Kaspersky Lab released its “IT Threat Evolution Report for Q1 of 2015” Wednesday, in which it found the number of malicious mobile threats grew over the last quarter of 2014.
Yet numerous outlets’ mobile malware statistics have suggested there’s nothing to worry about, including the 2015 Verizon Data Breach Investigations Report.
So what is the true nature of the threat?
Kaspersky Lab reports malware growth
While Kaspersky researchers noted a decline in malware compared to Q1 2014, two of the three mobile malware statistics in the report increased in the first quarter of 2015 over Q4 2014.
A total of 103,072 new malicious mobile programs were analyzed, more than three times the amount found last quarter. Additionally, the number of malware installation packages doubled in the same time period to nearly 150,000.
Despite the drop in the drop in the number of banker Trojans in Q1 2015 (it fell more than fourfold to 1,527), Kaspersky researchers found mobile malware was “evolving towards monetization” by using a variety of techniques including SMS Trojans, banker Trojans and ransomware Trojans to obtain money and user bank data.
Russia was hit hardest, researchers found, receiving 86.66% of all banker Trojan attacks, followed by Ukraine at 2.27% and the U.S. at 2.21%. When it came to overall mobile malware, Russia was attacked with 41.92% of the malware, followed by India with 7.55% and Germany with 4.37%; the U.S. came in seventh at 2.84%.
Other say mobile malware not a problem
According to the 2015 Verizon DBIR, mobile breaches “have been few and far between over the years. Adding dozens of new contributors didn’t change that, and we’ve come to the same data-driven conclusion year after year: Mobile devices are not a preferred vector in data breaches.”
The DBIR continues, “We feel safe saying that while a major carrier is looking for and monitoring the security of devices on its networks, data breaches involving mobile devices should not be in any top-whatever list.”
In fact, Verizon researchers found that 95% of mobile malware showed up for less than a month, and four out of five didn’t last beyond a week, which they attributed to malware “piggybacking on the short-lived popularity of legit [sic] games and apps.”
In Google’s Android Security 2014 Year in Review report released last month, researchers found fewer than 1% of Android devices were infected by mobile malware in 2014; in October that number dropped to .5%. Additionally, users that only installed apps from the Google Play Store had potentially harmful apps installed less than .15% of the time. Research from the report released last month also showed the installation of malware from outside the Google Play Store decreased 60% from the first to fourth quarter.
Advanced threat detection company Damballa Inc. released similar research. At RSA Conference 2015, researcher Charles Lever said users are more likely to get struck by lightning (.01%) than contact a mobile blacklist domain (.0064%).
Damballa researchers, which monitor 49% of mobile traffic data, observed more than 2.75 million unique hosts contacted by mobile devices.
Lever also equated mobile malware to Ebola, “Harmful, but greatly over-exaggerated and contained to limited percentage of the population that are engaging in behavior that puts them at risk for infection.”
So what can be done to thwart any potential future mobile malware attacks?
“We are not saying that we can ignore mobile devices — far from it,” Verizon researchers said. “Mobile devices have clearly demonstrated their ability to be vulnerable. What we are saying is that we know the threat actors are already using a variety of other methods to break into our systems, and we should prioritize our resources to focus on the methods that they’re using now. When it comes to mobile devices on your network, the best advice we have is to strive first for visibility and second for control. Visibility enables awareness, which will come in handy when the current landscape starts to shift. Control should put you into a position to react quickly.”
Being aware of the apps downloaded is also critical.
“By simply staying within the authorized app stores for their respected devices, (users) will drastically reduce the risk of being infected with mobile malware,” Lever said.
Appthority President and Founder Domingo Guerra warned about “stale” and “dead” apps at the RSA Conference last month; stale apps are considered apps on devices that are not the current version, whereas dead apps are not even available in app stores anymore.
“Both can be risky because they don’t have the latest security patches or vulnerability fixes from the developer,” Guerra said. “Or in the case of dead apps, it’s apps that could have been pulled from the app store by Google or Apple because the apps had malware or other privacy risks or the apps didn’t comply with terms and conditions advertised to users. Yet users are never notified about those, so those apps are particularly worrisome because they remain on people’s devices indefinitely, even if they are longer supported or offered in app stores.”
While mobile malware statistics have swayed the debate back and forth over the years, many enterprises are certainly taking notice of the threat. Technology market research firm Infonetics Research reported in April that the worldwide mobile secure client revenue reached $1.97 billion in 2014, a 46% increase over 2013, largely due to the fact that consumers and enterprises are looking to secure both their devices and networks from the growing mobile malware threat.