Cloudmark security suite addresses growing SMS spam

The software can be used to block spam via SMS and MMS and filter out malicious content

As mobile users are more frequently pestered by SMS spam, one security vendor is applying its experience in stopping e-mail spam for mobile networks.

Cloudmark released on Tuesday a suite of services designed for operators to stop abuse on their networks, such as MMS (Multimedia Messaging Service) and SMS spam as well as malware aimed at mobile devices.

The suite, called MobileAuthority, combines several features and services that Cloudmark had offered individually, but now make more sense to offer as a suite, said Neil Cook, head of technology services for Europe.

The Sender Intelligence component of MobileAuthority allows operators to detect and then block mobile spam originating from either inside their network or from one of their partners. The filtering component looks for patterns in order to block spam, malware or phishing scams.

Cloudmark has also set up a managed security service with a team that will monitor a mobile provider's networks for abuse and make adjustments in filtering in order to stop further problems.

As hackers and spammers see the potential for profit by hitting people with various scams over their mobiles, it's likely they will proliferate, Cook said.

Mobile users in North America and Europe haven't been inundated with as much spam as people in Asia, but it is on the rise. "We haven't seen that much, although it's now starting to get reasonably pernicious in North America," said Hugh McCartney, Cloudmark's CEO.

In India and China, 30 percent to 40 percent of messages sent to mobile users are spam. Cook said Cloudmark has seen quite targeted phishing attacks in Asia as well as North and South America.

Sometimes, the phishing attempt will take the form of an SMS (Short Message Service) message asking a person to call their bank. The number provided, however, isn't the bank's, but the scammers have replicated the voice prompts. The prompts will then ask for personal information, such as account details.

In Europe, premium-rate number scams are prevalent. A user will receive an SMS saying they've won a prize and are asked to reply with a short-code number, which then causes the person to be charged an excessive rate for sending that text message, Cook said. Other times, it could be a more common phishing attack, asking someone over SMS to visit a Web site on their PC.

Scammers are taking advantage of the fact that users tend to put more faith in SMS. "SMS is a much more trusted medium than e-mail," Cook said. "They [scammers] get a better hit rate on it."

And those scammers are also figuring out ways to send higher volumes of messages. Since mobile networks are closed off to the public, the environment is much different than how the public Internet works.

However, in regions such as Asia, scammers have been able to bribe their way into getting access to networks, Cook said.

"It's a closed club, but that club is opening up," Cook said.

In Asia, the cost of sending messages has fallen to nearly nothing due to intense competition between operations.

Spammers will buy lots of SIM cards and "tether" them together, sending masses of SMSs. Operators in Asia also have tended not to invest in security tools and instead been more focused on adding customers, Cook said.

For MobileAuthority, Cloudmark charges its customers per transaction; essentially, a small fee per SMS. For the reputation service component, Cloudmark will charge based on the size of the carrier's network and the data it scans.

Join the CSO newsletter!

Error: Please check your email address.

Tags smsspamsecurityCloudmark

More about Cloudmarkmobiles

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts