More than 98 percent of mobile cyber threats target Android mobile device users, with about 175,000 new unique malicious programs detected in the first half of 2014 alone, according to a new joint Kapersky Lab and Interpol report released Oct. 6.
Since nearly 85 percent of the mobile device market is dominated by Android devices, the report said it’s not surprising that most malware targets such owners, who are increasingly using their devices to make online transactions. And since smartphones today contain so much personal data about their owners, cybercriminals are trying to gain this information to exploit and sell it.
The report (pdf) was prepared as part of a partnership between software security company Kapersky Lab and Interpol, the international police organization, to assess mobile threats worldwide and alert international security and law enforcement agencies about criminal activities in this area.
Kapersky Lab conducted a 12-month study from August 2013 through July 2014. During that period, the study found more than 3.4 million malware detections on the devices of more than one million Android users. And the number of attacks per month rose nearly tenfold, from 69,000 in August 2013 to 644,000 in March 2014.
The report also found that trojans designed to send SMSs were the most widespread malicious programs, representing about 57 percent of all detections. Plus, nearly 60 percent of malware detections were designed to steal money – with about 500,000 users saying they’ve experienced such malware.
The report also said that Android users in Russia, India, Kazakhstan, Vietnam, Ukraine and Germany reported the largest number of attacks. Half the attacks were reported in Russia mainly because many there agreed to have their statistics sent to Kapersky.
While the report didn’t put a price tag on international cybercrime specifically related to mobile devices, it said cybercrime is “extremely widespread” and threats are escalating with damage potentially running into the millions of dollars.
This summer, the Center for Strategic and International Studies and online security company McAfee said in a report that cybercrime, in general, is costing the global economy upwards to $575 billion annually.
The Kapersky-Interpol report said that 175,442 new unique Android malicious programs were detected in the first half of 2014, about 18 percent higher than all of 2013.
And since mobile devices contain so much of their owners’ personal data, attackers can use such information to make money. In fact, the report called the “lone hacker scenario” a “media misconception” and that criminal groups have organized themselves around a structure to fully take advantage of mobile data.
The report said there are three basic categories of this structure: the infectors, analysts and investors. The infectors exploit devices and amass as much information as possible. Analysts study and process the collected data – monetizing it through underground markets, blackmailing individuals or participating in insider trading. The investors sit at the top of structure, funding and providing financial support and getting the majority of the profits.
The study offered several ways that individual users, corporations and law enforcement and regulatory agencies could better protect their devices and data. While it said security solutions can help block threats on devices, criminals will just find others who aren’t so well protected.
“The only thing that can stop them is the involvement of law enforcement organizations,” it said.
– read the joint Kapersky Lab-Interpol report on mobile cyber threats (pdf)
Malicious insider attacks among the most costly, hardest to contain, says Ponemon
NIST wants to give organizations a leg up on mobile app security
Cybercrime costs global economy as much as $575B a year, new report says