In 2004, Cabir became the first mobile-based worm. Although developed as a proof-of-concept, within a year Cabir helped spawn mobile malware including the first mobile Trojan (Qdial) and mobile application hack (Skulls). Today, the explosion of smartphones and tablets has spawned an entirely new hacking industry – one that has the potential to bypass your current cybersecurity strategies if you don’t consider mobile protection.
I have touched on BYOD in the past. Shamun Mahmud has too, explaining that the trouble with BYOD is “IT managers must now account for user access from a wider variety of devices not completely under their control.”
For years, organizations only needed to invest in PC virus protection. And for years, employees relied on their IT department to keep their hardware and software secure. Now there’s a paradigm shift: the new model for cybersecurity is bottom-to-top focused. However, many organizations have not adapted.
Even more alarming, unlike PC malware, mobile malware is highly focused. Consumer PC viruses are usually developed for the masses so they can capture the maximum amount of users. However, by developing a broader net, the malware is more exposed and weaker. This helps developers identify malware faster and fix vulnerabilities or develop protection software quickly. Mobile malware targets very specific apps, devices, or functions. This new focus means hackers spend more time developing securities in their malware, making them harder to discover and fix.
Many mobile users do not think of their mobile device as a portable computer. To many people, their smartphone is still just a phone and a tablet is the kind of personal assistant they remember from the 90’s. They forget both are simply smaller computers with the same weaknesses.
If your agency allows people to bring their own devices there are many elements you must now consider:
- Android App Market – Unlike Apple’s self-governed, closed app market, Android has an open market distribution model. This gives hackers a platform to target naïve Android users (although, admittedly Apple’s isn’t 100% secure). In the second quarter of 2012 alone, Kaspersky Labs found malicious apps in the Android market tripled to 14,923. People unknowingly download one of those malicious apps and bring it into your secure network, bypassing a lot of your cybersecurity.
- Operating System (OS) Updates – Like computers, mobile devices suffer from OS exploits. 48% of Android devices are still running Gingerbread, a two-year old operating system. Gingerbread is also the most targeted OS because hackers have had more time to find vulnerabilities and it has known Java vulnerabilities.
- A Delay in Mobile Cybersecurity Protection – Admittedly, it has taken software companies time to catch up to enterprise hackers. The first mobile security software only came out in the last two years. Thankfully, developers are now quickly catching up. Symantec offers a suite of Mobile Security software focused on mobile security for instance.
- Intelligent Worms & Trojans – As software and hardware developers fortified their desktop products, hackers began looking for fertile pastures. They quickly seized the opportunities the developing mobile market currently presents them.
- Ransomware Attacks – Van Ristau, Chief Technology Officer at DLT, has written about the ransomware threat. Ransomware disables a function of a victim’s device and demands a fee to restore the system. Imagine if someone downloads data to their phone (passwords, e-mails, documents) and later the phone gets infected with ransomware. As with the above bullet, ransomeware attacks are getting stronger too. Yesterday, Threat Post reported on a newly discovered, advanced strain.
It’s a brave new world, one that takes proactive IT professionals to fully secure. Identifying your agency’s mobile vulnerabilities, educating people on mobile security and malware, and installing mobile security software like Symantec will ensure your networks and data remain safe and secure.
Image courtesy of tecchannel.de.