The way we engage with and use technology each day is changing. We wake up, we check our smartphones. We travel to work and we read the news on our tablets. We get to work and we move to our PCs or laptops. This convenience comes with a heavy cost if security is compromised. And since we use so many devices to exchange data and threats have become highly evolved, a compromise is likely.
Dell SecureWorks’ Counter Threat Unit (CTU) has researched the stand-out risks from 2012. The CTU documented 7,696 new software vulnerabilities last year, which was a 6 percent increase over 2011. And 28 percent of the new threats in 2012 were related to mobile operating systems.
As mobile networked computing devices are becoming more common, attackers are actively developing and maturing technology and techniques to attack mobile devices. In 2012, mobile malware development and deployment primarily focused on Android. This trend will likely continue since this mobile platform remains the most broadly deployed.
The majority of Android malware is still found in unofficial third-party markets. Attackers are increasingly leaning on drive-by downloads, luring victims to malicious sites using in-app advertising links, social networking profile pages, and email campaigns.So what were the mobile trends and new threats that emerged in 2012?
Approximately two-thirds of Android malware observed by CTU researchers had been repackaged into existing legitimate applications. The malware is typically distributed via alternative marketplaces. Once in these marketplaces, attackers use social engineering to make the new or unrated application seem popular, and influence users to download it.
Application update attack:
This was a new type of attack observed in 2012. Androids could permit installed applications to automatically update. This meant that a user could download a malware-free application that was created by an attacker, and later the original application would automatically update itself to contain malicious content.
The ubiquity of mobile devices and the regularity with which they move between networks challenge conventional security boundaries. The NotCompatible Trojan emerged as a new threat in the second quarter of 2012. The malware poses as a security update, prompting the user to download it directly from the Internet. Once executed, the malware behaves as a botnet client, initiating contact with C2 servers and executing attacker commands.SpamSoldier malware:
Discovered in the fourth quarter of 2012, SpamSoldier propagates mainly from SMS. A victim receives a text message, likely from an unrecognised number, to download a popular game. Once downloaded, SpamSoldier hides itself and installs the game expected by the victim. The malware retrieves lists of messages and phone numbers from a remote server. The malware then sends a message to each telephone number via SMS. For example, the message may offer the receiver a link to download a free game. He gets the game, but he unknowingly also gets SpamSoldier. Often the first time a victim realizes something is wrong is by looking at the SMS log, which he may request from his service provider, and noting all the text messages that have been sent.
Whether using a mobile device or a traditional computer, users can protect themselves from threat exposure by installing applications solely from reputable sources and by updating applications as soon as possible. Security-conscious users may want to use Web browser applications, which differ from built-in applications. External applications often provide security updates more frequently than those built-in applications that come with the phone.
The mobile space continues to evolve rapidly, both in malware maturity and in security controls. Most malware continues to target the Android platform, though many exploits exist for other platforms too. Malware is often found in applications that are found in unofficial, third-party markets. Downloading apps from these marketplaces that do not have published and practiced malware identification and remediation practices is risky.
Like computers, tablets and smartphones are constantly at risk from infection. Users should take extreme care when downloading, updating or installing new Web applications and when following links to unfamiliar sites. As mobile platforms become more prevalent, so too will mobile malware.