Story image

Trend Micro: Mobile threat no passing fad

Trend Micro is warning that its time to take mobile threats much more seriously with the mobile platform taking a beating from cybercriminals in recent months.

And the security vendor says all it takes for protection are some best practices and a security solution.

Writing on Trend Micro's Security Intelligence Blog, Ryan Certeza says the first half of 2014 has shown that mobile threats are no longer just a passing fad.

“It's here, it's happening and, like social engineering, it's going to be part of our lives until the next breakthrough in technology comes along.

“Users, business owners, professionals, need to protect themselves from becoming a victim – and all it takes are some best practices and a security solution.

The first half of 2014 saw the combined amount of mobile malware/high-risk apps hit two million and counting. The two million mark was passed just six months after the number hit one million, with growth in malware/high risks apps of 170,000 apps per month.

Meanwhile, the first coin mining mobile malware, Androidos_Kagecoin, an app that turned infected devices into a Bitcoin/Dogecoin/Litecoin miner, was discovered in March with the first mobile ransomware, Androidos_Locker, discovered in May. Locker locked phones by obstructing screens with a large UI window.

Certeza says cybercriminals also began to use TOR in their malicious apps, to cover their trails, and in July a cybercriminal operation which countered online banking's two-factor authentication, was also uncovered.

Meanwhile cybercriminals took advantage of popular events, such as the Fifa World Cup, luring victims with fake game apps sporting the events name, but instead sporting malicious routines. Flappy Bird also garnered its share of malicious clones.

Says Certeza: “We had an idea the state of affairs from 2013 would continue on to this year, but we didn't know just to what extent.

“Can we learn anything from [the first half of 2014] in time to prepare for the next six months?

“Yes, of course – one lesson we can easily derive here is that we can always expect cybercriminals to take advantage of legitimate services that help make our lives more convenient online – and sometimes they use it in ways we'll never expect them to do.

“So we need to look at new services coming out and, after seeing if it can be used maliciously, prepare for that inevitability. It helps to be prepared, afterall.”

Earlier this year, Trend Micro's Abigail Pichel, also writing on the company's Security Intelligence Blog, recommended disabling any Android device's ability to install apps from sources outside of Google Play (found under Security in the system settings), double-checking the developer of apps before downloading and being 'very meticulous of the app reviews to verify apps' legitimacy.

On-device security solutions from company's such as Trend Micro are also available.

Certeza's Security Intelligence blog is available here.