Ready to Start Your Career?
November 22, 2016
Mobile Malware Now Equals PC Infection Rates
November 22, 2016
There are currently 2 billion smartphone users in the world. These users have amassed over 268 million downloads. It should then come as little surprise that cybercriminals have turned their attention to attacking mobile devices and the users to which they’re attached. Mobile devices infected with malware currently stands at 1.12% as reported by IBM Trusteer. This malware infection rate has drawn equal to PC infection rates. These figures clearly indicate that there must be money to be made producing mobile malware. We’ll examine the main types of mobile exploits, the motivation behind them, mobile device vulnerabilities (this will shock and appall you), and what users and organizations can do to better protect themselves when going mobile.Mobile exploits fall into the following categories:
- Phishing exploits to trick users into entering financial or personal info into fake mobile web forms or downloading malware infected apps used to steal sensitive info.
- AdWare – basically harmless, but extremely annoying, sometimes requiring reinstalling the mobile OS.
- Premium-rate SMS fraud - users are tricked into responding to a text message, enabling a module which will start sending SMS messages to premium rate numbers at the user’s expense.
- Malware that locks users out of their devices and essentially acting as mobile ransomware.
- Only download mobile apps from legitimate app stores. This comes down to the Apple App Store and Google Play. Organizations may wish to consider creating internal company app stores to house both approved commercial apps and internally-created business apps.
- Keep devices updated. This is easier said than done for the Android platform as previously mentioned, however, opting for Google-sanctioned phones or higher-priced Android phones can make things easier when it comes to timely updates.
- Don’t let your guard down when evaluating potential phishing attacks. The same holds on mobile as it does in PC-land.
- Don’t download apps from music sharing sites or porn sites. This should go without saying, but see first bullet point.
- Don’t root or jailbreak your mobile devices. This disables built-in security features and leaves the device wide open for attack. Sideloading apps is also dangerous. This should be left to developers. Rooted devices should never be allowed on the corporate network.
- Encrypt your devices. Protecting the data at rest on the device will protect it from both malware on the device as well as from thieves if stolen. Stolen devices actually present more of a risk than malware to user data.
- Install anti-malware software on your devices. This only applies currently to Android, but many good options exist, including many free versions.