Mobile Malware Increasing Rapidly, Causing Risks for Enterprises
A recent report conducted by Kindsight Security Labs discovered that the number of malware infections affecting mobile phones are increasing at dramatic rate. In the first half of this year infections have already risen 17 percent, while infections rose 20 percent during all of 2013. There are nearly 15 million infected mobile devices worldwide, according to the study
The report also found that 60 percent of mobile devices infected with malware run on the Android platform. Malware is more easily spread on Android devices because the digital control certificates used to sign applications are not controlled and are usually self-signed and unable to be traced back to a developer. While malware infecting Android devices is increasing, malicious software affecting Windows computers is still the biggest problem security researchers are seeing. In fact, the report found that 40 percent of mobile malware stems from a Windows-based laptop being connected to the mobile device.
“Android smartphones are the easiest malware target, but Windows laptops are still the favorite of hard core professional cybercriminals,” said Kevin McNamee, security architect and director of Kindsight Security Labs, in an interview with Telecoms.com. “The quality and sophistication of most Android malware is still behind the more mature Windows PC varieties. Android malware makes no serious effort to conceal itself and relies on unsuspecting people to install and infected app.”
The majority of the malware studied in the report was hidden in downloads from fraudulent, third-party app stores or phishing scams, but malicious applications can also be found on legitimate outlets like the Google Play store. Many of the infected devices had personal information stolen from them, as well as experiencing cybercriminals steal minutes from mobile phones and run up phony charges.
Employee mobile use potentially harmful to enterprise networks
McNamee encourages mobile users to be increasingly vigilant about detecting malware on their devices, noting that malicious apps can easily evade detection by device-based antivirus software. With the rise of bring-your-own-device policies, employees’ mobile phones are becoming a bigger risk for companies, as malware that infects a worker’s phone could potentially harm an enterprise system. Unfortunately for most businesses, cybersecurity isn’t a core competency or they are simply too understaffed to adequately protect sensitive information.
Luckily for businesses that aren’t sure how best to protect their systems, security information and event management services are available to watch over networks around the clock and provide actionable data about cybersecurity threats. With a concierge SIEM solution, in-house IT staff can be free to focus on business-critical projects while still ensuring the security of enterprise systems.