SmartPhones Increasingly Targeted for Cybercrime, Spam and Attack



In its most recent Threats Report for Q4 2010 (.PDF), network security company McAfee points out what they call "a steady growth of threats to mobile platforms," with smartphones receiving particular emphasis. In fact, they report that "the number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009." Total counts for new malware for 2010 topped 20 million, or about 55,000 new malware threats for every day of that year. Of the total of 55 million pieces of malware McAfee Labs has isolated and identified since it started monitoring Internet malware, around 36 percent was created in 2010. With some slightly better news, McAfee also reported that spam accounted for 80 percent of all e-mail traffic in Q4 2010, the lowest level since Q1 2007.



[caption id="attachment_245" align="aligncenter" width="417" caption="Headline page from the latest McAfee Threats Quarterly Report (Q4'2010)"]
Headline page from the latest McAfee Threats Quarterly Report (Q4'2010)[/caption]



Senior Vice President of McAfee Labs Vincent Weafer explained the situation this way: "Our Q4 Threats Report shows that cybercriminals are keeping tabs on what's popular, and what will have the biggest impact from the smallest effort. In the past few quarters, malware trends have been very similar in different geographies, but in the last quarter we've seen a significant shift in various regions, showing that cybercriminals are tapped into trends worldwide. McAfee Labs also sees a "...direct correlation between device popularity and cybercriminal activity, a trend we expect to surge in 2011."



Other reports indicate that as individual cellphone platforms gain in popularity, so do observations of malware tailored for such platforms, as well as reports of spamming and scamming (most in the form of targeted phishing messages and social media postings). As more and more people switch to using smartphones for Internet access, more criminal attacks will target those devices. This is likely to be particularly noticeable in less-developed parts of the world, where for many users a smartphone is their only Internet-connected device. In particular, the McAfee report takes notices of Geinimi malware which targets the Android platform, and displays botnet like characteristics. (See this blog at Lookout Mobile Security for more information). Geinimi originated in China, and also harvests personal data and sends it to remote servers, using built-in Trojan capabilities and "smart scanning" of phone data such as the address book, GPS data, device ID information (IMEI), SIM card number (IMSI), and a list of installed apps.



As more and more smartphones find their ways into users' hands, and as they are increasingly used to handle finances of all kinds, cybercriminals will continue to shift their focus to mobile computing platforms like these. The best means of protection are to download apps only from reputable (vendor- or platform-sponsored) download sites, to be very careful about granting any and all app permission requests, to stay on the lookout for unusual phone behavior (SMS messages sent to unknown recipients without your knowledge), and to download a mobile security app that scans every app that gets downloaded. It's also still essential to use common sense when reading e-mail or tweets, or visiting social network pages and less well-known Web pages. Don't click any links you're not 110 percent sure about, and you'll prevent further malware exposure.



Stu Sjouwerman



KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews