Attacks that proved successful on PCs are now being tested on unwitting mobile device users to see what works — and with the number of mobile devices with poor protection soaring, there are plenty of easy targets. "Attackers are definitely searching after the weakest point in the chain," and then honing in on the most successful scams, says Lior Kohavi, CTO at CYREN, a cloud-based security solutions provider in McLean, Va.
Google's Android operating system averaged 5,768 malware attacks daily over a six-month period, according to CYREN's Security Report for 2013. Today more than 99 percent of new mobile malware is designed to target Android, according to a Q1 2014 Mobile Threat Report by security firm F-Secure Corp. based in Finland. But that doesn't mean iOS for Apple iPhone or iPads are immune. The number of documented vulnerabilities for iOS Apple iPhone and iPads increased 82 percent in 2013, according to a Symantec report, though it adds that doesn't necessarily lead to malware that exploits those vulnerabilities.
BYOD programs entice hackers even more, with the holy grail now being to infiltrate a company's perimeter through mobile devices, either through social engineering scams that get access to company data through a mobile device, or just by sitting across the street and attacking the company's WiFi through an infected mobile phone. Small and midsize businesses face higher risks because they're often not able to keep up with BYOD policies, and threats can change every three to six months.
With all of that in mind, here are five new threats to your mobile device security:
1. Mobile phishing and ransomware
Just like the PC scams, bad guys are using social engineering through mobile apps and SMS text messages, which take advantage of human behavior and trust to gain access to data or infiltrate businesses, to make people click on links. Malware then ends up on the user's PC.
"If they can make you believe a message is from a trusted source, chances are you will click," says Stu Sjouwerman, cofounder of security training company KnowBe4 LLC in Clearwater, Fla. "This trick has been used with email, instant messaging, social networks, and [now] they are even spoofing SMS text messages." Even email messages, when opened on a mobile device, can infect laptops and enterprise systems. Sjouwerman advises mobile users to check for red flags. "If you click on an email message from a mobile app without checking for anything suspicious, you might download malware and infect your PC, so think before you click!"
Sjouwerman also sees an increase in ransomware via mobile devices that run Google's Android OS. In this case, the mobile user opens an infected attachment, which locks all files until the user pays $500.
Sign up for Computerworld eNewsletters.