Photo - Ivan Wen, Country Manager, Blue Coat Malaysia
According to Web security and WAN optimisation solutions firm Blue Coat's new mobile malware report, social engineering is being increasingly used to target mobile device users, which could fuel almost 1.5 billion ways to steal information.
During the unveiling of Blue Coat Security Lab's '2014 Malware Report: A New Look at Old Threats' in Kuala Lumpur, Blue Coat's Malaysia country manager Ivan Wen said that the impact of diverse malware included the replacement of pornography by 'Malvertising' as the no. 1 mobile threat.
Overall, the rising mobile threats resemble the same socially engineered malware tricks that have been prevalently used for years to attack personal computers (PCs), said Wen.
"The truth is that mobile threats are still primarily defined by the types of socially engineered malwares that simply trick the users into accepting what the cybercriminal is selling," he said. "Therefore, user behaviour remains as the key in both identifying where attacks might occur and understanding how these attacks may evolve."
"Often, the mobile phones' security model is not being breached, but instead the users themselves are tricked into unsafe actions that give controls to the cybercriminals," said Wen. "Blue Coat's Mobile Malware 2014 findings found that, as more people transition their recreational activities onto mobile devices, this behavioural trend is driving 'malvertising' [malicious advertising] to the top mobile threat vector."
"User behaviours on mobile devices and PCs are distinctively different," he said. "For instances, social networking has decreased as an activity on PCs, but is now the third most popular activity on mobile devices. Online shopping is one of the most popular activities on mobile platforms, but not on PCs."
"Malvertising is on the rise as more Web advertisements [Web ads] today are delivered through mobile networks which direct more users to malicious sites," said Wen.
Not a surprise
He said that the study's finding that Web ads have outpaced pornography is "of little surprise with close to 1 in every 5 times a user is directed to mobile malware through Web ads. This is three times the rate as compared back in November 2013"
"Malvertising is emerging as a leading attack vector, mimicking the rise of Web ad traffic which mostly generated through recreational activities like online shopping, on mobile devices," said Wen. "Mobile users are more used to seeing Web ads and this naturally makes them more vulnerable to the malware attacks that are launched through these ads."
He said that the most prolific current mobile malware threats included: spam; poisoned links on social networking sites; and rogue apps, which are socially engineered in nature to dupe users into taking 'unsafe' actions, such as changing their security settings, downloading apps or authorise their device to unknown third-parties that potentially compromise their devices' security models.
"The rise of malware attacks on mobile devices is becoming one of the most notable trends in recent cybercrime," said Wen. "In fact, mobile users are sometimes more vulnerable because the smaller screen size may reduce context clues. Therefore, there have been many various mobile malwares are leveraged for Advanced Persistent Threat (APT) attacks targeted at a specific organization to achieve criminal objectives."
"Mobile malware and APTs are able to penetrate mobile phone or connected Wi-Fi networks, thus posing serious threats to local businesses," he said. "To ensure protection of information assets and user privacy, companies should consider a 'Lifecycle Defense' approach that allows for malware analysis and threat intelligence to be extended across the corporate's mobile environments for greater security control."
Sign up for Computerworld eNewsletters.