For all those owning – or thinking of owning – an Android-run smartphone, including the just launched Samsung Galaxy S5, there’s bad news. Two new reports have categorically said that (almost) all mobile malware is targeted at Android devices, giving a clean chit to iPhone 5s / 5c and the upcoming iPhone 6, as well as BlackBerry and Windows-based phones.
Last week, a report from Kaspersky Labs said 98 per cent of mobile malware now targets the Android operating system. Taking a leaf from that report, and going one up on it, the Cisco 2014 Annual Security Report now reckons that Android mobile devices bear the brunt of 99 per cent of all mobile malware.
In addition, as the Kaspersky report highlighted, the majority of mobile malware in 2013 targeted users’ money. The number of mobile malware modifications designed for phishing, the theft of bank card information and money from bank accounts increased by a factor of almost 20, it noted.
The Cisco report echoes the sentiment, maintaining that Middle East businesses face unprecedented levels of cyber-attacks as global security vulnerabilities and threats against systems, applications, and personal networks have reached their highest-ever recorded level.
Just how safe is your smartphone anyway? With Android by far the most popular platform, and many of us now using the smartphone for financial transactions, this warning must ring some bells even if taken with a pinch of salt.
An increasing number of users now use their smartphones for making e-payments and money transfers, assuming that they are as secure as the bank’s infrastructure. However, a vulnerable device could mean an open invitation to hackers and phishers.
“The mobile malware sector is growing rapidly both technologically and structurally. It is safe to say that today’s cybercriminal is no longer a lone hacker but part of a serious business operation,” warns Kaspersky.
The anti-virus firm said in its report that there are various types of actors involved in the mobile malware industry: virus writers, testers, interface designers of both the malicious apps and the web pages they are distributed from, owners of the partner programs that spread the malware, and mobile botnet owners.
This division of labour among the cybercriminals can also be seen in the behaviour of their Trojans, it states. In 2013, there was evidence of cooperation (most probably on a commercial basis) between different groups of virus writers. For example, the botnet Trojan-SMS.AndroidOS.Opfake.a, in addition to its own activity, also spread Backdoor.AndroidOS.Obad.a by sending spam containing a link to the malware to the victim’s list of contacts.
Among a host of troublesome trends flagged by Cisco in its report, Java is the most frequently exploited programming language, and Multipurpose Trojans are among the most frequently encountered Web-delivered malware.
Specific business sectors besides energy, such as pharmaceutical, chemical, electronics manufacturing, agriculture; and mining are showing sharp rise in malware attacks, the report highlights.
Further, the report indicates a shortage of more than 1 million security professionals across the globe in 2014, as most organisations do not have the people or systems to continuously monitor extended networks or detect infiltrations, and then apply protections, in a timely and effective manner.
Cisco notes that in the rapidly evolving world of security threats, total global threat alerts increased 14 per cent year-on-year from 2012 to 2013. Around the world, a sample of 30 of the world’s largest Fortune 500 companies generated visitor traffic to websites that host malware, with the Middle East’s energy, oil, and gas sector seeing a sharp rise in malware attacks.
“Organisations across the Middle East and Africa must realise that it is no longer if they will targeted by cyberattacks, but rather when,” Rabih Dabboussi, Managing Director, Cisco UAE, said in a media statement.
“Chief Information Security Officers face growing pressure to protect terabytes of data on an increasingly porous network, manage information safely especially on the cloud, and evaluate the risks of working with third-party vendors for specialized solutions – all in the wake of shrinking budgets and leaner IT teams.”
The Middle East and Africa region, the report noted, is posting strong adoption of smart devices, set to grow from 133 million in 2013 to 598 million in 2018, and cloud computing, set to post the world’s-strongest cloud traffic growth rate from 17 exabytes in 2012 to 157 exabytes in 2017, according to Cisco.
However, while increasing mobility is rapidly enhancing daily lives and businesses, it is also driving more complex security threats and solutions. Businesses across the Middle East are at high risk, with 65 per cent of employees not understanding the security risks of using personal devices to the workplace, according to Cisco’s recent Middle East ICT Security Study.
As a result, cybercriminals are increasingly attacking Internet infrastructure rather than individual computers or devices, with password and credential theft, hidden-in-plain-sight infiltrations, and breaching and stealing data.