Malware: Emerging Trends

Expert: Social Networks Targeted for Drive-By Exploits

By , March 13, 2013.
Malware: Emerging Trends

Malware was spread in unique ways in 2012, particularly through drive-by exploits. In 2013, organizations can expect more exploits targeting social networks, says Adam Kujawa of anti-malware vendor Malwarebytes.

See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

"The method in which the links to drive-bys have been spread was pretty unique [in 2012]," says Kujawa, a malware intelligence analyst. "We can see that moving over into 2013."

Kujawa says cybercriminals are increasingly targeting social networking sites and communication tools such as LinkedIn and Skype. And the growing sophistication of social engineering is a cause for concern, as it becomes even harder to differentiate truthful and deceptive messages online.

"About a decade ago, you could see a phishing e-mail that was a poorly written attempt," he says in an interview with Information Security Media Group [transcript below]. "It was pretty apparent back then that these were fake e-mails. Today, we see almost exact duplicates [of corporate communications] that are easy to fall for."

These simple yet effective methods are what organizations need to pay attention to as the year progresses. "Methods like that ... really get to the core of the human mind and act on our kneejerk reactions with how comfortable we have become with technology," Kujawa says.

In an interview about 2013 malware trends, Kujawa discusses:

  • Top malware threats to organizations;
  • How malware will be delivered in 2013;
  • How to counter these threats.

Kujawa is a computer scientist with more than eight years experience in reverse-engineering and malware analysis. He has worked at a number of United States federal and defense agencies, helping these organizations reverse-engineer malware and develop defense and mitigation techniques. He has also previously taught malware analysis and reverse-engineering to personnel in both the government and private sectors. He is the malware intelligence lead for Malwarebytes Corp.

TOM FIELD: To start out, why don't you tell me a little bit about yourself and your expertise in malware, please?

ADAM KUJAWA: I'm a malware researcher with over eight years of experience. I previously worked for the U.S. government, both directly and indirectly as a contractor, and currently I'm the malware intelligence lead for Malwarebytes. That pretty much includes researching new and unique malware threats, as well as informing our user base of such threats and providing education on how people can protect themselves from those threats.

Top Malware Stories of 2012

FIELD: I know you've spent a lot of time looking back on 2012 as you make your predictions for 2013. What would you say were the top malware stories of 2012?

KUJAWA: The top threats of 2012 really involved a high rise in drive-by exploits that were found being spread by malicious advertisements, phishing e-mails and cyber criminals posing as legitimate users. In addition, the widespread ransomware infections being spread by the exploits, as well as Trojan malware and remote access Trojans, or RATs, that steal principal and financial information, we found in record-breaking numbers.

The big malware stories of 2012 also included a discovery of numerous state-sponsored malware running on the networks of governments in the Middle East. The biggest threats to the users were from drive-by exploits. They had just gone up in massive amounts, and we were calling it the golden age of drive-bys because of that and the kind of malware that they're spreading.

Ransomware, Trojan malware and RATs have just been exploiting not only the users' systems but the users themselves by means of tricking people or fooling people into believing that they're being infected by government malware or that the government had indeed hijacked their system or locked it out because of some illegal activity they may or may not have performed. Then, [there's the] classic kind of malware that we see that hides on the system very well and changes almost daily, requiring a more up-to-date, quicker response time on the side of the cybersecurity community.

Golden Age of Drive-By Exploits

FIELD: One thing you said in your report - you said it again just a moment ago - is that we're living in the golden age of drive-bys. What exactly do you mean by that?

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE State of Privacy 2015

Amidst a flurry of security breaches and new legislation, privacy suddenly has gained a higher...

Latest Tweets and Mentions

ARTICLE State of Privacy 2015

Amidst a flurry of security breaches and new legislation, privacy suddenly has gained a higher...

The ISMG Network