There has been a sizeable increase in both volume and sophistication of mobile threats, as PC-based threats have transitioned to mobile platforms By Sudhir Chowdhary
Mobile devices have taken the world by storm. But there’s a catch: The way mobile phones, laptops and tablets interconnect work life and personal life raises serious security challenges for individuals and enterprises—and the stakes are high. Threat researchers at some of the big IT security firms are concerned that the new devices will give more opportunities for criminals to thrive, as they evolve their cyber attacks, endanger business, including online banks and retailers, while moving closer to homes and individuals through mobile technology.
“Last year saw major security breaches, increased malware, and mobile threats that impacted people from all walks of life around the world,” says Maxim Goncharov, senior threat researcher at Trend Micro. “Now more than ever, consumers and enterprises alike must be diligent in understanding their vulnerabilities, and what should be done from a security perspective to better protect personal data and guard against compromised privacy.”
There is no doubt that mobile devices offer well-established benefits in terms of productivity and efficiency gains for employees and enhanced services for consumers, stresses Goncharov, responsible for security consulting to business partners (internal, external), creation of security frameworks, designing technical security architecture and overseeing the build out of an enterprise incident response process. “But the reality is that the spread of mobile devices and bring-your-own-device policies have opened up a variety of security issues for enterprises across the globe. By allowing employees to access company networks with their personal devices, businesses are vulnerable to attack from hackers who would exploit those entry points.”
According to Trend Micro’s 2013 annual threat round up report, “Cashing in on Digital Information,” security breaches, cyber criminals and organised attacks made it nearly impossible to keep personal and financial data private. The report reveals that there was a sizeable increase in both volume and sophistication of mobile threats, as PC-based threats transitioned to mobile platforms. “By the end of 2013, we saw a total of 1.4 million malicious and high-risk Android apps being identified. And Apple users are not immune; last year saw an increase in phishing attacks specifically targeting Apple users as cyber thieves recognise the potential revenue from this install base,” Goncharov informs.
Trend Micro’s annual report provides insight into the vulnerabilities of today’s technology that is rapidly becoming interconnected and “smart.” Further, it reveals that as online banking malware that directly target victims’ finances intensified globally last year, prolific ransomware increased and evolved into Cryptolocker throughout the year. High profile incidents of infrastructure being targeted by cyber attacks became a reality in South Korea, demonstrating how critical operations can be impacted on a broad scale.
But let us keep our focus on the onslaught on mobile devices, more so in India—which is the world’s fastest rising smartphone market, slated to have 185 million mobile internet users by June 2014 (IAMAI), and the second biggest user base for Android accounting for over 93% market share (IDC). Device proliferation and the resultant application explosion has increased potential vulnerabilities and made ‘mobile’ a significant threat vector. This is validated by McAfee Labs that has collected 2.47 million new Android samples in 2013, with 744,000 in the fourth quarter alone, an astounding increase of 197% from the end of 2012. “With India placed on the tip of mobile device explosion, there is an overwhelming need of adoption of security and privacy protection in our digital lives,” says Jagdish Mahapatra, managing director, India and SAARC, McAfee.
The latest mobile security trends report by the wholly-owned subsidiary of Intel (McAfee) found that around 82% of apps track users and 80% of apps collect location information—invading our privacy successfully! Additionally, another McAfee survey on Indian mobile consumption behaviour revealed threats arising out of indiscriminate usage of mobile phones and sharing of private content on mobile devices. It unveils that 98% of polled Indian respondents use smartphones to take pictures and more than 66% of polled respondents claimed to share their mobile content.
McAfee Labs’ ongoing research into underground ‘dark web’ markets identified the attempted sale of stolen credit card numbers and personal information known to have been compromised in the Q4 retail breaches. The researchers found the thieves offering for sale some of the 40 million credit card numbers reported stolen in batches of between 1 million and 4 million at a time.
“The fourth quarter of 2013 will be remembered as the period when cybercrime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice-president for McAfee Labs. “These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table.”
So, what do we have to look forward to in 2014 and beyond? “We expect mobile malware to not just keep growing, but to indirectly affect other platforms and devices as well,” says Goncharov. “Consider how we are using our mobile phones not just for banking, but for authentication (using either apps or text messages). It’s a logical step forward that cyber criminals will systematically go after these as well. 2014 will be about mobile banking. Two-factor authentication is not a cure at all—while it can improve IT security, it also introduces new attack vectors that have to be considered and make secure as well.”
On the PC front, what is going to see threats are old systems—specifically those running Windows XP. By the time Microsoft stops supporting Windows XP next year, more than twelve and a half years will have passed since it was released. In the world of technology, that is an eternity. Unfortunately, however, many businesses are still using Windows XP. Once the patches stop being released, they will have no protection from Microsoft against zero-day exploits. “We just saw a new zero-day target only Windows XP and Server 2003; there are certainly more that haven’t been used or discovered yet.
In short, cyber threats and attacks have become more complex and criminals are using every avenue available to break into mobile devices.
(Courtesy: The Financial Express)