Mobile devices are prime targets for for cyber criminals, and a report by mobile security company Lookout reveals some surprising data about how they plot their attacks.
Lookout collected data from more than 50 million users between January and December of 2013. It analyzed the information and broke it down by region and type of attack to get a picture of mobile attack trends. The results are weighted to normalize the differences between life cycles of users in different regions.
What stood out is that attackers adapt attack behavior to target regions where the attack is more likely to maximize profit while minimizing potential detection.
For example, the overall rate of encountering malware on a mobile device was only 4 percent in the United States and Canada and only 3 percent in France, but jumps to 18 percent in Spain, 28 percent in China, and a massive 63 percent in Russia.
In North America, the bulk of mobile attacks fall into the adware category--threats that serve obtrusive or unsolicited ads on compromised devices. In other regions--especially in China and Russia--chargeware attacks are more prevalent. Chargeware attacks surreptitiously rack up significant fees on user accounts without clear notification or user consent.
Adware, and chargeware, and other mobile malware are obviously problems for individual users, but Lookout also points out a serious concern for businesses--particularly organizations that have embraced BYOD. "As BYOD becomes more common in the workplace, rather than attacking traditional, heavily monitored network services, we expect criminals to evolve once again and turn to mobile devices as an easier way to get into the enterprise and access valuable data," the report states.
Attackers are generally lazy--or at least very efficient. They go after the low hanging fruit. For example, the recent Target data breach was not a result of a direct attack on Target, or even Target employees. The attackers exploited a third-party contractor that works with Target and used that as a back door to compromise the Target network. Similarly, personal mobile devices with access to company data and network resources are a much easier to target than trying to attack an organization directly.
To protect yourself, you should make sure you only download apps from the designated app store for your mobile platform, or at least verify the integrity and credibility of any third-party app stores you might use. You should also be careful of random calls or text messages, and never press buttons or tap on links. It's basically the same mantra as the "don't open email file attachments from unknown sources," just extended to mobile devices.
Finally, you have to recognize the value of what's on your mobile device, and what it has access to. How many apps or services on your mobile device are able to expose sensitive information or have stored passwords that allow them to connect to confidential or personal data with a single tap? Use a passcode to lock your mobile device, and consider using some sort of security software to detect and block attacks just like you do on your traditional PC.