The mobile security firm Skycure has released its Mobile Threat Intelligence report for Q1 2016. The report shows that malware and other threats directed at mobile devices are on the rise. Skycure CTO Yair Amit warns that it's not just personal devices which are at risk, businesses are threatened as well. "Malware absolutely exists on enterprise mobile devices and standardizing on iOS doesn’t make you safe," he said, "Unlike the nuisance malware of the past that targeted only consumers, today’s malware is smarter, and often more focused on businesses. We have seen recent attacks that have been specifically designed to circumvent two-factor authentication. Smartphones make excellent reconnaissance tools because they are able to track a user’s conversations and movements twenty-four seven. That means malware can target specific individuals for access to valuable personal and corporate information."
The data collected for Skycure's report comes from millions of security tests conducted from January to March of 2016. These tests included both unmanaged devices and those with security management in enterprise organizations. According to the report, 4% of mobile devices are infected with malware. Android devices are more likely to be infected than iOS, with 5.7% of Android devices infected vs 3% of iOS devices. The report says it is easier to create and distribute malware on the Android platform than is for iOS, which is why malware is more prevalent and comes in more varieties on that platform.
Skycure has also noted that many organizations still do not implement security measures on their Android devices to prevent the downloading of apps from third-party app stores. This can be a problem because apps at third-party stores are far more likely to be malware than those found on Google Play. According to Skycure's statistics, about 1 in every 1600 apps downloaded from Google Play is malware. On the Samsung store about 1 in every 900 downloaded apps is malware, and on the Amazon store the number rises to 1 in every 130 apps. The third-party store Aptoid is even more dangerous with 1 in every 23 downloaded being malware.
The data gathered by Skycure also indicates that malware is downloaded more at a certain time of day. Although total app downloads are relatively flat across the entire day with a slight increase during work US work hours, there is a huge spike in malware downloads from 9-10 AM EST. The report states that malware is downloaded at ten times the rate during that hour compared with the rest of the day. The most likely reason for this increase is that hackers are deploying social engineering tactics at that time of day to trick people into downloading malicious apps.
The report covers many different types of malware which might infect enterprise devices. Screen-locking ransomware is the most common, but crypto-ransomware is becoming more common. Businesses are prime targets for ransomware because they may be more willing to pay money to regain access to valuable information. Also mentioned in the report is the Accessibility Clickjacking Exploit, which was covered by TechRaptor earlier in the year.
Aside from malware, mobile devices also face other security threats. Skycure reports that network threats, such as man-in-the-middle attacks which intercept and decrypt communications between two devices, make up the largest portion of mobile threats. Dividing up the threats discovered in the study into three broad categories, network threats account for 70% of all threats, malware accounts for 13% and configuration threats account for 17%.
Another security risk identified is that about 31% of still do not use lock-screen passcodes. Although that is a large chunk, the number of devices making use of passcodes is rising. Many businesses have policies which require employees to secure their work devices with a passcode. Skycure also find that more people are choosing to secure their personal devices with a passcode as well, even if not required to do so.
The report also includes a risk assessment which is based on previous exposure to threats, configuration settings, and user behavior. It puts nearly a third of devices as being medium risk or higher, and almost 2% of devices as being high risk. Although 2% is a fairly small number, even a single compromised device could cause serious damage to a company. The report also indicates that, in an average organization, 23% of devices will be exposed to network threats in the first month of security monitoring. By the fourth month, that number rises to 45% of devices.
The final section of the report contains suggestions for combating mobile threats. It recommends implementing mobile threat defense solution, which can be obtained from enterprise mobility management vendors. However it also warns that traditional measures may not be enough to protect businesses from security threats. It also calls for, "multiple layers of threat intelligence and advanced analytics. In addition to the local threat information collected and analyzed on the device, organizations can benefit from crowd-sourced threat intelligence from many distributed devices and additional server-side analysis to identify and protect enterprises even from sophisticated malware that bypasses classical detection methods."