2014 saw a surge in new mobile threat tactics like ransomware and an increase in threat sophistication and experimentation, a study has shown.
This was probably in reaction to mobile operators increasing their threat countermeasures and a general crackdown on premium-rate text message abuse, according to the 2014 Mobile Threat Report by security firm Lookout.
The report noted while premium-rate text messaging was easily exploited by attackers with great success in 2013, it was relatively easy to implement countermeasures by security firms, mobile operators and platforms.
But the apparent success of these countermeasures in 2014 is a double-edged sword, the report said, driving attackers to develop more insidious threats like ransomware.
While the impact of premium-rate text messaging abuse is a few nominal charges to a victim’s monthly bill, the impact of ransomware like ScarePakage is the complete loss of device functionality.
In addition, there is the potential mental anguish from false criminal accusations, as well as substantial financial loss if a victim elects to pay the ransom, the report said.
More on mobile malware
- Mobile malware threats jump 26% in third quarter
- Research reveals widespread mobile app hacking
- Android versus iOS in the enterprise: A whole new ballgame in 2013
- Android versus iOS security: Features, policies and controls
- Reassessing Mac enterprise security in face of Flashback malware
- Android security model doing best to enable mobile malware spread
- How an iOS virus can infect the enterprise and what to do about it
- Smartphone malware: Infections will hit one in 20, study predicts
- Security issues hit Apple as new OS X released
The success of ransomware in the US and western Europe indicates that when thwarted, mobile attackers will innovate to maintain an edge.
Researchers said threats injected in mobile supply chains such as DeathRing and the rise of technically sophisticated threats such as NotCompatible shows attackers are upping their threat construction and deployment game.
In 2014, Lookout observed a handful of mobile threats such as DeathRing and a new variant of Mouabad that indicated the compromise of mobile supply chains and the pre-loading of malware on factory-shipped devices.
Researchers also found new variant NotCompatible, a sophisticated mobile threat with layers of complex self-defence mechanisms that evade detection and countermeasures, gained considerable traction in the US and western Europe.
Analysis of security detections from Lookout’s dataset of more than 60 million global users revealed that ransomware surged globally, with ScareMeNot and ScarePakage among the top five most-prevalent mobile threats in UK and Germany, as well as the US.
Fall in adware
However, 2014 saw a dramatic fall in the prevalence of adware – apps that serve obtrusive ads that interfere with standard mobile operating experiences and/or collect excessive personal data.
Google’s crackdown on adware in 2013, and its continued policing of the Play Store, has substantially reduced the prevalence of abusive mobile advertising practices in Android apps, the report said.
In some countries, such as the UK, the adware encounter rates are now surpassed by other threats like chargeware – apps that charge users for content or services without clear notification or the opportunity to provide informed consent.
Although chargeware has declined in the UK, it is still the top mobile threat with an encounter rate of 11% compared with France (9%), Germany (7%), and the US (4%).
Germany, however, experienced a 250% surge in chargeware encounter rates in 2014 due to the prolific success of the SMSCapers threat.
The report attributes the fall chargeware encounter rates in the UK and France to the efforts of regulatory bodies such as Ofcom partner PhonepayPlus to curb premium-rate service abuse.
Effective regulation making a difference
PhonepayPlus acting chief executive Jo Prowse said mobile malware continues to pose a risk to consumers and the digital economy.
“But, as Lookout's latest report shows, effective regulation in partnership with the information security industry can make a real difference.
PhonepayPlus is continuously working to monitor and counter mobile malware that misuses premium rate services
Jo Prowse, PhonepayPlus
“PhonepayPlus is continuously working to monitor and counter mobile malware that misuses premium rate services, and when required we will take robust action to protect UK consumers and the digital economy,” she said.
As a consequence of the success against chargeware, the ransomware threat ScareMeNot is the second most prevalent threat to UK mobile users.
ScareMeNot pretends to scan victims’ phones and then locks their device after falsely reporting that its scan found illicit content. ScareMeNot attempts to coerce victims into paying them to avoid criminal charges and regain control of their device.
The third most prevent mobile threat in the UK ActSpat, which is a trojan that commits premium-rate text messaging fraud and may push obtrusive ads to the notification bar, create pop-up ads, place shortcuts on the device’s home screen and download large files without asking.
Fourth is Tornika, another trojan disguised as a media player that sends personal information from compromised devices to third parties and may attempt to charge victims money. It can also enable third parties to display ads without a way to opt out.
Completing the list of top-five threats in the UK is NotCompatible, a trojan that surreptitiously acts as a network proxy, allowing attackers to send and receive traffic through a victim’s mobile device onto connected networks for fraudulent purposes.
Mobile threats to UK business
NotCompatible is listed as second only to TowelRoot in the UK enterprise world. TowelRoot is a threat that contains code to gain admin privileges and bypass a device’s security settings, and is listed as the top mobile threat to UK business in a separate enterprise report by Lookout.
If not remediated by a security solution, mobile threats can linger on infected devices for months
Lookout enterprise report
“If not remediated by a security solution, mobile threats can linger on infected devices for months and these devices can later carry existing infections, such as NotCompatible, into new corporate environments,” the enterprise report said.
The third most prevalent threat to UK enterprise is Framaroot, a threat that contains code to gain admin privileges and bypass a device’s security settings.
In the face of more sophisticated adversaries, the report said mobile users can stay one step ahead by remaining vigilant, installing apps from trusted app marketplaces and installing advanced mobile security applications on their devices.
Overall, mobile security threats are growing more complex and they have a persistent and widespread impact across organisations worldwide, according to a separate enterprise report by Lookout.
Businesses not aware of mobile risk
However, many companies around the world do not yet understand the extent of their mobile risk profile because “they lack deep visibility into the security status of mobile devices connecting to their networks and databases,” the report said.
In a world where pre-loaded mobile malware exists, the report said not even corporate-owned and provisioned devices should be exempt from security scrutiny.
“Moreover, with increasing BYOD [bring-your-own-device] activity in the workplace, the importance of having this security visibility only grows since BYO devices will typically touch a greater diversity of networks and download more software than their corporate counterparts,” the report said.
The enterprise report recommends organisations carry out the following:
- Implement mobile threat protection to monitor for and protect against suspicious activity on their mobile devices, block identified threats and assess the overall health of their mobile ecosystem;
- Segment networks for mobile devices to limited mobiles to an isolated network segment with strong controls limiting access to sensitive resources and analytics to detect potentially malicious behavior;
- Educate employees on mobile security best practices to avoid risky behavior to help limit an organisation’s mobile risk profile.