Mobile malware explodes, hits corporate networks

June 27, 2013 Leave a comment

Mobile malware explodes, hits corporate networks

June 27, 2013 – 9:28AM

Rob Lever

stats-300x0 attack_Makeup-300x0

Smartphone users have seen an explosion of malware in the past year, dominated by schemes targeting Google’s Android operating system, a survey has shown.

The attacks are also starting to hit corporate networks, possibly as part of broader espionage efforts, according to the Juniper Networks Mobile survey.

The report showed a 614 per cent jump in mobile malware in the 12 months to March 2013, with Android attacks accounting for 92 per cent.The prevalence of Android malware is not surprising in light of its dominance of the global smartphone market – around 75 per cent. Juniper said the open platform with less regulation makes it more prone to attacks.

“Android does not have as rigorous a vetting system” as rival platforms such as Apple’s iOS and BlackBerry, said Karim Toubba, a Juniper vice president, on Wednesday.

“But the reality is that all the operating systems have vulnerabilities.”

Toubba said the dominant scheme to “monetise” the attacks involves SMS text messages which infect a smartphone and surreptitiously deliver new messages to a “premium” SMS service, for a fee.

These services, which mimic legitimate ones such as those for voting on TV programs, can charge small fees such as 10 cents or 50 cents. The hackers can quickly cash in by infecting large numbers of devices, and can easily shut down and set up new numbers to avoid detection.

“They can spin it down and leave no trace,” said Toubba.

The typical SMS Trojan takes in a quick $US10 for the attacker, with profits multiplying as the schemes are repeated.

Many users are tricked into installing malware by messages or emails disguised as software updates.

Toubba said some malicious software gets into official channels such as Google Play and the Apple App Store, but that third-party vendors have much more malware.

“These marketplaces are popular targets which provide little to no review process,” Toubba said.

Not surprisingly, the survey found many of these malicious apps stemming from sites in Russia and China.

Apple users who “jailbreak” their iPhones to use on unauthorised telco networks often use these third-party networks because they may get locked out of the App Store.

Many users fail to even notice when their device is infected, because it may result in a charge of just a few cents on their phone bill.

Juniper found that more sophisticated attacks are starting to emerge, including those that create “botnets” to expand the infections, and other schemes which can be part of a broader corporate or government espionage effort.

“They can use the mobile device to do reconnaissance and go deeper into the corporate network,” Toubba said.

This is particularly worrisome for companies which allow employees to use their own devices for corporate networks.

Juniper’s report said it “saw several attacks that could potentially be used to steal sensitive corporate information or stage larger network intrusions”.

“It is clear that the threat of mobile malware to corporate devices is no longer a theoretical one. We expect the presence of mobile malware in the enterprise to grow exponentially in the coming years,” the report said.

Filed under TMT Trends

Unknown's avatarAbout bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (www.heroinnovator.com), the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a comment