Smartphones and tablets continue to rise in popularity--among both consumers and malware developers. Traditional malware is still a large and growing threat as well, but mobile platforms represent fertile ground with less awareness and limited defenses. A new report from McAfee illustrates that malware developers are anxious to exploit mobile devices.
Actually, while the star of the McAfee Threats Report: Third Quarter 2011 is mobile malware, it is worth pointing out that 2011 is on track to finish as a record-breaking year for malware in general--exceeding very generous predictions. At the end of 2010, McAfee predicted there would be 70 million new malware samples in 2011, but it has since revised that prediction to 75 million based on the rapid proliferation of attacks.
“This has been a very steady quarter in terms of threats, as both general and mobile malware are more prevalent than ever,” said Vincent Weafer, senior vice president of McAfee Labs.
If It Ain’t Broke, Don’t Fix It
Before we dig further into the mobile malware issue, let’s take a quick look at some of the other findings from the McAfee report. One notable trend seems to be that relatively low-tech, run-of-the-mill attacks continue to be developed at a fairly steady rate.
McAfee reports that attacks such as fake antivirus, and attacks exploiting the AutoRun feature in Microsoft Windows are still going strong, and password-stealing Trojans have experienced resurgence as well. Malware developers don’t waste time on attacks that don’t work, and they also don’t miss an opportunity to use simple attacks that work.
There’s no need to reinvent the wheel if the wheel you have gets you from Point A to Point B.
Social Engineering and Hacktivism
Some other trends that have played a major role in 2011 have been socially-engineered attacks and hacktivism. The McAfee report points out that attackers are becoming more sophisticated with spam and phishing messages--targeting content that works based on cultural and sociological differences between geographic regions.
Hacktivism--cyber attacks with a Robin Hood complex supposedly aimed at making a point and promoting some social or political agenda--have become part of the mainstream this year thanks to groups like Anonymous and LulzSec. The problem has been that when you have a group of loosely connected hackers with no actual leadership, not everyone is always on the same page. While some “hacktivist” attacks attributed to these groups had a clear goal or message, many of the attacks crossed the line and became more like cyber thuggery than cyber activism.
Explosion of Mobile Malware
That brings us to the star of our show: mobile malware. Android is learning that success is a double-edged sword. Rising quickly to the top of the smartphone OS heap draws desired attention from consumers, while attracting less desirable attention from malware developers as well.
McAfee reports that Android surpassed Symbian as the most popular target of mobile malware in Q2, but in this latest Q3 report Android is the sole target for all new mobile malware. With apparently all mobile malware effort focused on Android, it has also seen a significant rise in detected malware samples—about a 50 percent increase over Q2.
That isn’t to say the sky is falling and everyone should run away from Android. As a mobile platform, Symbian still makes up the biggest piece of the pie with more than three times the total number of malware samples targeting it.
A recent report that Android malware has increased 472 percent is a bit sensationalist. Statistics in general can be misleading, and percentages can be especially tricky relative to the original context. If Android had one malware threat, and that number “spiked” to six, it would represent a 500 percent increase, yet still be a fairly trivial number of threats.
Android is growing rapidly as a platform. The number of Android apps available is expanding exponentially. It should be expected that the number of malware samples detected will follow a similar growth pattern. However, the fact that the rate of malware development is increasing does not mean that Android itself is less secure.
What it does mean is that malware developers recognize the value of the platform and will continue to work diligently to find holes and develop attacks to exploit them. Android may be getting all of the attention now, but the increased threat applies to mobile platforms in general, and all users simply need to be aware that the threats exist, and familiar with the security controls available to protect their smartphones and tablets, and the data they contain.