The development of malware observations 2014Published 13.05.2015
In 2014, FICORA registered 204,746 queries related to information security. In 2013, the corresponding figure was 492,426. However, these total figures should not be compared in detail because they are also affected by constantly changing sources of information, from where the Autoreporter service which sends information to the NCSC-FI collects its data.
In 2014, the majority of queries were based on voluntariness, being mostly reported by third parties. These queries mainly involved malware infections in Finnish networks and information about breached and damaged websites. The NCSC-FI transmits information it obtains from third parties to telecommunications operators and other Finnish network owners.
During 2014, there were significant changes in the types of malware observations transmitted by the NCSC-FI. The most typical malware observation reported in 2014 concerned the downloader-type ZeroAccess. A downloader may also download other malware onto the infected computer in order to steal user information. In 2014, observations of downloaders made up 75 per cent of all malware observations, while the corresponding figure in 2013 was 29 per cent.
Data stealer was the second most typical malware type reported last year. Data stealers are used to steal user information, usernames and passwords in particular. Using stolen passwords, attackers can pose as the victim. This is particularly serious if the attackers manage to steal passwords to online banking services or email accounts. The most common data-stealing malware includes Zeus, i.e. Citadel and its different versions, Torpig, Tiny Banker, i.e. Tinba, and KINS. Last year, nearly 20 per cent of all malware observations dealt with data stealers. The share of data stealers fell from 2013 when they accounted for one-third of all observations.
Other malware types detected last year included worms and junk mailers. Their portion decreased significantly from 2013 and, last year, formed a small group compared to downloaders and data stealers. On the basis of their statutory disclosure obligation, telecommunications operators must report all significant information security violations in network and communications services to FICORA, as well as all information security violations directed at them, which they are aware of. In 2014, 29 information security deviations were reported to FICORA. Of these incidents, 12 were related to vulnerabilities, nine to denial-of-service attacks and five to data system break-ins.