- Category: May 2011
Juniper Networks has found in their recent study of global mobile threats that enterprise and consumer mobile devices are increasingly exposed to a record number of security threats, which include an alarming 400 percent increase in Android malware and highly targeted Wi-Fi attacks.By looking into recent malware exploits, the study has both outlined several new areas of concern and provided recommendations on essential security technologies and practices to help consumers, enterprises/SMBs, and governments to protect themselves from mobile device exploits.
As smartphones will soon take over from PCs as the personal and professional choice for computing, cyber criminals are looking to exploit mobile device weaknesses. The gap between hacker skills and an individual’s or organization’s defences is widening which highlights the need for increased mobile security vigilance, as well as stricter, more tightly integrated mobile security policies and solutions.
“The last 18 months have produced a non-stop barrage of newsworthy threat events, and while most had been aimed at traditional desktop computers, hackers are now setting their sights on mobile devices. Operating system consolidation and the massive and growing installed base of powerful mobile devices is tempting profit-motivated hackers to target these devices,” Jeff Wilson, Principle Analyst, Security at Infonetics Research. “In a recent survey of large businesses, we found that nearly 40 percent considered smartphones the device type posing the largest security threat now. Businesses need security tools that provide comprehensive protection: from the core of the network to the diverse range of endpoints that all IT shops are now forced to manage and secure.”
Malicious Mobile Threats Report 2010/2011 was compiled by Juniper Networks Global Threat Center (GTC) research facility, a unique organization dedicated to conducting around-the-clock security, vulnerability and malware research tailored specifically to mobile device platforms and technologies. The GTC has tracked ever more sophisticated attacks from 2010 and 2011, such as, Myournet/Droid Dream, Tap Snake and Geinimi as well as the pirating of the “Walk and Text” application, new threat vectors for mobile cybercrime, and the potential for exploitation and misuse of mobile devices and data.
Key Report Findings Include:
- App Store Anxiety: The single greatest distribution point for mobile malware is application download, yet the vast majority of smartphone users are not employing an antivirus solution on their mobile device to scan for malware.
- Wi-Fi Worries: Mobile devices are increasingly susceptible to Wi-Fi attacks, including applications that enable an attacker to easily log into a victim’s email and social networking applications.
- The Text Threat: 17 percent reported that infections from SMS Trojans sent SMS messages to premium rate numbers, often at irretrievable cost to the user or enterprise.
- Device Loss and Theft: 1 in 20 customer devices were lost or stolen, requiring locate, lock or wipe commands to be issued.
- Risky Teen Behavior: 20 percent of all teens admit sending inappropriate or explicit material from a mobile device.
- “Droid Distress”: The number of Android malware attacks increased 400 percent since summer 2010.
“These findings reflect a perfect storm of users who are either uneducated on or disinterested in security, downloading readily available applications from unknown and unvetted sources in the complete absence of mobile device security solutions,” said Dan Hoffman, Chief Mobile Security Evangelist at Juniper Networks. “App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation. There are specifics steps users must take to mitigate mobile attacks. Both enterprises and consumers alike need to be aware of the growing risks associated with the convenience of having the Internet in the palm of your hand.”
In order to guard against growing mobile malware threats, the report recommends the following:
- Install an on-device anti-malware solution to protect against malicious applications, spyware, infected memory cards, and malware-based attacks on the device.
- Use an on-device personal firewall to protect device interfaces.
- Require robust password protection for device access.
- Implement anti-spam software to protect against unwanted voice and SMS/MMS communications.
- For parents, device usage monitoring software can help oversee and control pre-adult mobile device usage and protect against cyberbullying, cyberstalking, exploitative or inappropriate usage, and other threats
For Enterprises, Governments and SMBs:
- Employ on-device anti-malware to protect against malicious applications, spyware, infected memory cards and malware-based attacks against the mobile device.
- Use SSL VPN clients to easily protect data in transit and ensure appropriate network authentication and access rights.
- Centralize locate and remote lock, wipe, backup and restore facilities for lost and stolen devices.
- Strongly enforce security policies, such as mandating the use of strong PINs/Passwords.
- Leverage tools to help monitor device activity for data leakage and inappropriate use.
- Centralize mobile device administration to enforce and report on security policies.