Weak Security Coding Practices for Mobile Apps

Intel Security has launched its quarterly McAfee Labs Threats Report, revealing key cyber-attack developments over the third quarter of 2015.

Key threat areas outlined in the report include:

• Weak security coding practices for mobile apps can expose data: Malware strains are being designed to take advantage of poor mobile app coding connecting mobile apps to back-end service providers – two mobile banking Trojans were able to intercept over 170,000 SMS messages of more than 13,000 banking customers, stealing credit card numbers and executing fraudulent transactions
• Fileless malware becoming more stealthy: The report looks at how malware which leaves only the tiniest trace – or none at all – on disc is able to enter the IT system in the first place as this malware becomes increasingly difficult to detect and stop
• Return of macro malware: A fourfold increase in macro detection was registered over the last year, reaching the category’s highest growth rate since 2009 – this increase is a result of increasingly sophisticated spearphishing campaigns which fool enterprise users into opening malware-bearing email attachments

Further Q3 2015 Threat Statistics calculated by McAfee Labs’ Global Threat Intelligence (GTI) network include:

• Threats: An average of 327 new threats were detected every minute, or more than 5 every second
• Suspect URLs: More than 7.4 million attempts were made to entice users into connecting to risky URLs (via emails, browser searches, etc.)
• Ransomware: McAfee Labs saw a 18% increase in ransomware samples in Q3 – the total number of ransomware samples grew 155% from Q3 2014 to Q3 2015
• MacOS Malware: Four times as much Mac OS malware was registered in Q3 than in Q2 – most of which resulted from one single major threat

[su_box title=”About McAfee Labs” style=”noise” box_color=”#336588″]McAfee Labs is the threat research division of Intel Security and one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. The McAfee Labs team of more than 400 researchers collects threat data from millions of sensors across key threat vectors—file, web, message, and network. It then performs cross-vector threat correlation analysis and delivers real-time threat intelligence to tightly integrated McAfee endpoint, content, and network security products through its cloud-based McAfee Global Threat Intelligence service. McAfee Labs also develops core threat detection technologies—such as application profiling, and graylist management—that are incorporated into the broadest security product portfolio in the industry.[/su_box]

[su_box title=”About Intel Security” style=”noise” box_color=”#336588″]McAfee Labs is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique McAfee Global Threat Intelligence, Intel Security is intensely focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. The mission of Intel Security is to give everyone the confidence to live and work safely and securely in the digital world.[/su_box]