Mobile Malware Update (and Juniper’s report)

As a small part of my day job, I put together a monthly “Cybersecurity Digest”.  Most of my subscribers are IT Managers in large organizations.  I created the digest especially because I like efficiencies: If I’m going to fall asleep at night reading 45 page reports on cybercrime anyway, why not save IT Managers or small business owners some time by summarizing what I learned?  Often times, like when I was recently preparing to present details of the mobile virus Obad , I read five such reports.  Some of them are virtually useless – overly-generalized repetitions of data elsewhere – whereas others have fresh data and new perspectives.  In the excerpt below from my September  Digest, I review Juniper’s Mobile Malware report.    

Mobile Malware Update

The amount of mobile malware we’ve seen in the last year is approximately at the same point (200K – 300K samples) as Windows malware was back in 2006 which was the first year of cybercrime going completely crazy.  Is mobile malware poised to explode as well?    

The Mobile Malware Profit Model

The most successful profit model so far is sending or receiving premium SMS messaging without the user’s knowledge.  Currently this activity is heavily concentrated in China and Russia, two countries where premium SMS messaging is extremely popular.  This is also where we see the majority of mobile malware botnets.  One security company estimated the profitability of such a botnet.  The net of it is this: most users don’t notice until they’ve lost $10 each that they’re being scammed, so based on the size of the botnet a herder can earn from $500K to $3million a year.  No wonder it’s so popular. 

Note: there are other profit models (like stealing bank credentials) but they are so rare that it’s not worth discussing them yet. 

Besides profit, there’s another big reason that mobile malware is created: As a launching point for an Advanced Persistent Threats (APTs).  This should be a concern to any company who have valuable data and who allow employees to “Bring Your Own Device” (BYOD).  More details about that in my  blog about Obad. 

Infection Vectors for Mobile Malware

(Note: There is wide agreement in cybersecurity circles about these details – compiled from several different reports)

Methods for infecting smartphones:  

The user downloads an infected application.  Usually it’s a free application from an insecure storefront.  This is by far the most common infection vector today.   

  • The user clicks a malicious url, served up by an ad or as part of a text message.   
  • The user is enticed to visit a website which is infected.  
  • Via SMS messaging.  This is not common in the US.    

Monthly Security Report Summary

The report I picked this month was the best one I read about mobile malware: Juniper Networks Third Annual Mobile Threats Report .  It’s 27 pages long but if you want to cut to the chase, page 24 has a list of security recommendations entitled, “Guidance for Enterprises”. 

 A few report highlights:   

           Android has 68% global market share

          92% of malware is written for Android

          77% of known vulnerabilities could be fixed with the latest version of Android.  However, only 4% of users have the latest version

          It can easily take 6 months or more to receive the latest version of Android.  This provides a wide window of opportunity for cybercriminals

          90% of Apple customers have the latest version of the OS

          The best way companies can avoid end-user smartphone infections is to create a policy where users can’t download applications without prior approval

          More than 500 3rd party stores contain malicious apps

          There is “seasonality” to the posting of malicious apps: January is the biggest month (when the largest number of people have received new devices as gifts)

          30% of free apps have permission to track location, use address book, etc. versus 8% of paid apps

 

And that’s it for this month. 

Best,

cj

@cjonsecurity

Leave a Reply

*