‘Malvertising’ overtakes porn as No 1 mobile threat: Blue Coat
By Digital News Asia July 9, 2014
- Users directed to mobile malware through Web ads close to once every 5 times
- Mobile threats still primarily defined by socially-engineered malware
WEB advertisements have outpaced pornography as the No 1 mobile content that leads to malware attacks, according to new research from Blue Coat Systems Inc.
Blue Coat country manager for Malaysia Ivan Wen (pic) said that overall, the rising mobile threats resemble the same socially engineered malware tricks that have been used for years to attack personal computers (PCs).
Despite the proliferation of mobile devices and almost 1.5 billion new ways to steal information, the company has yet to see widespread types of malware that is common for PC users, partly due to the lack of a cohesive underground economy, Blue Coat said in a statement.
Often, the mobile phones’ security model is not being breached, but instead the users themselves are tricked into unsafe actions that give control to cybercriminals.
“[The] truth is, mobile threats are still primarily defined by the types of socially-engineered malware that simply tricks the users into accepting what the cybercriminal is selling. Therefore, user behaviour remains the key in both identifying where attacks might occur and understanding how these attacks may evolve,” Wen said.
As more people transition their recreational activities onto mobile devices, this behavioural trend is driving ‘malvertising’ (malicious advertising) to the top mobile threat vector, according to Blue Coat.
The company’s 2014 Mobile Malware Report indicated that as of February 2014, a user is directed to mobile malware through Web ads close to once every five times. This is three times the rate compared with back in November 2013 (see chart below).
“‘Malvertising’ is emerging as a leading attack vector, mimicking the rise of Web ad traffic which is mostly generated through recreational activities like online shopping, on mobile devices,” said Wen.
Today, the most prolific mobile malware threats are spam, poisoned links on social networking sites and rogue apps, which are engineered to dupe users into taking ‘unsafe’ actions such as changing their security settings, downloading apps or authorising their device to unknown third-parties that potentially compromise their devices’ security settings.
“Mobile users are more used to seeing Web ads and this naturally makes them more vulnerable to the malware attacks that are launched through these ads,” Wen said.
He added that user behaviour on mobile devices and PCs are distinctively different. For instances, social networking has decreased as an activity on PCs, but is now the third most popular activity on mobile devices. Online shopping is one of the most popular activities on mobile platforms, but not on PCs (see chart below).
Wen noted that the rise of malware attacks on mobile devices is becoming one of the most notable trends in recent cybercrime, and in fact, mobile users are sometimes more vulnerable because the smaller screen size may reduce context clues.
“There has been many various [types of] mobile malware leveraged for Advanced Persistent Threat (APT) attacks targeted at a specific organisation to achieve criminal objectives. Mobile malware and APTs are able to penetrate mobile phone or connected WiFi networks, thus posing serious threats to local businesses.
“To ensure protection of information assets and user privacy, companies should consider a ‘Lifecycle Defence’ approach that allows for malware analysis and threat intelligence to be extended across the corporate’s mobile environments for greater security control,” said Wen.
To view Blue Coat's 2014 Mobile Malware Report [PDF] in full, click here.
Related Stories:
Trojans out for your credit card data and money, warns Kaspersky
Android heading for 100% malware record
The world’s first mobile malware celebrates its 10th birthday
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.