McAfee Threats Report for Q1 2012 was released today and mobile malware is the big story. The 12x quarterly increase is spectacular – from hundreds to thousands of new threats were detected. The report acknowledges that this growth figure is impacted by, “significant improvements in our ability to collect, process and detect mobile malware.” However, it may not be that far off. F-Secure’s Mobile Threat Report also published this week claims that mobile malware targeting Android grew from 139 to 3063 over the past year – a 22x growth rate.
Regardless of whether mobile malware has been under-reported in the past, there are now over 8,000 total mobile malware items in the McAfee database. That is a lot of risk for users.
Android Plagued by 85% of Mobile Malware
A 2011 McAfee white paper predicted the growth of increasingly sophisticated Android malware. From the first SMS trojan malware discovered in 2010 to the more sophisticated malicious code that emerged in early 2011, Android’s open development platform has become a prime target. McAfee lists Android malware as comprising nearly 7,000 of the 8,000 items in its database with Symbian devices accounting for most of the others.
Malware Disguised as Useful Apps
A finding of note is that much of the malware is infiltrating devices and app markets by posing as useful apps such as games or productivity tools. A malware called out by F-Secure, FakeToken.A, poses as a token generator but is actually a mobile transaction authentication number (mTAN) interceptor. It looks for SMS messages and the mTAN and forwards them to remote servers. McAfee points out that most of the malware intrusions originate in third party markets in China and Russia and very few have been found in the official Android Market, now called Google Play. It recommends that apps only be downloaded only from Google Play to significantly reduce malware risk.
What about MDM
Mobile device management (MDM) vendors tend to sell themselves first and foremost as software security. Keep in mind that device security in those terms does not include traditional anti-virus. It may identify the presence of some malware and not allow the device onto the corporate network by virtue of the fact that there was a change detected in the function of the OS. However, it is very likely that malware would go undetected and user or corporate data could be compromised.
Action for the Enterprise
EdgeLens will be reporting more on enterprise strategies for mobile security in the future. However, in the near term enterprises can take some proactive steps.
- Use Approved Marketplaces: Follow McAfee’s recommendation that apps be downloaded only from the official marketplaces provide by the major vendors.
- Adopt Anti-virus for Android: You should also consider adding anti-virus such as McAfee VirusScan Mobile for Android phones or F-Secure Mobile Security. Most enterprises wouldn’t think about deploying a laptop without anti-virus. It is time to start thinking about smartphones in the same way. Today there are not significant threats in the iOS ecosystem, but there is little doubt that this situation won’t be permanent either.
What do you think are the best strategies for providing mobile device security for the enterprise? Comment below.