Endpoint

10/28/2015
05:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Ransomware Ranked Number One Mobile Malware Threat

Blue Coat report shows cyber blackmail has ported to mobile devices.

The ping pong debate over whether mobile devices have developed into a truly mainstream cyberattack vector gained a little fodder today with a new report out from Blue Coat that claims an uptick in the number of mobile ransomware attacks in 2015.

"As we sleep, exercise, work and shop with our mobile devices, cyber criminals are waiting to take advantage of the data these devices collect, as evidenced by the types of malware and attacks we're seeing," said Dr. Hugh Thompson, CTO and senior vice president for Blue Coat.

The firm reported that mobile ransomware leads the attack types on the mobile front, followed by potentially unwanted software (PUS), and information leakage.

“With the increased performance capabilities of modern smartphones, it was only a matter of time before more advanced cryptographic ransomware, such as SimpleLocker, started showing up on mobile devices,” the report said, explaining that the techniques mirror the behaviors of ransomware proliferating in PC environments.

This report comes close on the heels of a report earlier this month by IDG and Lookout that claims 74 percent of businesses report having experienced a breach as a result of a mobile issue—be it vulnerable apps, malware hidden in apps, insecure WiFi, or apps prone to information leakage.  

According to BlueCoat, the top infection vector this year has by far been pornography, accounting for 36 percent of malicious traffic coming from devices examined by the firm. On the bright side, malvertising attacks against mobile targets appear to be on the decline, dropping by 20 percent in the past year.

Despite growing concern about the potential for disaster should cyber attackers choose to target the mobile ecosystem—particularly as mobile payment goes mainstream—many experts say it's still a tempest in a teapot. Researchers at Damballa earlier this year calculated that based on a study of half of all US mobile traffic, users were 1.3 times more likely to get struck by lightning than be infected by mobile malware. And the experts behind Verizon’s Data Breach Investigation Report at Verizon Enterprise Solutions flat out refute that 74 percent occurrence rate for mobile-related breaches.

Blue Coat does acknowledge Verizon’s thoughts on the matter explaining in the report that “the sky is not falling—but putting on a helmet is a good idea.”

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TedS486
50%
50%
TedS486,
User Rank: Apprentice
11/2/2015 | 3:30:39 AM
Re: Mobile OS
74% wow thats pretty huge. The amount of advances in Mobile Malware lately is astounding. Really should be a Red Flag to anyone with a mobile to get some security for your phone. In other words het yourself a helmet folks! :)


-Ted

https://www.youtube.com/channel/UCijmVN7B2_TF5NqwpE9AwLA

VinceF093
50%
50%
VinceF093,
User Rank: Apprentice
10/30/2015 | 12:40:34 PM
Following the Money
Thank you for pointing me to the Mobile Malware Report.  As more people move to their phones for making payments, the number of attacks on mobile will only increase.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
10/29/2015 | 2:20:52 PM
Mobile OS
Statistically for mobile malware specific to ransomware for this article, what OS was hit harder (iOS or Android)?
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVE-2018-11475
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.