Mobile Security Guide: Protect Your Organization from Mobile Malware
Total Page:16
File Type:pdf, Size:1020Kb
Mobile Security Guide: Protect Your Organization From Mobile Malware Malware, short for malicious or malevolent software, is software used or programmed by attackers to disrupt computer operations, gather sensitive information, or gain access to private computer systems. As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to the user’s confidential personal and financial information. Mobile applications are the primary way users access information via mobile devices—as a result, the majority of mobile malware is embedded in applications that, once downloaded on the device, can gain access to valuable information. In this Mobile Security Guide, we’ll walk you through the mobile malware landscape and what you need to know to keep your organization’s data safe. Key Types of Mobile Malware Trojans – Trojans are programs that once installed, provide access to the device for the person who originated the Trojan. They usually appear in untrustworthy applications downloaded on the device. Trojans exfiltrate information and can lead to significant financial and organizational harm. Rootkits – Rootkits are malware that activate every time your system boots up, and are difficult to detect because they are activated before the OS has completely booted. A rootkit often allows the installation of hidden files, hidden user accounts and more in the OS. Why Is Mobile Malware Growing So Rapidly? There are three key reasons: Cybercriminals see mobile devices as perfect targets because they are full of personal and financial information, and are increasingly replacing desktops as the key way for users to access the data that is essential to their personal and professional lives. Historically, malware tactics such as spam and phishing dominated the web threat landscape. These easy- to-deploy attacks achieved much success, and are now transitioning to mobile devices because their authors believe that end users are susceptible to the same failings on mobile devices as they are on the desktop. There are so many mobile applications to choose from these days, and smaller lesser known companies make a significant portion of popular apps. This makes it difficult for consumers to differentiate between apps that are trustworthy, and those that are malicious. Rapid7 Corporate Headquarters 800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095 617.247.1717 www.rapid7.com Mobile Malware Growth Statistics1 There was a 123% growth in malware discoveries in 2012 vs. the previous year. The majority of infections (95%) took place on Android devices. Common ways to exploit the OS were through application repackaging, malicious URLs, and SMS phishing. The malware boom resulted in approximately 32.8 million Android devices getting infected in 2012, a 200% increase from the previous year. Examples of Mobile Malware Zeus in the Mobile (Zitmo) Zitmo is a Trojan that can forward text messages with confidential information from the device to other phone numbers. How Zitmo is used: 1. Zitmo is able to steal a user’s username and password to login to their online banking account. 2. The thief sends an SMS that looks official and convincing, containing a link to update the ‘security certificate’ or other software updates. This link actually directs the user to install Zitmo onto their smartphone. 3. Once the information is received, the thief can login onto the user’s online banking site using the stolen username and password, and start initiating transactions such as the transfer of money. 4. Responding to transaction request, the bank sends an SMS containing an Authorization Number to the user’s smartphone. Zitmo forwards this SMS to the phone number belonging to the thief, who then uses the information to authenticate the transfer process. DroidKungFu This type of malware can be considered both a Trojan and a Rootkit, and is unique because it can avoid detection by anti malware software. It works by installing a backdoor in the Android OS, and gives the originator full control over a user’s mobile device. DroidKungFu mainly affects devices running Android 2.2, exploiting two vulnerabilities that exist in this OS version. 1From NQ Mobile’s Yr 2012 Mobile Security Report Rapid7 Corporate Headquarters 800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095 617.247.1717 www.rapid7.com Three Easy Steps To Protect Your Organization It’s critical to establish written policies that are clear and easy to understand so employees are educated about mobile risks. We recommend including the following guidelines in any written policy, as they focus on malware. Only Download Applications From Trusted Stores 1 Formally sanctioned stores, such as Android’s Google Play and the iOS App Store, have strict requirements for applications that they list and use sophisticated filtering mechanisms to discover and remove apps that contain malware. Employees should never download apps from 3rd party app stores, as these are more likely to be infected with malware. Always Update Mobile Devices To The Latest Available Firmware 2 Extend the same security patch requirements for your corporate network to mobile devices. The best way to patch vulnerabilities on mobile devices is for employees to update their devices to the latest available firmware. Don’t Click Unfamiliar Links Sent Via SMS Or Email 3 Employees should be very careful when receiving an SMS or email containing a link to install or update any software. If the URL of the link seems suspicious, never click the link; instead, inform the Security Department to investigate the URL and make sure it is legitimate. Rapid7 Corporate Headquarters 800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095 617.247.1717 www.rapid7.com.