A NEW BREED
1LxhtJc
1LxhtJc
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
securityage<br />
A wolf in sheep’s clothing<br />
Is mobile malware just a virulent nuisance, as some experts claim, or is enterprise<br />
IT becoming complacent to a potentially business-endangering threat?<br />
T<br />
here’s no denying the<br />
fact that mobile<br />
malware is soaring.<br />
In 2014, mobile security<br />
firm Lookout reported that the<br />
number of malware attempts<br />
on mobile devices jumped by a<br />
staggering 75%. Android users are,<br />
unsurprisingly, taking the brunt of<br />
it – with around two million forms<br />
of Android malware, one in five<br />
Android users have encountered at<br />
least one mobile threat in the past<br />
year, according to security firm<br />
Kaspersky, which identifies roughly<br />
5,000 new samples every day.<br />
But alongside these scary statistics,<br />
other experts are claiming that<br />
mobile malware, as endemic as it<br />
might be, is not really that serious<br />
a threat.<br />
In amongst the usual ‘doom and<br />
gloom’ of its annual breach report,<br />
wireless telecoms provider Verizon<br />
declared – in a section called ‘I’ve Got<br />
99 Problems and Mobile Isn’t Even 1%<br />
of Them’ – that the major malware<br />
exploits ‘just aren’t happening’.<br />
Though the firm detected hundreds<br />
of thousands of malware infections,<br />
these were mostly ‘adnoyance’ type<br />
programs that simply irritate users<br />
with unwanted adverts. Other<br />
forensic companies like FireEye also<br />
‘A significant<br />
proportion of malicious<br />
mobile software seen<br />
in the wild today is<br />
adware, but it would be<br />
very foolish to lower our<br />
defences based on this<br />
observation’<br />
>> David Kennerley, Webroot<br />
say that mobile devices just don’t<br />
show up in their investigations.<br />
Despite the volume and veracity,<br />
Verizon and FireEye paint a picture<br />
of mobile malware as a cloud of<br />
tiny, annoying ticks and parasites<br />
that pose no real threat to<br />
information security.<br />
So just how concerned should<br />
enterprise IT be about mobile<br />
malware and the potential threat<br />
to their business’s information?<br />
David Kennerley, threat research<br />
manager at cyber security firm<br />
Webroot, argues that it would be<br />
naive to think that mobile malware<br />
doesn’t pose a significant security<br />
risk for companies. ‘There is a real<br />
concern that enterprise decisionmakers<br />
may misinterpret recent<br />
reports and not take mobile security<br />
as seriously as they should,’ he says.<br />
Treason and plot<br />
The recent case of ‘Gunpoder’ [sic]<br />
also highlights a new technique of<br />
the malware writers. This piece<br />
of malware, disguised as a game<br />
emulator app, looked and behaved<br />
like adware – all while stealing<br />
personal information from the<br />
infected Android device, which the<br />
cybercriminals then used to commit<br />
phishing attacks.<br />
‘Many AV companies classified<br />
this malicious app as adware,<br />
and many users thinking that<br />
adware was “more annoying than<br />
dangerous” allowed the app to run,’<br />
says Kennerley.<br />
September 15 information-age.com 37