400% increase in attacks against Android
Juniper report says mobile devices are becoming top priority for criminals
Juniper has released a report called ‘Malicious Mobile Threats Report 2010/2011', which revealed that there has been a 400% increase in malware targeted towards Android devices.
The study showed that both enterprise and consumer devices are now being exposed to a record number of threats including highly targeted Wi-Fi attacks.
According to Juniper, criminals have turned their attention to mobile devices because these are becoming the preferred devices for both corporate and personal computing.
"The last 18 months have produced a non-stop barrage of newsworthy threat events, and while most had been aimed at traditional desktop computers, hackers are now setting their sights on mobile devices. Operating system consolidation and the massive and growing installed base of powerful mobile devices is tempting profit-motivated hackers to target these devices," Jeff Wilson, principle analyst, Security at Infonetics Research. "In a recent survey of large businesses, we found that nearly 40% considered smartphones the device type posing the largest security threat now. Businesses need security tools that provide comprehensive protection, from the core of the network to the diverse range of endpoints that all IT shops are now forced to manage and secure."
According to the report, the biggest dissemination point for malware is application downloads, but many smartphone users do not have an anti-virus solution on their mobile handsets.
Mobile devices are also open to Wi-Fi attacks and, according to Juniper, to applications that enable an attacker to easily log into victim's email and social networking applications.
Juniper said that 17% of all reported infections in smartphones were due to SMS trojans which sent SMS messages from the infected phone to premium rate numbers.
"These findings reflect a perfect storm of users who are either uneducated on or disinterested in security, downloading readily available applications from unknown and unvetted sources in the complete absence of mobile device security solutions," said Dan Hoffman, chief mobile security evangelist at Juniper Networks. "App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation. There are specific steps users must take to mitigate mobile attacks. Both enterprises and consumers alike need to be aware of the growing risks associated with the convenience of having the Internet in the palm of your hand."
To protect against threats, the report recommends that mobile internet device users install an on-device anti-malware solution, use an on-device personal firewall to protect device interfaces, ensure robust password protection for device access and implement anti-spam software to protect against unwanted voice and SMS/MMS communications.
Juniper recommends that enterprises not only employ on-device anti-malware to protect against malicious applications, spyware, infected SD cards and malware-based attacks against the mobile device, but also use SSL VPN clients to protect data in transit and ensure appropriate network authentication and access rights and strongly enforce security policies.