AdaptiveMobile, a specialist in mobile security, today launched its 2011 Global Security Insights in Mobile report, which examines the latest emerging trends in mobile security. The report reveals the shift towards a new, more sophisticated type of threat facing mobile subscribers and network operators – the ‘compound threat’ – which uses multiple attack vectors (SMS/MMS/email/web/voice) to compromise different aspects of a handset simultaneously. These threats are built with the primary aim of extracting money, with a secondary knock-on effect for the mobile networks of damaged reputations and a loss of trust.
With mobile subscriptions hitting five billion, cyber criminals – usually part of highly organised global gangs – are shifting their focus away from traditional PC-based scams towards the mobile world, says Adaptive. As such, the report looks at the rise of the Smartphone market – now at 20 per cent penetration globally and set to hit 37 per cent in Europe and 44 per cent in the US by 2012. It examines the risks that mobile users face today and is the first analysis of its kind to take a 360° view of the mobile security landscape. It identifies key trends that AdaptiveMobile predicts will have the greatest impact on the market over the coming year and analyses the impact and consequences of the four types of compound threat to surface to date:
1) Advanced Mobile Malware: One of the most dangerous types of compound threats to emerge to date, the first occurrence of which was identified in October last year. Monitoring users’ access to banking sites, it harvests log-in details through a combination of routes. It is an evolution of existing PC spyware that has been redesigned specifically to record or forward conversations on Smartphones.
2) Converged Messaging Spam: These are 411-type spam attacks that are on the rise globally where users receive an SMS prompting a reply in response. In the most coordinated of such attacks, users also received a matching email from fraudsters further validating the scam.
3) IP Reputation: A growing type of compound threat that is becoming increasingly problematic for operators – devices sending email spam over mobile networks. This results in mobile devices becoming infected with PC malware and severely impacts the IP reputation of the operator’s network.
4) Credit Attacks: Threats that seek to trick or stealthily make the subscriber dial a premium rate number. The compound nature is apparent in the parallel use of malware, SMS and voice calls to monetise the attacks.
“The past year, more than any other, Smartphone threats, viruses and privacy concerns have hit the headlines,” says Gareth Maclachlan, COO, AdaptiveMobile. “However there’s still a lot of confusion amongst consumer and enterprise subscribers as to where the real threats lie and what can be done to combat them – particularly as the threats and handsets are becoming more sophisticated and therefore complex.”
The findings of the AdaptiveMobile 2011 Global Security Insights in Mobile report are said to provide a stark warning to mobile users, network operators and the wider ecosystem. Whereas historically mobile threats have been crude and designed to reap big returns quickly, this new breed of compound threats are intelligent and built to go unnoticed for as long as possible. As such, mobile security is rising in prominence as a business issue with threats starting to have more serious consequences for network reputation, performance and subscriber trust.
“Traditional approaches to protecting subscribers can simply no longer provide adequate protection. Trying to tackle mobile security in a piecemeal fashion by protecting individual services – such as SMSC or email filters – simply cannot suffice when what we’re now seeing are multi-bearer threats that requires a much broader approach to network protection. With that in mind we predict that compound threats will seriously shake up the telecoms and security markets over the coming year,” Maclachlan concludes. “With the next generation of attacks continuing to emerge, so does the need for an intelligent approach to mobile security – keeping the industry one step ahead of the criminals to ensure that such threats do not reach mobile users in the first place.”
The Global Security Insights in Mobile report is based on analysis of the network traffic of AdaptiveMobile’s global customer base and threat statistics from anti-virus partners.