In 2004, Cabir became the first mobile-based worm, infecting Symbian-based devices including old Samsung and Nokia models. Although it was developed as a proof-of-concept, within a year Cabir helped spawn mobile malware including the first mobile Trojan (Qdial) and mobile application hack (Skulls). Today, explosion of smartphones and tablets has spawned an entirely new hacking industry – one that has the potential to bypass your current cybersecurity strategies if you have not included mobile protection.
For years, organizations have invested in PC virus protection. And for years, employees have relied on their IT department to keep their hardware and software secure. Now there’s a paradigm shift: the new model for cybersecurity should be bottom-to-top focused. However, many organizations have been slow to change.
Even more alarming, unlike PC malware, mobile malware is more targeted. PC viruses were developed for the masses and in trying to target the maximum amount of users, were broadly created. This helped developers identify malware faster and either fix vulnerabilities or develop protection software quickly. Mobile malware targets very specific apps, devices, or functions. This new focus means hackers spend more time developing securities in their malware, making them harder to discover and fix.
There are many reasons you should be worried about this new mobile change, but there are also ways to stay protected:
- Android App Market – Unlike Apple’s self-governed, closed app market, Android has an open market distribution model. This has given hackers a platform to target naïve Android users (admittedly Apple isn’t 100% secure). In the second quarter of 2012 alone, Kaspersky Labs found malicious apps in the Android market tripled to 14,923. Those malicious apps are being downloaded onto devices that are now brought to your agency and given access to your networks thanks to a new office trend called Bring Your Own Device (BYOD).
- BYOD – I have briefly written about BYOD in the past. Shamun Mahmud did too, explaining that the trouble with BYOD is “IT manager must now account for user access from a wider variety of devices not completely under their control.” Work with your HR department to develop training and processes for people who bring mobile devices to work.
- OS Updates – Like computers, mobile devices also suffer from OS exploits. 48% of Android devices are still running Gingerbread, a two year old operating system. Gingerbread also happens to be the most targeted OS because hackers have had more time to find vulnerabilities and it has known Java vulnerabilities. Remind your workers to keep their OS and apps up to date to ensure identified vulnerabilities are fixed.
- Lack of Awareness – Many mobile users do not think of their mobile devices as being portable computers. To many people, their smartphone is still just a phone and a tablet is the kind of personal assistant they remember from the 90s. They forget both are simply smaller computers with the same functions and ability to access the internet, and in doing so, with the same weaknesses. Provide training to co-workers and help them identify malicious software.
- A Delay in Mobile Cybersecurity Protection – Admittedly, it has taken software companies time to catch up to enterprise hackers. Thankfully, they are quickly catching up. Symantec now offers a suite of Mobile Security software focused on mobile security.
- More Intelligent Worms & Trojans – As software and hardware developers fortified their products, hackers started looking for more fertile pastures and have quickly seized the opportunities the developing mobile market presents them.
- Ransomware Attacks – Van Ristau, Chief Technology Officer at DLT, has written about the ransomware threat. Ransomware disables a function of the victim’s device and demands that a fee be paid to restore the system. Imagine if someone downloads data to their phone (passwords, e-mails, documents) then get infected with ransomware. As with the above bullet, ransomeware attacks are getting stronger too. Yesterday, Threat Post reported on a new, more advanced strain just discovered.
Identifying your agency’s mobile vulnerabilities, educating people on their proper mobile security and what malware is, and installing software like Symantec on people’s mobile devices will help ensure your networks and data remain safe and secure.