On Cyber Threats in the Mobile Environment

Friday, April 20, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

Today I desire to share with you the results of a study by security firm Trend Micro which is focused on mobile threat incidents related to the first quarter of 2012.

The large diffusion of mobile devices and the lack of awareness of principal cyber threats have produced an increasing interest by cybercriminals in the mobility sector, and the Android platform is the most targeted with over 5000 new malicious apps.

The study analyzes every kind of mobile device including laptops, tablets and global positioning system (GPS) devices. Companies and governments must be aware of the risks related to improper usage of these powerful instruments which could expose sensitive information if the owners do not take the necessary precautions.

One revolution in the information technology world is the development and deployment of these mobile systems, machines which are characterized by a processing capacity equal to a common desktop.

Why do we believe these mobile systems are so precious? They are somehow an extension of our person, they follow us everywhere, track our position, they know our contacts (email, phone numbers), manage our appointments, and when we surf on the web through these devices we indirectly provide information on our habits.

As mentioned, the study reveals that Android-based smartphones suffered from more cybercriminal attacks due their increasing of their exposure to cyber threats.

Smartphones and tablets, due to their convenience, are becoming the preferred tools for browsing the Internet, and the percentage of access to corporate networks from these mobile devices has increased significantly. The trend was evident in all countries, with the UK showing the largest increase in smartphone usage from 30% to 45% of the total population.

(click image to enlarge)

We have observed an increasing focus by cybercrime on mobile sector, and they are are often exploiting security vulnerabilities in legitimate mobile apps, making data extraction and information gathering easier. 

The purpose is not only to steal sensitive information of the users like banking credentials, but also for cyber espionage where cyber criminals and government spies have discovered it is really convenient to spy on an individual by simply controlling their mobile device.

Malicious apps are able to control emails, SMS text messages, GPS location and voice communications. Another threat of serious concern is the rapid spread of botnets based on mobile devices, as it is favored because of the almost total absence of protection mechanisms and so difficult to combat and trace the agents composing the botnet. 

These cyber threats should alarm private industry, as the risk of data exposure is really high and due the growth of the mobile sector which is still all too vulnerable. Cyber criminals and government agencies are aware of the importance of information gained from our mobile device and therefore are showing an increased interest in the sector.

Hacker groups like Anonymous will pose an even bigger threat to organizations that desire to protect highly sensitive data by targeting companies and individuals for various political reasons. We have measured an exponential growth of malware designed to attack mobile systems and steal sensitive information, useful for the accomplishments of fraud, particularly in the banking sector. 

Don't forget that hacktivism is considered one of the most serious threats by all the governments of the world.

(click image to enlarge)

The scenario of a mobile attack is always the same, and users who use online App stores may be downloading compromised software infected by malware. The number of applications available on the store is increasing day by day, especially for the open platforms like android.

(click image to enlarge)

Let's consider also that there are third-party stores that provide alternative apps for users, but downloading from these unofficial channels is very dangerous for end users. The main problem related to alternative app stores are that they are not sufficiently controlled or could be altogether managed by cyber criminals to provide fake copies of legitimated applications modified to commit fraud. 

Due the prevalence of malware targeting the Android OS, several companies have tried to categorized them depending on the fraud and attack schema implemented. The following is the categorization proposed by Trend Micro:

(click image to enlarge)

As previously mentioned, the Android Market has less restrictions when it comes to registering as a developer. The strategy is implemented to encourage app developers to adopt the platform, but of course this also makes it is easier for cybercriminals to upload their malicious apps or their Trojanized counterparts.  

The following are some of noteworthy incidents listed by Trend Micro that have leveraged this loophole:

  • We analyzed several Trojanized applications found in the Android Market detected as ANDROIDOS_LOTOOR.A. One of these apps is the game Falling Down, which renders similar to the clean version. Once installed, the Trojanized version asks for more access permissions. It also gathers device information like IMEI and IMSI numbers and roots affected devices.
  • One of the malware variants found in the Android Market is the notorious DroidDreamLight variant. Trend Micro researchers found an app that promotes itself as a .APK file management tool. However, instead of helping users, this app (detected as ANDROIDOS_DORDRAE.M) collects device-related information and uploads it to remote servers. It was immediately taken off the Android Market.
  • Google released the Android Market Security Tool in the Android Market. Cybercriminals, on the other hand, were not deterred by this tool and even released a Trojanized version. Detected as ANDROIDOS_BGSERV.A, it acts as a backdoor that gathers information from the device and sends these to a remote URL.

Cybercriminals have also created and distributed malware using the names of popular apps that are not yet available on the Android Market. Android users anticipating these games are the likely victims of this ruse. A recent example is a fake version of Temple Run we found in the Android Market.

The reports alert mobile users regarding the extension of common threat to mobile environments like advanced persistent threats (APTs). For the implicit nature of the attacks they are considered “campaigns” rather than singular "incidents,”.

The report also provides some interesting data related to the "Luckycat Campaign" linked to 90 attacks targeting several industries in Japan and India as well as Tibetan activists in 2011. The attacks exploited several vulnerabilities in Microsoft Office as well as Adobe Reader, Acrobat, and Flash Player via specially crafted email attachments.

(click image to enlarge)

Mobile is synonimous of social, and the social networks are the application that most benefit from mobility, whcih is also revolutionizing the concept of privacy. The imperative are "be social" and "share" are two concepts that expose millions of unsuspecting users to serious cyber threats. Exploiting with different techniques through the "social" model makes it possible to reveal the personal data to other parties.

This situation is most dangerous if we consider that the access made possible via mobile devices. We have discovered a lot vulnerabilities related to these platforms and the applications that run on them. Also consider the increase in malware developed with the specific intent to steal any kind of information from these platforms.

As predicted, cyber criminals are exploiting this new vector to spread their attacks, and the report ends with some interesting data on email spam and ramsonware, two cyber threats that are constantly growing. 

Phone spam is a form of spamming directed at the text messaging service of a user. It is described as mobile spamming, SMS spam, text spam or mspam. Spam can ensnare a user into visiting an infected website or link to download a malicious application.

This quick overview of the mobile universe has the purpose to spread awareness on emerging cyber threats, which unfortunately today it is still low. The increased diffusion of mobile devices and their increasing processing capacity present a motive of interest on the part of cybercriminals and even governments to spy on users.

For now, the concept of security and mobility are clashing and there is still much to do...

Cross-posted from Secuirty Affairs

Possibly Related Articles:
15999
PDAs/Smart Phones
Information Security
Data Loss malware Application Security Botnets Vulnerabilities Mobile Devices Cyber Crime Smart Phone Threats
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.