1. Blackhole Exploit Kit spam runs. Blackhole Exploit Kit (BHEK) changed everything we knew about spam phishing as the traditional ways of protection no longer work. In fact, we even uncovered some email samples that only need a victim to click a malicious link to trigger the infection chain. BHEK spam runs are also known to convincingly spoof companies like Facebook, American Airlines, and Verizon in order to convince users to open the messages.
2. Android malware. By end Q3 this year, we already saw 175,000 malicious and high-risk apps targeting Android users. Most of these pose as legitimate apps but have hidden routines like sending messages to premium numbers or collecting sensitive information. By 2013, we expect the number of such apps rise to 1 million.
3. Ransomware/Scareware. Ransomware has long been a consumer concern. This year, however, saw not only high-profile incidents but also some developments to coax users into paying cybercriminals. An example is the increase in Police Trojan, which locks an infected system and threatens users to pay by posing as the victim?s local law enforcement agency.
4. DORKBOT. New DORKBOT variants were found spreading via Skype and used legitimate file storage websites to store the malware copy. It also used different languages as part of its social engineering technique.
5. Threats Leveraging London 2012 Olympics. Global events have always been a favorite of cybercriminals. This year was no different, as we saw several attacks that took advantage of the London 2012 Olympics. Some of these schemes include fake ticketing sites and scams that sprouted before, during, and after the event.?The threats that we saw this year prove that cybercriminals and other bad guys on the Internet are becoming more aggressive. This coming new year, we also predict new challenges arising from users engaging on multiple devices and platforms (Android, Windows, iOs etc.). And with mobile malware on the rise and conventional threats getting pumped up, users will find it difficult to secure their devices and may just forgo security altogether,? the company said.]]>