Vulnerabilities / Threats
11/8/2012
08:23 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Companies Need Defenses Against Mobile Malware

While infection rates -- at least in the U.S. -- remain low, cybercriminals are writing more malware for Android, Symbian, and other platforms. At some point, they'll find the right recipe for profit

With the past month's parade of quarterly threat reports, one pattern seems clear: Mobile malware is on the rise.

In a report released late October, security firm Trend Micro found 175,000 different malicious and suspicious packages targeting the Android operating system by the end of the third quarter, a fivefold increase over the previous quarter. Antivirus firm F-Secure saw a similar jump, finding more than 50,000 malware packages targeting Android mobile devices in the third quarter, a tenfold increase compared to the prior quarter.

Yet while mobile malware has become a problem in a few countries, such as Russia and China, overall infection rates are low. In the U.S., for example, multiple reports by network-monitoring researchers have found less than 1 percent of devices infected with malware.

"We are seeing a big sample increase, but not a huge increase, in malware families," says Sean Sullivan, security adviser for F-Secure. "What we are seeing is more of a spam approach on the front end [in the app stores], but we see less activity in terms of infections."

The apparent paradox of massive increases in malware but only infrequent infections is, in part, due to the problems that cybercriminals have in monetizing compromised smartphones and tablets. Most cybercriminals have turned to toll fraud to convert their control of a mobile device into a paycheck. By sending out premium SMS messages to an attacker-owned service, the criminals are able to collect money from the user's phone. However, because premium SMS messages are not a popular way to pay for services in the U.S., the scams are less successful.

For enterprise security managers, the statistics offer a confusing picture of the threat landscape. With the bring-your-own-device trend in full swing -- one survey found that the average mobile worker carries three devices, and then some -- companies need to find ways to benefit from the productivity boost that comes with allowing workers to use their own devices, but without compromising security.

While malware needs to be a focus in the future, current corporate priorities for mobile devices remain essentially unchanged, says Kevin McNamee, security architect of Kindsight, a network security firm.

"The highest priority for the enterprise is that people have company data on their phones -- their contact lists, PowerPoint presentations -- so when the phone is lost, they have to worry about the corporate data being lost," he says.

Yet for most U.S.-based companies with thousands -- or even hundreds -- of employees, mobile malware will likely be carried inside their network sometime in the next year. Juniper Networks, which developed software to help companies manage and secure their employees' smartphones, typically detects malware on 2 to 3 percent of a client company's smartphones each year, says Daniel Hoffman, chief mobile security evangelist for the company.

"Spyware is by far the biggest category of infections that we see," Hoffman says. Rogue spyware -- as opposed to the kind that can be purchased online to, perhaps, legally monitor a person's cell phone usage -- makes up the lion's share of what Juniper detects. Fake installers, which wrap legitimate software in a malicious installer, are an increasingly popular tactic, while trojans that use SMS to sign users up for premium services are the third most popular type of malware detected in corporate networks, according to Juniper.

[A spate of research into mobile devices as sensor platforms has shown that compromised smartphones can be turned into insiders -- eavesdropping on phone calls, 'shoulder-surfing' for passwords, or looking around an office. See Mobile Trojans Can Give Attackers An Inside Look.]

Up-and-coming threats include many that security firms have found on PCs: scareware that attempts to convince victims that they must pay a fee to clean off their phones, bot-like programs that turn the phone into a text-message spam machine, and banking trojans that attempt to steal a victim's username and password to transfer money.

But targeted attacks on companies should also be a worry, Kindsight's McNamee says. The fact that phones constantly travel between untrusted networks on the outside of a company and back inside the corporate network makes them valuable to attackers as a conduit to sensitive data. Developing policies to prevent devices from being used as a way into the company's trusted network is important, he says.

"If you are in enterprise security and are worried about the phones that your employees are bringing to work, you have to look a year or so down the road to see what threats are going to be on the landscape," he said.

And mobile malware should be near the top of the list, he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Messany
50%
50%
Messany,
User Rank: Apprentice
11/10/2012 | 5:39:48 AM
re: Companies Need Defenses Against Mobile Malware
Mobile malware should be a huge concern for businesses and individuals today, and the fact that so many continue to "ignore" this threat is because a lot of big players in the mobile industry - like mobile ad networks - haven't done a diligent job of putting proper safeguards in place. I will praise Airpush for taking a positive step toward cracking down on mobile malware through its new partnership with Appthority. This should set a standard for others to follow - http://www.airpush.com/press_r...
FritzNelson
50%
50%
FritzNelson,
User Rank: Apprentice
11/9/2012 | 7:30:32 PM
re: Companies Need Defenses Against Mobile Malware
This sounds a little like the beginning days of threats on PCs, where there was a lot of activity, but the actual impact was minimal in comparison. I wonder whether all of these phones-as-mobile-wallet activities will provide that monetary payback (I mean that in a bad way, of course).-á
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web