BYOD boom has introduced great risk to enterprises
Malicious Android apps account for numberless data leakage incidents
TREND Micro Inc said it has seen Android-based smartphones suffer from increasing cybercriminal attacks and more enterprises exposed to malicious IT threats due to the bring-your-own-device (BYOD) trend.
Mobile devices can expose users’ and organizations’ valuable data to unauthorized people if precautions are not taken, the company said in a statement.
According to IDC, a total of nearly 1.8 billion mobile phones will be shipped this year, compared with 1.7 billion units in 2011. By the end of 2016, 2.3 billion mobile phones will be shipped to the channel.
IDC predicts that Android will remain the most shipped smartphone operating system over the course of the five-year forecast and its share will peak this year.
“As Android devices gain in popularity, so does its use by cybercriminals. The Android platform has become a favorite attack target due to its app distribution model, which makes it completely open to all parties. We believe attacks will continue throughout the year,” said Myla Pilao, director of marketing communications at TrendLabs.
“In fact, the number of mobile malware detected by Trend Micro has doubled in a span of one month. This goes beyond our initial projections for the month. Two of the most notorious Android malware variants, RuFraud9 and DroidDreamLight10, have caused millions of users a lot of grief from losing data and at times money,” he added.
Additional data from Trend Micro reveal a breakdown of the behavior of the top 10 malware families. Fake apps are the most dominant at 30%; data stealers follow at 21%; adware comes in third (18%); premium service abusers (14%); malicious downloaders (13%); and others.
Data loss incidents due to improperly secured personal devices will increase as more devices which are not fully controlled by IT administrators’ store or access corporate data. According to the recent InformationWeek 2012 Mobile Security Survey, 86% of organizations support or plan to support BYOD.
However, the survey also showed that only 20% of organizations have systems to detect malware on all their device platforms.
Lack of any malware-detecting system will be particularly problematic for the Asia Pacific region which seems very open to BYOD. In an interview conducted by telecom company BT, 90% of Chinese, 91% of Singaporean, and 86% of Indian IT managers say that they are currently bringing in BYOD or will be in the next two years.
Securing mobile devices should become the top most priority in implementing BYOD since most of the region’s popular activities on mobile devices involve sensitive information like online banking and online shopping, Trend Micro said.
While most mobile threats come in the form of malicious apps, Trend Micro expects cybercriminals to go after legitimate apps as well by utilizing vulnerabilities or coding errors that can lead to user data theft or exposure.
However, the company said it also notes that very few app developers have a mature vulnerability handling and remediation process.
Mobile threats generally comprise Trojans and worms, and require user intervention to spread. Some mobile threats involve spyware that can log dialed numbers and record conversations. This exposes employees to invasion of privacy, potential identity theft, and compromised corporate intellectual property. Some mobile threats leverage Bluetooth technology without user intervention.
To protect against mobile device threats, one can:
Implement an antivirus solution tailored for mobile devices;
Keep all smartphone operating system and software security patches up to date;
Educate employees about the latest threats, symptoms of infection, and ways to protect their mobile devices;
Keep their smart phone antivirus protection enabled;
Apply best practices for PC security to mobile devices; and
Seek IT support if your primary machine slows down following a synch-up with your smartphone.