security.

App collusion represents an “emerging new attack method” and the report identified information theft, financial theft and service misuse as the three types of threats that can result from the technique. According to Barbara Kay, senior director of strategic solutions, Intel Security, the company tracked app collusion across more than 5,000 versions of 21 apps.

Kay spoke with IT World Canada while attending the Gartner Security & Risk Management Summit in National Harbor, MD.

“This is a pretty big number. It’s a testament to the sophistication that we are seeing in mobile spaces,” said Kay.

It’s important to note that this type of collusion “won’t be limited to mobile,” she added. “There’s no reason this couldn’t also work in a virtualized environment or any sort of cloud service setting.”

Other findings from the report include:

• Mobile: New mobile malware samples grew 17 per cent quarter over quarter in Q1 2016. Total mobile malware samples grew 23 per cent quarter over quarter and 113 per cent over the last four quarters.
• MacOS malware: MacOS malware grew quickly in Q1, primarily due to an increase in VSearch adware. While the absolute number of Mac OS samples is still low, the total number of samples has increased 68 per cent quarter over quarter and 559 per cent over the last four quarters.
• Macro malware: Macro malware continues on the growth trajectory begun in 2015 with a 42 per cent quarter over quarter increase in new macro malware samples. The new breed of macro malware continues to attack corporate networks primarily through sophisticated spam campaigns that leverage information gathered through social engineering to appear legitimate.
• Gamut botnet: The Gamut botnet became the most productive spam botnet in Q1, increasing its volume nearly 50 per cent. Prevalent spam campaigns offer get-rich-quick schemes and knock-off pharmaceutical supplies. Kelihos, the most prolific spamming botnet during Q4 2015 and a widespread malware distributor, slipped to fourth place.

The key takeaway is that users — mobile users in particular — need to be careful about what they install; maintain good IT hygiene, according to Kay. “Take your apps from a known and trusted store. Don’t permit anything to have permissions just blithely. Keep things up-to-date, and if you’re not using it, delete it.”