The Mobile Cyber Threat: Go Away, We Are Not Compatible

Mobile Cyber Threat

The way we engage with and use technology each day is changing. We wake up, we check our smartphones. We travel to work and we read the news on our tablets. We get to work and we move to our PCs or laptops. That convenience can come with a heavy cost if security is compromised, particularly as the way we exchange data across platforms evolves.

Dell SecureWorks’ Counter Threat Unit (CTU) has researched the stand-out risks from 2012 and unsurprisingly, mobile device threats were high on the agenda. In fact, the CTU team documented 7,696 new software vulnerabilities last year which was a 6% rise on 2011. If we break that down further, 28% of the new threats in 2012 were related to mobile operating systems.

As mobile networked computing devices become more common, attackers are actively developing and maturing technology and techniques to use threat scenarios associated with mobile devices. In 2012, mobile malware development and deployment primarily focused on Android and this trend is unlikely to change while this mobile platform remains the most broadly deployed.

The majority of Android malware is still found in unofficial third-party markets and attackers are increasingly leaning on drive-by downloads, luring victims to malicious sites using in-app advertising links, social networking profile pages, and email campaigns.

So what were the trends and new threats that emerged in 2012?

Repackaging

Approximately two-thirds of Android malware observed by CTU researchers had been repackaged into existing legitimate applications. This malware is typically distributed via alternative marketplaces. Once in these marketplaces, social engineering is sometimes used to make the new or unrated application seem more popular, convincing other users to download it.

Application Update Attack

This was a new type of attack observed in 2012. Android can in some instances permit installed applications to automatically update. This can mean that a user downloads a malware-free application that was created by an attacker. Later, the original application is automatically updated to one that contains malicious content.

NotCompatible

The ubiquity of mobile devices and the regularity with which they move between networks challenges conventional security boundaries. NotCompatible emerged as a new threat in the second quarter of 2012 and gives an attacker inbound access to networks accessible by the mobile device, as an example opening up access to corporate wifi networks via 3G on the ‘phone. This Android malware poses as a security update and is downloaded directly from the Internet. Once executed, the malware behaves as a botnet client, initiating contact with servers and executing attacker commands.

SpamSoldier Malware

Discovered in the fourth quarter of 2012, this malware stems mainly from SMS. A victim receives a text message to download a popular game, likely from an unrecognised number. SpamSoldier installs and hides itself, and then automatically installs the game as expected by the victim. The malware retrieves lists of messages and target numbers from a remote server and sends the message to each telephone number via SMS. The first indicator of the effects of this malware may be the SMS log as part of the victim’s monthly bill.

Applying relevant security updates for mobile device software remains a best practice. Security-conscious users may want to use applications, particularly web browser applications, that differ from built-in applications. Using external applications allows security updates to be applied more frequently than periodic operating system updates. In general, the practice of controlling threat exposure by limiting and updating installed applications is as valid on mobile devices as it is for traditional computing devices.

The mobile space continues to evolve rapidly, both in malware maturity and in security controls. Most malware continues to target the Android platform, though many exploits exist for other platforms too. Most malware is found in unofficial, third-party markets. Use of marketplaces that do not have published and practiced malware identification and remediation practices result in additional risk.

Whether using your mobile device for business or leisure, security vulnerabilities across all mobile operating systems are very real. As with PC-based malware, which has been prolific over past decades, users must be aware of the risks, vigilant and suspicious in equal measure.

Despite the familiarity as a personal platform, tablets and smartphones are constantly at risk from infection and users should take extreme care when downloading, updating or installing new web-applications and also when following links to unfamiliar sites. As outlined above – as these platforms become more prevalent, the bad-guys will increasingly put their efforts into targeting these platforms.

Don Smith

Don Smith, VP Technology & Engineering at Dell SecureWorks, is a leading information security expert who is the technical lead for Dell’s EMEA information security practice. His close ties with Dell SecureWorks’ Counter Threat Unit give him unparalleled visibility into the threat landscape as well as effective countermeasures and protective security strategies.