Apple-related phishing sites, banking malware on the rise
Trend Micro threat report highlights concerns for shopping season
Banking malware and Apple iOS phishing sites are both in ascendance according to Cyber security specialist Trend Micro's third-quarter Security Roundup Report, which was released today.
The company called for caution from consumers during the holiday shopping season and urged people to pat particular attention to how they protect personal and financial data.
"As consumers gravitate to the convenience of online banking, criminals are developing tools at an exceedingly rapid pace to exploit a general lack of awareness," said JD Sherry, vice president of technology and solutions, Trend Micro.
"In addition, Apple has been traditionally perceived as a safe-haven against threats, but our findings reveal that personal information can be jeopardised as phishing scams that target the platform continue to gain momentum. This evidence suggests a potential perfect storm looming in the holiday season as busy commercial and consumer users leverage mobile platforms."
After a spike in Q2 (5,800 in May), Apple-related phishing sites have remained steady throughout Q3 with 4,100 detected in July; 1,900 in August and 2,500 in September. This raises concerns of potential new targets in Q4 with analysts estimating Apple to sell 31m iPhones and 15m iPads in the fourth quarter alone.
Trend Micro researchers also identified more than 200,000 malware infections targeting online banking in Q3. Three countries stood out as the most targeted, with the US accounting for almost one-quarter (23%) of online banking malware infections worldwide, followed by Brazil with 16% and Japan with 12%. Europe's top countries, Germany and France, had only 3% respectively, which may stem from the region's high degree of multi-factor authentication requirements with online banking transactions. Along with these increases, the level of sophisticated obfuscation techniques used by threat actors has also risen. Trend Micro said it found anti-debugging and anti-analysis routines within online banking Trojan KINS.