Lost Devices, Data Leakage Remain Top Mobile Threats

Mobile malware continues to trend upward, targeting Google Android devices in certain regions where third-party application stores are popular, and looser carrier restrictions enable the proliferation of premium text-messaging Trojans, according to a new threat report.

Lost and stolen mobile devices continue to be the biggest problem plaguing U.S.-based businesses, followed by the lack of control and visibility into the corporate data that may be stored on personally owned smartphones and tablets introduced into the workplace. The vast majority of mobile malware threats -- about three-quarters of attacks detected by Finnish antivirus vendor F-Secure -- were limited to devices in Saudi Arabia and India, the firm said in its threat report issued this week. About 5 percent of infections were detected in the U.S. and 2.8 percent in the U.K.

"The Android malware families most commonly reported in that period were GinMaster, Fakeinst and SmsSend, which either harvest data from the device or send premium-rate SMS messages," F-Secure said in its latest report.

[Related: Mobile Security: Shedding Light On A Topic Usually Shrouded In Dark ]

Sponsored post

F-Secure said 10 percent of the malware samples were traced back to the four most popular third-party mobile application stores. Most of the malware is embedded in malicious versions of popular Google Play Store apps. A majority of the malicious applications are gambling-related, slot machine or card game apps followed by weaponized versions of popular games.

F-Secure said 23 percent of the malware the firm examined masquerade as legitimate applications by using authentic-looking package names. Google Play, the official repository for Android apps, contained 0.1 percent of mobile malware. Any potential malicious apps that make it into the store have a short shelf life, F-Secure said.

F-Secure warned of the growing use of "silent" sources by attackers to infect user devices. Vendor customizations introduce vulnerabilities that can be targeted, the firm said. Malware being pushed by ads in mobile browsers is also increasing. A recent threat report issued by Sunnyvale, Calif.-based network security vendor Fortinet had similar findings. Fortinet said about 96 percent of malware targets Android devices.

CIOs and IT security teams that spoke recently with CRN said lost and stolen devices remains as one of their biggest concerns. Solution providers can help businesses understand how to strike the right balance between letting users bring their own mobile devices and finding the right mixture of controls to reduce the risks posed to corporate data, according to Jack Gold, principal analyst at J. Gold Associates, a Northborough, Mass.-based consulting firm, who spoke at this week's XChange Solution Provider conference in Los Angeles. Gold advocates ways to establish security by setting enforceable policies that don't impede on user productivity.

NEXT: Web-Based Attacks Infiltrate Corporate Networks

In addition to mobile device risks, web-based attacks continue to be the primary way threats are infecting end-user devices, according to the F-Secure report. Java and Flash exploits are top threats, driven by automated attack toolkits. The malware is sometimes forcibly downloaded onto a victim's machine from a malicious website, or users are tricked into clicking a link that establishes a malicious download, F-Secure said.

The biggest threat to the network is still user interaction, said Cliff Sweazey, executive vice president of Indianapolis-based systems integrator Innovative Integration. Attackers have gotten better at tricking users using social engineering tactics, Sweazey said.

"If we can get people to stop clicking the 'Yes' or the 'OK' any time they get a false security warning, that would mitigate the vast majority of infections we see," Sweazey said. "The most dangerous viruses are the ones where the user feels like they're doing something right, but it's really very, very wrong."

F-Secure said the arrest of the author of the notorious Blackhole attack toolkit resulted in a temporary decline of some web-based attacks. Cybercriminal gangs are quickly turning to other popular attack toolkits, including the Angler, Styx and Nuclear kits, which use similar methods to drive attacks against Internet Explorer, Flash and Microsoft Silverlight. F-Secure recommends avoiding porn and dating sites, uninstalling Java in the browser, if possible, and not clicking on links or pop-up notifications from suspicious sources.

"Software distributed via the web accounted for 72 percent, or the lion’s share, of the detections in our sample Top 100. So the web is clearly the biggest source of malicious infections," F-Secure said.

Zeus banking Trojan also continues to spread, security firms say. Fortinet's recent analysis of the threat landscape said the firm saw more than 20 million attempts to infect FortiGate-protected networks. Although Zeus is known as a banking Trojan family, the latest attacks deliver the CryptoLocker ransomware, which encrypts system data and then demands money to unlock the files, Fortinet said.