As BYOD Trend Grows So Do Malware Attacks

Thursday, September 06, 2012

Bill Gerneglia


The BYOD concept has been a growing trend for some years now as employees become more accustomed to using their own mobile computing devices in their jobs, and accessing corporate assets.

The rapid adoption of high end smartphones and tablets including iPhones, iPads and Android devices along with the number of easily accessible apps is driving this concept forward. Cloud based services, accessible from almost anywhere, are also a key factor. 

The ‘Mobile Security Strategies: Threats, Solutions & Market Forecasts 2012-2017’ report report from Juniper found that while this trend can bring productivity benefits to businesses, it also poses potential security risks. 

In particular, the report found that the majority of employee’s phones and smart devices did not have any form of security software loaded nor were company materials protected. The new report provides detailed assessments of the mobile security threat and the growing market for security solutions.   

The war on cybercrime therefore continues for many organizations and especially their IT departments and CISOs. The total number of  Computer viruses, trojans and web attacks is growing at their fastest pace in four years.

In its recent quarterly "Threats Report", McAfee said that it had found more than 8 million new kinds of malware in the second quarter. This represents an increase of 23% from the first quarterly report. There are now more than 90 million unique strands of malware in the wild according to McAfee.

Microsoft Windows PCs remain the largest targets for malicious cyberattacks, but hackers are targeting other devices too, including Apple Macintosh computers and mobile phones. "Attacks that we've traditionally seen on PCs are now making their way to other devices," said Vincent Weafer, head of McAfee Labs. "This report highlights the need for protection on all devices that may be used to access the Internet."

Apple had their share of security breaches in the second quarter as well. Apple at one point had advertised that Macs didn't get viruses as their operating system was very secure, but a virus called "Flashback" punched a big hole in that theory. The offending piece of malware, which infected hundreds of thousands of Macintosh computers, looked like a normal Adobe Flash browser plug-in but stole thousands of usernames and passwords.

Google is also a growing recipient of maleware attacks. Their mobile Android software is the target of a very large portion of  new mobile malware attacks and McAfee has found about 13,000 different kinds of mobile malware this year, compared to fewer than 2,000 in 2011.

New kinds of attacks include sending spam text messages, commandeering a phone for use in massive botnets, holding a phone hostage in exchange for ransom, and attacking a phone in a "mobile drive-by."

Losses Due to Cybercrime

In a recent Norton Cybercrime Report, it was reported that breaches of various types claimed 431 million adult victims last year, with 73% of adults in the US alone incurring estimated financial losses of $US 140 billion.

As a criminal activity, cyber incursion is now almost as lucrative as the illegal drug trade. The total cost last year, including lost productivity and direct cash losses resulting from cyber attacks associated with viruses, malware and identity theft is estimated at $US 388 billion.

Top Cybercrime Technologies

The security firm McAfee report listed a range of cybercrime technologies deployed including: 

1. denial of service attacks

2. malware

3. spam

4. phishing

5. social site engineering

6. mobile phone viruses

7. botnets and phone sms Trojan messages

Whats Old is New Again

"Ransomware" -- a popular tool for cybercriminals a decade ago -- is fashionable again on smartphones. After a user inadvertently downloads a piece of ransomware, the virus take control of the user's device and data, relinquishing it only if the user pays money to the attacker.

After years of ransomware dormancy, the attack method has grown rapidly in recent months. The second quarter was the biggest ever for new kinds of ransomware.

"Drive-by" downloads are another old form of PC attack that has been recently repurposed for smartphones. They are called "drive-by" because attackers break into websites and infect all users who visit them. McAfee said it found its first instances of mobile drive-by downloads in the second quarter -- attackers dropping malware on your phone when you visit an infected site.

Even Twitter has become a tool for attacks from botnets as large collectives of infected PCs and phones and work behind the scenes to benefit the attacker. Instead of connecting to all the infected devices via a traditional Web server, cybercriminals are increasingly building viruses that are trained to search for commands from specific Twitter accounts. Using Twitter means attackers no can bypass an expensive and easily traceable Web server.

Cross-posted from MyITView

Possibly Related Articles:
Viruses & Malware
Information Security
Data Loss Trojans Enterprise Security malware Social Engineering Botnets Cyber Crime drive-by attacks BYOD
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.