In the last 6 months, Pradeo Lab has observed a massive 92% rise of zero-day malware on mobile devices, demonstrating that hackers are strongly focusing their attention on enterprise mobility and constantly innovating to overcome security fences.
Zero-day malware refers to malware unknown to most virus databases. Such malware is only detected by solutions performing real-time behavioral analysis, as standard mobile security solutions relying on virus databases do not cover them.
Hackers access mobile devices and sensitive data through three potential vectors: Applications (malware, spyware, adware), the network (Phishing, Man-In-The-Middle attack) and the device (OS vulnerabilities exploitation), explains the Mobile Threat Report released by Pradeo Labs.
The most common threat the study observe for the last two years is data exfiltration through mobile applications, with 59% of apps sending data out of the device. Mobile malware is far less numerous but hits faster and does more damage.
While the number of assaults through the network remain constant, there has been a 100% growth in instances of device compromise in the last 6 months, illustrating that the threat landscape is constantly shifting.
Mobile applications are at the center of operations for employees, partners and clients. They handle more sensitive data than any other media and yet, a lot of them silently leak users’ personal data toward remote servers.
The study noted that the most leaked data are location coordinates, contact lists, users profile information (credentials), users files (photo, video, document...) and SMS.
As governments and authorities urge organizations around the world to protect personal data from leakage and theft, mobile applications are a big risk for compliance and their behaviors must be scrutinized.
Application vulnerabilities
Mobile applications can be vulnerable because of some errors in their source code or in the libraries they host. These vulnerabilities highly expose them to attacks.
Hundred of vulnerabilities are referenced by the US National Vulnerability Database, the OWASP mobile security project, US- CERT, etc. to help developers building and maintaining secure mobile applications.
Three applications out of 5 feature vulnerabilities that make them prone to data leakage, Denial of Service (DoS) attacks, Man-In-The-Middle attacks and show encryption weaknesses.
The most common network threats that study detected during the last 6 months are:
Public WiFi exploits: The amount of unsecured public hotspots and users who get connected to them is continuously increasing. As a result, mobile attacks through this vector are growing and currently represent the most detected network threat.
Phishing attacks: Mostly targeting computers until a year ago, phishing attacks have made it directly to the second position of the most detected network exploit on mobile devices. They trap mobile owners using malicious links included in emails or SMS.
Man-In-The-Middle attacks: A MITM attack happens when a communication between two parties is intercepted or altered by an outside entity. Hackers perpetrate this attack through WiFi hotspots or by using IP, ARP or DNS spoofing.
Mobile devices are often exploited by hackers to access and steal sensitive data from organizations, making them the second vector of threats. The report also listed the most detected threats operating at the device level:
Vulnerable OS compromise: Mobile devices operating systems have vulnerabilities that are discovered and patched with security updates on a regular basis. Although, most mobile users don’t update their device as soon as a new OS version is available, letting it run on a vulnerable version for weeks. As a result, this is the most common device threat.
Modified settings exploit: Some users customize their mobile device settings by deactivating security options to grant themselves more rights. As a consequence, the altered mobile device becomes easily hackable.
Root / jailbreak exploit: Only a small amount of users jailbreak or root their mobile device, but when they do, it totally shatters its security fences, opening the front door to malware and hackers.
First published in NetworksAsia