Basic HTML Version
FireFlyz | 65
I
t’s
common these days to fall
victim to malware, short for “mali-
cious software.” It includes viruses
and spyware that get installed on
your computer, phone, or mobile
device without your consent. Blue
Coat Systems, Inc. (‘Blue Coat’), a
market leader in business assurance tech-
nology, uncovered some startling security
findings in a report titled ‘2014 Mobile
Malware: A New Look at Old Threats.’
The report provides insights that may help
Malaysian businesses better protect their
information assets and privacy across
mobile devices and networks. Overall, the
rising mobile threats resemble the same
socially engineered malware tricks that
have been prevalently used for years to
attack personal computers (PCs).
User Behaviour Drives Mobile
Threats
Often, the mobile phones’ security model
are not breached, but instead, the users
themselves are tricked into unsafe actions
that gives control to cybercriminals. Blue
Coat’s Mobile Malware 2014 findings
discovered that, as more people transition
their recreational activities onto mobile
devices, this behavioural trend is driving
‘malvertising’ (Malicious Advertising) to
the top mobile threat vector.
User behaviours on mobile devices
and PCs are distinctively different. For
instance, social networking has decreased
as an activity on PCs, but is now the third
most popular activity on mobile devices.
Online shopping is one of themost popular
activities on mobile platforms, but not on
PCs. Malvertising is on the rise as more
Web advertisements (Web ads) today are
delivered throughmobile networks which
direct more users to malicious sites.
Web Ads Outpace Pornography
Therefore, it was of little surprise when
Blue Coat’s 2014 Mobile Malware Report
indicated, as of February 2014 thatWeb ads
has outpaced pornography as the number
one mobile content that leads to malware
attacks – with close to one in every five
times a user is directed to mobile malware
through Web ads.
‘Malvertising’ is emerging as a lead-
ing attack vector, mimicking the rise of
Web ad traffic, which ismostly generated
through recreational activities like online
shopping, on mobile devices. Mobile
users are more used to seeing Web ads
and this naturally makes them more
vulnerable to the malware attacks that
are launched through these ads.
Spam, Poisoned Links and Rogue
Apps
Today, themost prolificmobilemalware
threats are spam, poisoned links on
social networking sites and rogue apps,
which are socially engineered in nature
to dupe users into taking ‘unsafe’ actions,
such as changing their security settings,
downloading apps or authorising their
device to unknown third-parties that
potentially compromise their devices’
security models.
The rise ofmalware attacks onmobile
devices is becoming one of the most
notable cybercrime trends in recent
times. In fact,mobile users are sometimes
more vulnerable because the smaller
screen size may reduce context clues.
Therefore, there have been various
mobile malwares that are leveraged for
AdvancedPersistent Threat (APT) attacks
targeted at a specific organisation to
achieve criminal objectives.
3 Popular Mobile Threats
Users are tricked into downloading an application, often disguised as
mobile porn that charges the victim’smobile phone account a fee.
Tips:
•
Check if your mobile provider enables blocking SMS payments
•
Bewary on Android; checkmobile phone bills
•
Be sceptical of mobile porn apps
Links appearing to come from friends on social networking sites that
lead tomalware.
Tips:
•
Don’t click on suspicious content, even if it comes froma friend
•
Avoid clicking on ads on your mobile device
•
Never download unknown apps or attachments
Appswith risky behaviours such as access to contact info, location or
disclosure of mobile device user’s habits, interests or searches.
Tips:
•
Never disable your security settings
•
Never download an app outside of legitimatemarkets (i.e. App Store or
Google Play)
•
Bewary of “anti-malware” and porn apps
•
Enterprises should subscribe to app risk profiles