internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
p. 83<br />
Symantec Corporation<br />
Internet Security Threat Report <strong>2013</strong> :: Volume 18<br />
ThREAT ACTIVITy TRENDS<br />
Analysis of Mobile Threats<br />
Background<br />
Since the first smartphone arrived in the hands of consumers,<br />
speculation about threats targeting these devices has abounded.<br />
While threats targeted early “smart” devices such as those based<br />
on Symbian and Palm OS in the past, none of these threats<br />
ever became widespread and many remained proof of concept.<br />
Recently, with the growing uptake in smartphones and tablets,<br />
and their increasing connectivity and capability, there has<br />
been a corresponding increase in attention, both from threat<br />
developers and <strong>security</strong> researchers.<br />
While the number of immediate threats to mobile devices<br />
remains relatively low in comparison to threats targeting PCs,<br />
there have been new developments in the field. And as malicious<br />
code for mobile begins to generate revenue for malware authors,<br />
there will be more threats created for these devices, especially as<br />
people increasingly use mobile devices for sensitive transactions<br />
such as online shopping and banking.<br />
As with desktop computers, the exploitation of a vulnerability<br />
can be a way for malicious code to be installed on a mobile device.<br />
Data<br />
Figure A.19. Android Mobile Threats: Newly Discovered Malicious Code, 2011–2012<br />
Source: Symantec<br />
24<br />
22<br />
20<br />
18<br />
16<br />
14<br />
12<br />
10<br />
8<br />
6<br />
4<br />
2<br />
0<br />
JAN<br />
APR<br />
JUL<br />
OCT<br />
JAN<br />
APR<br />
Methodology<br />
In 2012, there was a significant number of vulnerabilities<br />
reported that affected mobile devices. Symantec documented<br />
415 vulnerabilities in mobile device operating systems in 2012,<br />
compared to 315 in 2011 and 163 in 2010; an increase of 32<br />
percent.<br />
Symantec tracks the number of threats discovered against<br />
mobile platforms by tracking malicious threats identified by<br />
Symantec’s own <strong>security</strong> products and confirmed vulnerabilities<br />
documented by mobile vendors.<br />
Currently, most malicious code for mobile devices consists of<br />
Trojans that pose as legitimate applications. These applications<br />
are uploaded to mobile application (“app”) marketplaces in the<br />
hope that users will download and install them, often trying to<br />
pass themselves off as legitimate apps or games. Attackers have<br />
also taken popular legitimate applications and added additional<br />
code to them. Symantec has classified the types of threats into a<br />
variety of categories based on their functionality.<br />
JUL<br />
OCT<br />
TREND<br />
2011 2012