Sunday, December 9, 2012

Blog : Is Android Malware Really on the Rise?

Many companies, including McAfee and Juniper Networks, have issued reports this year about a significant increase in recorded malware since 2011 (3,325 percent for Android, according to Juniper). Others have cried foul about these claims, with perhaps the loudest critic being Chris DiBona, Google?s open-source program manager. He claimed on Google+ that these reports ?are playing on your fears to try to sell you bs protection software for Android, RIM and iOS.?

So is he right? Yes and no. It?s true that there is a significant increase in recorded malware on Android. It?s also true that the infection rate on Android, or any other mobile platform, has been significantly lower than that of more traditional devices such as laptops and desktop PCs. So while a number like 3,325 percent sounds impressive, it also can be misleading. For instance, if there had been four recorded mobile malware signatures one year and 137 the next year, that would be a 3,325 percent jump. The real numbers were 400 mobile malware signatures in 2011 and 13,302 in 2012. But when you consider the fact that McAfee recorded more than 75 million unique malware signatures targeting traditional computers in 2011, you see how distorted the comparison really is.

It?s important to not lose sight of the difference between mobile devices and computers. While traditional intellectual property theft may not be much of an issue on mobile devices, the theft of other types of valuable information, e.g., contacts, credit card numbers, banking information, etc., is a big problem on phones and tablets. And with BYOD growing rapidly, many of these devices also connect to a treasure trove of company data. And to make matters worse, these devices are largely unprotected, most don?t even use available virus protection software. The specific concern regarding Android is the low barrier to entry. Because Android devices do not have to be rooted in order to download apps from third-party marketplaces, users aren?t limited to the app inventory on Google Play. They can download anything they want from numerous alternative sites (iPhones must be jailbroken to perform the same task). This ability gives users the incentive to travel to these locations to access premium apps that could carry malicious payloads. To complicate things further, employers typically have little if any insight into this behavior. And as BYOD goes mainstream, malicious apps will be introduced into more work environments to grab information that cybercriminals can use to their advantage.

So the threat predominantly exists for malicious actors to access the low-hanging fruit (contacts, email exchanges, login credentials) from a mobile device to use in social engineering attacks on traditional endpoints. Because most advanced attacks target confidential information stored on servers, an attacker?s use of compromised mobile accounts to help directly facilitate the breach of another computer is more likely. That?s why it?s vital for employers to recognize the importance of normal housekeeping security that can remotely control mobile devices through their company email clients (encryption, screen locking, remote wipe), while also establishing trust on the endpoints and servers independent of the mobile environment. So as mobile devices (especially tablets) start handling and editing sensitive data more frequently, being able to lock down or enforce trust-based policies within a mobile environment will become even more important in 2013.

Source: http://www.bit9.com/blog/2012/12/06/is-android-malware-really-on-the-rise/

north country brian mcknight sbux nfldraft asante samuel salton sea arizona immigration law

No comments:

Post a Comment