With the holiday shopping season approaching, online retailers are preparing for traffic spikes. But they should also be preparing to beef up security -- and so should banks and Apple users.
That’s because the holiday shopping season tends to see a rise in malware of all types. This year, the issue may be even worse. Trend Micro’s Q3 2013 Security Roundup Report is raising concern about the ongoing proliferation of Apple iOS phishing sites, as well as a sizable uptick in online banking malware.
According to Trend Micro, all this means consumers should be alert and cautious during the holiday shopping season to protect personal and financial data from being compromised. And so should banks and online retailers.
Apple Users Beware
"As consumers gravitate to the convenience of online banking, criminals are developing tools at an exceedingly rapid pace to exploit a general lack of awareness," said JD Sherry, vice president of technology and solutions at Trend Micro.
"In addition, Apple has been traditionally perceived as a safe-haven against threats, but our findings reveal that personal information can be jeopardized as phishing scams that target the platform continue to gain momentum," Sherry said. "This evidence suggests a potential perfect storm looming in the holiday season as busy commercial and consumer users leverage mobile platforms."
After a spike in the second quarter, Apple-related phishing sites have remained steady throughout the third quarter with 4,100 detected in June, 1,900 in August and 2,500 in September. Trend Micro said this raises concerns of potential new targets in the fourth quarter with analysts estimating that Apple will sell 31 million iPhones and 15 million iPads in the period.
Trend Micro researchers also identified more than 200,000 malware infections targeting online banking in the third quarter. Three countries stood out as the most targeted, with the U.S. accounting for 23 percent of online banking malware infections worldwide, followed by Brazil with 16 percent and Japan with 12 percent.
Europe's top countries, Germany and France, each had only 3 percent, which may stem from the region's high degree of multi-factor authentication requirements with online banking transactions. Along with these increases, the level of sophisticated obfuscation techniques used by threat actors has also risen, according to Trend Micro.
Who Is To Blame?
We caught up with Ken Pickering, director of engineering at security firm CORE Security, to get his take on the Trend Micro report. He told us as more and more people do their banking online, attacking the endpoints becomes more and more attractive.
“Meanwhile, endpoint security software obviously isn’t getting the job done, and web browsers like Internet Explorer are plagued with zero days. It has become easier to install malware and more profitable after it is installed, it’s the perfect storm,” he said.
“Who is to blame? Users must be held somewhat accountable. These users should be properly educated around secure procedures for logging into financial applications. But part of the blame must go to the software development community for its failure to provide effective malware protection, and creating software that is easily exploitable and able to attain system level permissions,” Pickering added.