Classic scams are making a come back on mobile, according to a report from Blue Coat.
The report, which analysed real-time requests from 75 million users worldwide, found that classic scams seen in the early days of desktop PCs such as scams, spam and phishing were the most successful mobile malware tactics. The attacks were device-agnostic and easy to deploy, the report said, and provided a natural crossover point for cybercriminals who wanted to move to targeting mobile devices.
The report also found what has been suspected for some time – that the mobile security threats are starting to mobilise, with 40% of mobile malware blocked by Blue Coat WebPulse originating from known malnets (networks of infected computers a hacker can use to infect others).
Areas where users become vulnerable to attack included shopping online, online, web advertisements and pornography.
The good news is, the attacks are as yet ‘mischiefware’, such as texting pay services run by the hacker, with the phone’s essential security remaining unaffected.
The classics
This was likely to change in 2013, due to the proliferation of mobile devices and businesses continuing to provide access to corporate assets, the report said.
For PCs, cyber criminals could purchase kits to use with malnets, to continually attack users. While these kinds of kits were not yet as common on mobile, classic techniques such as spam, phishing and pornography were moving over to mobile, the report said.
These types of attacks generally tried to get a user’s payment information, as with PCs, often redirecting users to another, malicious website through a link. One of the issues with mobile, however, was that it was harder for users to tell whether URLs were malicious or not, the report said.
Mobile taught users that shortened or truncated URLs, where a destination could not be read, were acceptable to click on, as well as the fact that users expect mobile websites to look different from desktop versions. Another issue was that mobile websites could be hosted by third parties, which meant the URL was not a good indicator of security, the report said.
“Accessing the website for Hilton Hotels from your mobile device, for example, redirects you to usable. net. This practice essentially conditions customers to be comfortable with going to a strange URL to find an official site and gives attackers an edge they can potentially leverage to deceive mobile users.”
Of these threats, although spam was the second highest malicious category of requested content at 1.71%, the report found it wasn’t an efficient tactic since 4.39% of all spam websites were targeting mobile devices.
The highest threat category was pornography at 2.23% with 2.8% of websites targeting mobile and suspicious content was third highest at 1.52% and only 0.98% of websites targeting mobile. Phishing was the fourth highest risk category at 1.34% with only 0.77% of all sites targeting mobile, indicating phishing attacks on mobile devices were more successful at driving users to their sites, the report said. Although spam attacks had a relatively low rate of return, malnets meant they were fairly easy to launch and maintain.
Android
Yup, you guessed it – thanks to the unregulated app store and diversity of Android devices, Android malware has been increasing. The report said Blue Coat Security Labs saw a 600% increase in the July-September 2012 quarter compared with the year before.
In June 2012, requests to Android-specific malware passed 1000, the report said, although these “ebbed and flowed” over the 12 month period.
Forty percent of Android malware involved malnets, the report said. In 2012, mobile traffic to malnets increased to 2% of overall malnet traffic, which the report said was further evidence malware would be a problem in 2013.
