Mobile Security Threats are on the Rise

By Ken Jacobi, Sr. Product Marketing Manager, Enterprise/FI, Webroot, Inc.

The Challenge of Mobile Security

Mobile devices focus on convenience over security. As such, users engage in risky behaviors without realizing it: they download apps from third parties, they use insecure public Wi-Fi networks, browse to insecure sites using their mobile browser, and click on questionable links from within their mobile email. The result of this behavior is that users download malicious or spoofed mobile apps, they introduce mobile malware to their device, and they increase the likelihood that they will be redirected to a phishing site where their login credentials can be easily compromised.

Since significantly more data is easily accessible to a compromised mobile device, social engineering will become an even sharper tool for cybercriminals when refined to attack mobile devices. Financial institutions risk increased fraud in their mobile channel, and mobile users risk identity theft which can be frustrating and time consuming to recover from as they must deal with aggressive credit and collections firms. Users also risk providing access to accounts and login credentials via email, and to sensitive documents via cloud storage apps.

Tools and services for attacking mobile platforms are becoming much more common in underground markets than a year ago and cover a wide range of attack vectors. For example, there are services for malicious app building, mobile number harvesting, SMS flooding/phishing, telephony flooding/phishing, malicious mobile website building, botnet app binding and related hosted services, obfuscation tools, etc. Other available services include access to stolen developer accounts and credentials, exploit development, drive-by install, and app bundling.

Current Mobile Malware and Phishing Statistics

The Webroot App Reputation service, which monitors over fifteen million new and updated Android apps, has identified a shift from Benign and Trustworthy apps (52% in 2013 to 28% in 2014) to Malicious, Suspicious, and Unwanted apps. In 2014, only 28% of all apps were Trustworthy/Benign while over 22% were Unwanted/Malicious. Meanwhile, the total number of malicious apps has grown exponentially, from just 203 in 2011 to 14,088 in 2012. In 2013 the number was up to 365,772, and hit 1.3M in 2014, a three-year growth rate of over 6,200%. Webroot found that Malicious, Suspicious, and Unwanted apps are increasingly installed at the factory, particularly on devices geared for emerging markets.

Cumulative distribution of mobile app reputation in 2014.

Cumulative distribution of mobile app reputation in 2014.
There is a shift from benign and trustworthy apps (52% in 2013 to 28% in 2014) to malicious, suspicious and unwanted apps.

Of the Malicious apps, Trojans make up the vast majority of malicious threats, averaging 77% for 2014. Trojans are a broad category of apps that include Short Message Service (SMS) infections (the largest family of malicious Android apps) and fake installers. The other prevalent categories are Potentially Unwanted Apps (PUAs, 10%), spyware (9%), and rootkits (4%). By category, tools (44%) represented the leading category for malicious apps. These include calculators, battery management apps, etc., which often require additional access to the device. After Tools were Arcade & Action (8%), Casual (5%), Entertainment (5%), Personalization (4%), Brain & Puzzle (4%), Communication (3%), and Social (3%). It is estimated that up to 35-40% of mobile phones contain malware.

Frequency of Android (TM) Application Threat Types

Frequency of Android (TM) Application Threat Types

Phishing sites are another considerable threat for mobile users. Webroot detected significantly more phishing sites in the last quarter of 2014. 2.5% of Webroot customers had a first contact with a zero-day phishing site each month, and over 12 months, 30% of users visit a fraudulent zero-day URL. Interestingly, phishing sites are often online for only for a few hours, or until a threshold of visits is reached. Real-time detection can protect against phishing sites that are seconds old, whereas blacklists will never be sufficient due to the ever-changing universe of sites.

Percentage of Phishing Sites by Industry Category

Percentage of Phishing Sites by Industry Category

Percentage of Companies Impersonated by Phishing Sites

Percentage of Companies Impersonated by Phishing Sites

A Potential Solution: Real-time, Collective, Threat Intelligence   

To mitigate the risks of malicious apps, browser-based and phishing attacks, organizations must deploy advanced mobile security capabilities such as real-time, collective, threat detection. Financial institutions can protect themselves and their customers by integrating advanced security capabilities in their mobile apps through the use of a software development kit, or SDK, typically a set of software development tools for a specialized purpose or development platform. Protection is then provided to customers as a download during the next online banking session for example.

Integration of a security SDK also enables financial institutions to implement session-based risk scoring for mobile devices that customers use to conduct financial transactions. Risk-based scoring of device health enables an institution to remotely determine the “health” of a mobile device. Factors such as malware on the device, the device being rooted or jail broken, disabling OS security, the device being run in an emulator, whether security is enabled and up-to-date, whether the OS is up-to-date, geographic location of the device, etc. can all be fed into a risk scoring algorithm. Financial institutions can develop policies on what actions to take based on score. For example, customers may be granted full access to the mobile app, limited access to transactions or limited dollar value of transactions, or be denied access.

The balance of convenience and access vs. security will always be a difficult challenge as financial institutions strive to recruit and retain customers and increase satisfaction scores, while reducing risk and protecting their interests as well as the financial assets and transactions, and personal information of their customers.

Contact: Ken Jacobi, Sr. Product Marketing Manager, Enterprise/FI,
Phone: 720-842-3164



Webroot provides intelligent cybersecurity for endpoints, as well as operational threat intelligence services. We utilize the lightest device agent for Internet connected devices and leverage a collective threat intelligence cloud with shared operational threat data for IPs, URLs, Files, and Apps. Webroot technology is proven and has received third-party validation including Gartner MQ Visionary for Business Endpoint and industry best customer satisfaction scores of 96%. Webroot BrightCloud Threat Intelligence has been integrated in the offerings of over twenty leading IT security firms.



Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.