One of the primary points raised in this year’s RSA Conference is that mobile threats are as real and pressing as other industry issues today. Amid heated discussions over cloud security, several sessions were spent on reviewing the threats to mobile security and on laying out concrete steps so we can defend our mobile lives.
The Ugly Truth Behind Mobile Security
Mobile threats have been around for years, dating back to when mobile phones first became popular. Earlier versions of mobile malware were primitive in the sense that they neither used encryption nor social engineering tactics. Over time, however, mobile malware proliferators improved on their techniques to ensure their profitability.
Interestingly, despite the emergence of more complex threats at a time when smartphones are changing the mobile landscape such as increasing mobile email use, basic SMS malware still exist. The reason for this is simple—cybercriminals are still making money out of SMS malware. Denis Maslennikov’s presentation revealed that 40–67 percent of the revenue goes to affiliates who invest a relatively small amount to be able to engage in malicious schemes. With infected users losing as much as US$1.2 million per month because of these threats, it’s easy to see why these threats continue to proliferate.
As threat response engineer Jeffrey Bernardino points out, “The Russian ransomware incidents we saw last month show that cybercriminals indeed go where the money is. Even old-school techniques such as using premium-rate SMS numbers still exist because users continue to fall for these traps.”
More recently, another mobile malware disguised as an MMS application targeted Russian users. Detected by Trend Micro as JAVA_JIFAKE.SMA, the Trojan tricked users into sending MMS greetings when in reality it was sending SMS messages to premium-rate numbers. Also seen this week was a new Android OS Trojan disguised as a legitimate wallpaper application. Apart from gathering user information from the infected device, ANDROIDOS_ADRD.A has been primarily designed as a click-fraud Trojan that can lead to increased and expensive data charges. Again, it all boils down to the simple goal of moneymaking.
Defending Your Mobile Life
The question then of how users can best defend their mobile lives needs to be raised. This is particularly crucial as mobile Internet becomes even more integrated into our daily lives. Mark Bauhaus shared that smartphone sales are expected to exceed PC sales by 2012. It is not surprising then that mobile phones are security threat targets as well.
For the most part, user awareness is still a key preventive measure. Knowing the threats that are out there and how best to avoid them can save users a lot of trouble. However, proactive solutions such as the Trend Micro Mobile Security software can also help users avoid the costs that come with merely waiting and reacting to threats. Along with mobile security policies, particularly in the enterprise setting, a more proactive approach to preventing mobile threats can spell the difference between a successful or failed attack.