Threat reports finger Android again

Antivirus vendor McAfee's latest quarterly threat report singles out Android, yet again, as the established favorite of cybercriminals targeting mobile platforms.

In November 2011, the company issued a quarterly report saying essentially the same thing -- mobile malware was increasing, with Android the favorite target. It did so again this past February, and then again in June.

Reactions within the security community have ranged from sardonic to serious. In the view of some security experts, this is not news. It is scare-marketing, designed to sell more antivirus products to panicked mobile users.

There is no need, they say, for a study to tell people what they already know -- that the most popular mobile operating system is going to be the most popular target of the bad guys.

In March, a reader going by the alias "fotoflojoe," posted in response to McAfee and other reports on malware attacks on Android: "In other news, water is wet and the sky is blue."

Last November, the focus on Android prompted a ferocious response from Chris DiBona, Google's open-source programs manager, who said the reports exaggerated mobile malware, and said mobile operating systems such as Android, iOS, and BlackBerry, don't need antivirus software.

"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS," DiBona said. "They are charlatans and scammers. If you work for a company selling virus protection for [them], you should be ashamed of yourself."

[In depth: Which smartphone is the most secure?]

But there are others who say McAfee's reports are providing a valuable service, because they go well beyond an amorphous, "things-are-bad-and-getting-worse" declaration, into detail about how much worse and in what ways.

They are also valuable because too many users apparently don't know it -- they still haven't gotten the message that mobile devices need just as much protection as PCs, since they are fully connected to all the benefits, and therefore the dangers, of the Internet.

Network World reported this week that exploits that are no longer effective on PCs are being successfully used to target smartphones, in part because of a low rate of anti-malware protections.

That is not necessarily the fault of an open-source platform like Android. "Carriers rarely provide updates to smartphones that fix vulnerabilities. Over 75% of the Android smartphones are running version 2.3X (released Dec. 6, 2010) or earlier versions," the report said. "As a result, vulnerabilities that have been repaired have not been released and downloaded to older smartphones by a software management system like those used to update PCs with the latest security patches.

The McAfee report said that not only has mobile malware grown -- it detected 1.5 new malware samples during the quarter -- but has also expanded into new types of attacks, including drive-by downloads, the use of Twitter for control of mobile botnets, and ransomware. McAfee's database of dangerous programs grew to more than 90 million, and is expected to top 100 million by next quarter.

Ransomware, which restricts access to a computer's system or files, is among the worst of the new attacks, "because the damage is instant and commonly a machine is rendered completely unusable," wrote Anna Salta on Kaspersky Labs' Threatpost blog. "So not only is the victim's data destroyed, but some of the victim's money is also gone if he or she attempts to pay the attacker's ransom."

For an enterprise, it can be worse than the loss of pictures and memories -- it can mean the loss of encrypted data, while the criminals demand ransom money to release it.

Eric Maiwald, research vice president at Gartner and a mobile security expert, agrees that the latest report simply confirms "the same trend we have been seeing." But he said the one difference now is the use of ransomware.

Jeff Wilson, principal analyst for security at Infonetics, said that even if this is just the continuation of a trend, the message is that both consumers and enterprises need to protect their devices. Antivirus products don't stop all attacks, he said, but they help.

"If you never conduct transactions, store or enter personal information, send or receive sensitive email, browse the Web, or download apps, then you probably don't need to do much," Wilson said. "But if you do any or all of those things, then you should start looking at client solutions from the traditional AV vendors or even cloud solutions that take the burden of security off the devices."

"There's also making sure email and SMS/MMS messages are clean first, and enforcing safe browsing habits by routing web traffic through a secure cloud is a great first line of defense," he said.

Blake Turrentine, owner of HotWAN, a trainer for BlackHat and mobile security expert, said, "something is better than nothing. But he said their protection is "limited due to the restrictions involved in sandboxing of mobile apps."

His advice: "Keep your firmware up to date."

There is also training, although that has its limits as well. "Unfortunately, as with all other controls, training is not foolproof," said Eric Maiwald. "The more users are made aware of the mechanisms for malware infection, the less likely they will be to just download something, unless they really think they want it, or click yes to something, unless they are really tired or really think they want to say 'yes.'"

What about those whose phones are just for personal use? "The headline news is perhaps the best approach to informing them, by repeating that smartphones are not as secure as they may think," Turrentine said.

But the message from trainers is as obvious as the trend: Don't click yes on anything until you've checked it out first.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place