Story image

Blue Coat sounds alarm on escalating mobile malware

04 Nov 2015

Blue Coat Systems has sounded the alarm for individual and organisations to strengthen defences around mobile devices after seeing an escalation in insidious and malicious mobile attacks.

The security vendor’s annual State of Mobile Malware report shows cyber blackmail – or mobile ransomware attacks – led the way as the top malware type in 2015, along with the stealthy insertion of spyware on devices that allows attackers to profile behaviour and online habits.

Hugh Thompson, Blue Coat CTO and senior vice president, says as we sleep, exercise, work and shop with our mobile devices, cyber criminals are waiting to take advantage of the data the devices collect – something Blue Coat says is evident in the types of malware and attacks it is seeing.

And it isn’t just consumers under threat.

“The implications of this nefarious activity certainly carry over to corporate IT as organisations rapidly adopt cloud-based, mobile versions of enterprise applications, opening up another avenue for attackers,” Thompson notes.

“A holistic and strategic approach to managing risk must extend the perimeter to mobile and cloud environments — based on a realistic, accurate look at the problem — and deploy advanced protections that can prioritise and remediate sophisticated, emerging and unknown threats.”

This year’s survey shows ransomware, potentially unwanted software (Pus) and information leakage were the top types of mobile malware this year, with Blue Coat noting the world of mobile ransomware has grown dramatically over the past year.

“While some varieties that run on Android devices cause little damage beyond convincing victims to pay the cyber hostage-taker, many have adopted more sophisticated approaches common to ransomware in the Windows environment,” Blue Coat says.

The threats render music files, photographs, videos and other document types unreadable, while typically demanding an untraceable form of payment such as Bitcoin.

PUS exhibits behaviour typical of adware or spyware, spying on users’ online activity and personal data or serving extra ads, while information leakage malware watches users and reports out on a 24x7x365 basis.

“This information leakage is usually a minor drip, showing the version of their phone’s operating system, the manufacturer, the specific app or browser being used, or similar information,” Blue Coat says.

The report shows pornography returned as the number one threat vector, after dropping to number two last year. Blue Coat says when it sees a mobile user’s traffic heading to a malicious site, 36% of the time that user is following a link from a porn site.

WebAds, including malvertising attacks and sites that host Trojan apps designed to appeal to – you guessed it – porn site visitors, was the second most common threat vector, but accounted for less than 5% - a substantial drop from almost 20% last year.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.