In 2014, No Country is Safe from Mobile Threats

If you have been reading recent malware studies and articles, you may have noticed that many different different countries have been named as the ones “most targeted” or with the “most new mobile threats”:

• Great Britain has the highest level of mobile malware
• “…Russia number one target for global mobile malware in 2013”
• Other research has shown that in the second half of 2013, 75 percent of the reports originated from Saudi Arabia and India.
• Other articles name Vietnam and Ukraine as among the countries with the most mobile malware

Rather than proving that one country is more vulnerable than another, lets just agree that that everyone is vulnerable. Mobile Malware, i.e malicious software that targets mobile devices as a means of theft, espionage, propaganda and in some cases just as a means of causing damage – is a serious threat wherever you are.

The Global Reach of Mobile Devices
According to estimates from the International Telecommunication Union (May 2014) there are nearly 7 billion mobile subscriptions worldwide, which is equivalent to 95.5 percent of the world’s population. Despite a gradual decrease in growth rate, there were still a billion new mobile subscriptions in the past three years alone.

Another way to look at it is the fact that there are now 14 countries in the world with more than 100 million mobile subscriptions, ranging from China with 1.2 billion mobile subscribers to Mexico with 102.7 million. The newest additions to the 100 million-subscribers club are Vietnam, Bangladesh, the Philippines and Mexico; several countries, such as Iran and Egypt, are also approaching this figure.

These facts demonstrate how truly mobile the world has become.

Mobile Security Threats Don’t Need a Passport

Security-wise, things are also moving fast. Recently, we referenced the fact that mobile malware has hit the big 2 million mark. These threats are made up of both highly advanced targeted malware threats, such as mobile remote access trojans (aka mRATS), as well as simple, widespread attacks all around the world.

When looking at the global outreach of mobile malware we have observed that many are:

1. Widespread threats targeting multiple countries or continents, such as the malware strains of:
   • Faketoken – a banking trojan that attacked users in 55 countries in early 2014.
   • FinFisher – an advanced surveillance attack that was discovered in over 25 countries.

    

2. Mobile-oriented attacks targeting specific countries, such as:
3.  
   • an Android trojan that targeted Cuban users (April 2014)
   • an aggressive SMS worm that targeted Android users in Israel (May 2014)
   • Bredo Banking Malware Campaign that targeted Bank of America Customers (Feb 2014)
   • an Android SMS Trojan that attacked 15 countries in Europe – this attack could determine which region the device was in and modify the attack accordingly. (Nov 2013)

Explanations for the global spread of mobile malware will continue to develop but you can point to the following as great examples: the customizable nature of Android and iOS, the popularity of 3rd party markets in various countries, the increasing trend of BYOD and even weak laws against advertising. However, the bottom line remains: Mobile malware can affect your enterprise, wherever you are.

Enterprises are Still Lagging with Mobile Security Controls

Despite these worrying figures, only a fraction of smartphones and tablets are currently protected by mobile security solutions that can detect and prevent both the low-level threats and advanced targeted attacks.

It appears most enterprises are recognizing there is a gap and looking to deploy effective security that protects corporate data stored and accessed by mobile devices – it’s estimated enterprises will invest in mobile security so that 277 million mobile devices will have some kind of protection installed by 2015. However, that still leaves millions (even billions) of devices vulnerable.

Why in the face of all these examples of real threats against mobile devices are enterprises slow to take action? We leave this as an open question for the reader, however, if we had to provide a hypothesis, it could be due to a lack of information on how these attacks are perpetrated. In the face of creative marketing from a lot of vendors, we recognize many enterprises may feel they are actually covered. That said, there are a number of capabilities enterprises can look for to add the mobile security coverage they need.

How Can Enterprises Approach Mobile Security?

Everything starts with awareness. Enterprises need to understand that regardless of their location, they can be hit by a mobile malware attack. Whether it’s a targeted or a widespread attack, physical borders are almost entirely irrelevant from a malware perspective.

It’s important to understand that one measure alone cannot provide a complete security. Organizations should have:

• Corporate guidelines in place, so employees are aware of risks and acceptable use.
• Measures to detect, prevent and mitigate the different attack vectors used by hackers – both low-level, mass market malware and targeted threats:
  1. On the Device – with the ability to recognize when changes (OS, configs, etc.) are malicious.
  2. In the Applications – with the ability to understand how an app will behave on a particular device through its lifecycle to identify suspicious activity.
  3. In the Network – with the ability to correlate network information with what’s happening on the device to identify attack traffic coming to and from the device.
• Measures to adjust access to corporate resources based on real-time risk levels.

photo credit: Terra Nova/Flickr