Employee devices walking time bombs, says threat report

Tools

Mobile devices are facing unprecedented levels and varieties of attacks, with 99 percent of new mobile threats targeted to Android users, according to the latest mobile threat report from security expert F-Secure Labs.

In an email to FierceCIO, the company notes that "Android is a particularly hot target for malware, with 79 percent of all mobile threats attacking the world's most popular OS. Considering nearly 75 percent of smart devices rely on Android, the smartphone in an employees' hands could, without the right security measures, be a 'ticking time bomb.'"

The threat report reveals that 99 percent of new threats that emerged in the first quarter of 2014 were designed to run on the Android. Further, of the 275 new threat families or variants of known families discovered during that time, all but two were designed to run on the Android. One was targeted to the iPhone and one to the Symbian.

To put those numbers into context, the firm said that in the same quarter last year, there were 149 new threat families and variants discovered, with 91 percent targeting Android.

"The first quarter also saw a number of firsts for Android malware," according to the report. "This indicates the mobile threatscape is continuing to develop in sophistication and complexity." These firsts included the first TOR Trojan, Cryptominer and Bootkit.

"These developments give us signs to the direction of malware authors," Mikko Hypponen, chief research officer at F-Secure, said in an email to FierceCIO. "We'll very likely see more of these in coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies."

As to the harm done by these mobile threats, the report lists the following:

  • Sending SMS messages to premium-rate numbers
  • Downloading or installing unsolicited files or apps onto the device
  • Silently tracking device location or audio or video to monitor the user
  • Pretending to be a mobile AV solution but actually having no useful functionality
  • Silently connecting to websites in order to inflate the site's visit counters
  • Silently monitoring and diverting banking-related SMS messages for fraud
  • Stealing personal data like files, contacts, photos and private details
  • Charging a 'fee' for use, update or installation of legitimate and usually free apps

Related Articles:
BYOD: Your worst security nightmare?
BYOD could grease the insider threat wheels (FierceMobileIT)
For tomorrow's workplace, nonmobile is not an option (FierceMobileIT)