Every April, Symantec publishes its Internet Security Threat Report for the preceding year. This month, the company released the latest item in that series entitled "Symantec Internet Security Threat Report: Trends for 2010" (Volume 16, Published April 2011). Among the top-level headline items you'll find "Mobile Threats increase," as also reported in this Wall Street Journal story ("Mobile Devices And Social Networks Key Malware Targets").
The executive summary on Mobile threats in the report stresses the ongoing monetization of cybercrime, where return on investment drives activity just as in more legitimate businesses. Symantec stresses that "easy money" is a powerful lure to cybercrime that targets mobile devices, and points to the following driving factors at work: a large installed base of smartphones and other mobile devices, lots of vulnerabilities to exploit (163 reported across all major platforms in 2010), and Trojans often found lurking in legitimate apps sold in various appstores leading to wide and easy propagation. There are even signs that mobile device malware to create "zombies" or "bots" from infected handsets and other devices may be making its way into the wild as well. Users who employ their smartphones or other mobile devices to make electronic payments are also at heightened risk of account hijacking, and the online banking and wire transfer frauds that often follow in their wake.
Social networks also show up as a source for security concerns for businesses and organizations around the world. On the one hand, they seek to maximize the value of and interest in social networking, while striving to limit the dangers inherent to online exposure of sensitive or even exploitable data. The increasing presence of malware on social networking sites is also a major issue for many. Worst of all, attackers can put profile information available about social network members to use to target victims for phishing and other attacks with much higher success rates than blind or generic attacks can achieve. In addition to higher levels of threat for such individuals, their data can also be used to fingerprint corporate or organizational networks and subject them to better targeted attacks as well.
Mobile users will be well-advised to install and maintain commercial anti-malware protection on their mobile devices, and to limit their app downloads to well-known and -respected App stores. They should also check their account activity and billing status regularly, and respond quickly to any signs of suspicious, unwanted, or "surprise" transactions or spending on their credit cards and in their bank accounts. That's why my previous blog ("Smartphone Users at Greatest Risk for Phishing") also called attention to this situation, and these very necessary security postures.
The executive summary on Mobile threats in the report stresses the ongoing monetization of cybercrime, where return on investment drives activity just as in more legitimate businesses. Symantec stresses that "easy money" is a powerful lure to cybercrime that targets mobile devices, and points to the following driving factors at work: a large installed base of smartphones and other mobile devices, lots of vulnerabilities to exploit (163 reported across all major platforms in 2010), and Trojans often found lurking in legitimate apps sold in various appstores leading to wide and easy propagation. There are even signs that mobile device malware to create "zombies" or "bots" from infected handsets and other devices may be making its way into the wild as well. Users who employ their smartphones or other mobile devices to make electronic payments are also at heightened risk of account hijacking, and the online banking and wire transfer frauds that often follow in their wake.
Social networks also show up as a source for security concerns for businesses and organizations around the world. On the one hand, they seek to maximize the value of and interest in social networking, while striving to limit the dangers inherent to online exposure of sensitive or even exploitable data. The increasing presence of malware on social networking sites is also a major issue for many. Worst of all, attackers can put profile information available about social network members to use to target victims for phishing and other attacks with much higher success rates than blind or generic attacks can achieve. In addition to higher levels of threat for such individuals, their data can also be used to fingerprint corporate or organizational networks and subject them to better targeted attacks as well.
Mobile users will be well-advised to install and maintain commercial anti-malware protection on their mobile devices, and to limit their app downloads to well-known and -respected App stores. They should also check their account activity and billing status regularly, and respond quickly to any signs of suspicious, unwanted, or "surprise" transactions or spending on their credit cards and in their bank accounts. That's why my previous blog ("Smartphone Users at Greatest Risk for Phishing") also called attention to this situation, and these very necessary security postures.
