FEATURE: MOBILE MALWARE
I
n 2015, various research reports
ranked South Africa amongst the
top most affected countries in
the world for mobile malware attacks.
A Kaspersky Lab report titled Mobile
Malware Evolution 2016 identified two
African countries in its list of the top 10
countries affected by mobile malware,
this included Algeria and Nigeria.
Manager for South Africa says, “Attacks
on Android devices made up 81% of
mobile attacks last year.”
So, what is it about Android that makes
it an easy target for attackers? Ian
Jansen van Rensburg, Senior Manager:
Systems Engineering for VMWare,
explains that one such weakness
comes from Android being an open-
source operating system. This leads
to an alarming number of OS versions
available which makes it difficult to lock
down and control all the vulnerabilities
that emerge from this.
Why Africa?
When trying to assign reason for the
continent’s vulnerability to these types
of attacks, the consensus seems to point
to the fact that Africa is predominantly
mobile-first; according to Erhard Brand,
Product Owner at Entersekt, some
African countries are even “mobile
only”. This provides vast opportunity for
cybercriminals looking for an easy target.
Why mobile?
As Morey Haber, VP of Technology at
BeyondTrust points out “Mobile device
malware is appealing to cybercriminals
because the attack does not require you
to penetrate an organisation’s perimeter
or cloud resources directly. All an attacker
needs to know is the phone number
of a potential target, the OS version of
the target (unless they have a zero-day
attack or social engineering exploit) and
a delivery mechanism (e.g. SMS, Google
Play Store, hijacked website).”
Michael Morton, Mobile Security
Specialist at Securicom believes there
are various reasons for attackers to hone
in on mobile devices. These include the
array of OS versions available which
make it more complex for IT to manage
and protect as well as the amount
and type of personal information that
you store on your phone – such as
banking applications with your financial
information and photographs and
“Attacks on
Android devices
made up 81% of
mobile attacks
last year.”
www.intelligentcio.com
Morey Haber, VP of Technology,
BeyondTrust
memories that you don’t have backed
up – the likes of which allow attackers to
feel fairly confident that a victim will pay
to get that information back.
Entersekt’s Brand also attributes the
ease with which attackers can deceive
mobile users in to downloading
malicious applications as another
reason why mobile is an increasingly
popular target; he describes the mobile
device as the “gateway” to email and
even corporate networks.
Vulnerable verticals
Any industry that utilises mobile devices
opens themselves up to the risk of
mobile malware attacks but as Haber
explains, the verticals generally more
prone to targeted attacks are those
who have ‘crown jewels’ that can be
monetised or used for hacktivism.
This includes financial organisations,
governments and defence contractors.
Similarly, Morton highlights that the
mobile applications most likely to
be targeted are those which have
to potential to obtain information
or cause harm, including DropBox,
OneDrive, GoogleDrive, Facebook,
Skype and Twitter.
Vulnerability of Android
There are an estimated 1.4 billion
Android devices in use today and
Anvee Alderton, TrendMicro’s Channel
Haber also points to the following
reasons for Android’s position as a target:
Screening – The Google Play Store is
not as secure as the Apple Store and
does not screen applications to the
depth needed to prevent malware.
Fragmentation – Each mobile device
vendor uses a stock version of Android
and modifies it to meet their unique
hardware and software requirements.
This introduces vulnerabilities that are
only remediated by the manufacturer,
and not Google. Therefore, it is up to
each vendor to create, deploy, and
support updates. This is compounded by
support provided by individual cellular
carriers as well. This decentralisation
and lack of clear update paths creates
opportunities for threat actors to attack
individual (or broad based) weaknesses.
Third party installation – Even though
Android has a feature to block third
party applications from being installed,
it can easily be turned off to install other
applications (outside of the Google Play
Store). This introduces a high risk of
having a malicious application loaded
and forgetting to reset the option. In
comparison, side-loading applications
in Apple iOS is much more complicated
and not as easy to exploit.
Risks to your organisation
As personal devices are increasingly
being used in the workplace, a new era
of cyber threats has been introduced
to the enterprise. Despite this, CIOs are
not adjusting their cybersecurity plans
to accommodate for the change, as
INTELLIGENTCIO
33