Apple Reports Most Vulnerabilities In Q1

Cybercriminals increasingly target Apple and Android says Trend Micro

Apple surpassed Oracle, Google and Microsoft in reported vulnerabilities during the first quarter of 2012, while the popularity of the Android mobile operating system has seen it increasingly targeted by cybercriminals, according to the Trend Micro Q1 Security Roundup Report.

The report also found that cybercriminals managed to take advantage of news and social events to stage malicious attacks and also targeted new platforms to tempt victims.

Rotten Apple

Apple reported 91 vulnerabilities in the first of quarter of 2012, ahead of Oracle which posted 78m, Google with 73 and Microsoft, which recorded 43. However the Cupertino-based company also issued a record number of patches in March.

The Mac-manufacturer struggled recently with the Flashback malware, resulting in criticisms about its attitude towards security. More than 650,000 Mac machines were infected and although Apple worked to create a removal tool for affected systems, commentators criticised its relatively slow response when compared to those of Microsoft, Adobe and Oracle.

The first quarter also witnessed a rise in malware targeting Android as Google’s mobile operating system becomes increasingly popular with the enterprise and consumers. Around 5,000 new malicious Android apps were identified during the period, continuing the trend from 2011 which saw malware on the platform increase by more than 3,000 percent.

These security fears prompted Google to introduce an automatic scanning service named Bouncer to prevent the entry of undesirable apps onto the Android market, resulting in a 40 percent decrease.

Socially unsocial

Event such as Whitney Houston’s death, socio-political upheavals and ‘Linsanity’ – the rise of Taiwanese-American basketball player Jeremy Lin – also provided a platform for cybercriminals as they tempted their victims with malicious links and attachments. New social network Pinterest was also targeted.

Cybercrminals are also keeping track of their different attacks by using campaign IDs to see which particular attack compromised a user’s network. Luckycat was cited as one which used a wide range of malware, some of which was linked to other cyber-espionage campaigns.

“Criminals continue to take advantage of new areas of user interest as they arise; whether that be breaking news stories, or new platforms such as Pinterest or the smartphone”, said Rik Ferguson, Director of Research and Communications, EMEA at Trend Micro. “Our research into Luckycat and other APT activity has also revealed the closely interlinked and campaign-based approach below the murky waters of cyber-espionage.”

“Online criminal activity doesn’t show any sign of abating, rather this first quarter serves as a reminder that these people follow very closely the behaviour of their victims and are constantly renewing their modus operandi or their medium,” he added.

Are you at risk from cybercriminals? Find out with our quiz!