If there were any doubts surrounding the potential gravity of mobile cybersecurity threats, the recent emergence of Android-based botnets could be enough to convince remaining skeptics.
When smartphones and tablets first made their way into the hands of consumers around the world, data security concerns were minimal and users revelled in the newfound power and utility of mobile devices. However, those blissful early days are far in the past now, as hackers have caught up with mobile operating systems and are compromising smartphones and tablets like never before.
According to InformationWeek, smartphones are becoming the the target of choice for cyberattacks as online identity fraud continues to provide lucrative opportunities for skilled hackers. According to G Security Labs, the prevalence of mobile malware has climbed 273 percent in just the first six months of 2011. In that time a new malevolent strains was discovered, on average, every 12 seconds.
To a certain extent, this trend could have been expected. But new reports chronicling more sophistication mobile security threats are cause for concern in the technology community.
According to research from Damballa Labs, there was a sharp increase in the amount of Android devices involved in criminal command and control networks. During one particular two-week period, approximately 20,000 devices were caught in the grips of a botnet scheme.
"Criminal operators continue to hone their craft in 2011 using crimeware that can be repurposed for multiple fraud opportunities, sold or leased to other criminals, and is now successfully infiltrating the mobile space," Damballa analysts noted. "It has become increasingly important that [security] defenders obtain advanced knowledge of the existence and behavior of new criminal operators, and their network of infected assets."
This news should concern all mobile device owners, but enterprise IT managers should also take note. With a number of these infected devices making their way into the office and on to corporate wireless networks, critical business data could be in harm's way. And the dark brilliance of botnet design makes it nearly impossible for users to detect abnormalities until it's too late.
"If attackers can get the bot installed, they can remotely control a user's phone without giving any sign of compromise to the user," noted cybersecurity expert Georgia Weidman, according to InformationWeek.
Despite legitimate cause for concern, there are a number of simple tactics that can greatly reduced the odds of mobile security breaches. First, storing the least amount of sensitive information as possible is always the desired strategy. As that is not always practical or possible for some users, data encryption should be a priority. And finally, clear and explicit mobile device management policies should be employed to protect business data and educate end-users.