Cyber threats in mobile environment

Today I desire to share with you the results of a study of Trend Micro security firm focused on mobile threat incidents related to the first quarter of 2012. The large diffusion of mobile devices and the leak of awareness on the principal cyber threats have produced an increasing interest of the cybercrimein mobility sector, Android platform is the most one interested with more over 5000 new malicious apps. The study analyzes every kind of mobile devices like laptops, tablets and global positioning system (GPS) devices. Companies and governments must be aware on the risks related to a wrong usage of powerful instruments that could expose sensible information if the owners hot take necessary precautions. The true revolution in information technology world is the development and deployment of mobile systems, machines characterized by processing capacity equal to a common desktop. Why we believe the mobile systems are so precious? They are somehow an extension of our person, follow us everywhere, track our position, they know our contacts (email, phone numbers), manage our appointments, and when we surf on the web through these devices indirectly we provide them information on our customs and traditions. As announced, the study reveals that Android-based smartphones suffered from more cybercriminal attacks due the increasing of their exposition to cyber threats. Smartphones and tablets due to their convenience are becoming the preferred tools for browsing the Internet, the percentage of accesses to the network from these mobile devices has increased significantly, trend was evident in all countries, with the UK showing the largest increase in smartphone usage from 30 to 45% of the total populations.

  We have observer an increasing attention of cybercrime in mobile sector, cyber criminals are often exploiting security vulnerabilities in legitimate mobile apps, making data extraction and information gathering easier. The purpose is to stole sensible information to the users like banking credentials but not only, cyber espionage is another phenomenon that is exploded, cyber criminals and government spies have discovered that is really comfortable to spy on an individual simply controlling its mobile. Malicious apps are able to control emails, sms messages, GPS location and voice communications. Another threat of serious concern is the rapid spread of botnet based on mobile devices, it is favored by the almost total absence of protection mechanisms so difficult to tackle and by the difficult to trace the agents composing the network. This cyber threats must alert private industry but especially institutional environment, the risk of data exposure is really high and due the young growth of the sector we are still too vulnerable. Cyber ​​criminals and government agencies are aware of the importance of information gained from our mobile and therefore are showing high interest in the field. Hacker groups like Anonymouswill pose a bigger threat to organizations that protect highly sensitive data, targeting companies and individuals for various political reasons. We have registered an exponential growth of malware designed to attack mobile systems and steal sensitive information, useful for the accomplishments of frauds, very impressed the banking sector. Don’t forget that hacktivism is considered one of the most serious threat by all the governments of the world.

The scenario of a mobile attack is always the same, the App stores that is the sites for software download and the mobile apps serve as programs users download onto our mobile devices. Users who download from app stores may downloading compromised app infected by malware. The number of application available on the store is increasing day by day especially for the open platforms like android.   Let’s consider also that there are also third-party stores that provide alternative apps for users, but downloading from these unofficial channels it’s very dangerous for final users. The main problem related alternative app stores are that they are not sufficiently controlled or that can be managed by cyber criminals to provide fake copy of legitimated application modified to realize the fraud. Due the different malware targeting the Android OS several companies have tried to categorized them depending on the fraud and attack schema implemented. Following the categorization proposed by Trend Micro.   As previously mentioned, Android Market has less restrictions when it comes to registering as a developer. The strategy is implemented to encourage app developers to adopt the platform, of course this also makes it is easier for cybercriminals to  upload their malicious apps or their Trojanized counterparts.  Following some of noteworthy incidents, listed by Trend Micro, that leveraged this loophole:

• We analyzed several Trojanized applications found in the Android Market detected as ANDROIDOS_LOTOOR.A. One of these apps is the game Falling Down, which renders similar to the clean version. Once installed, the Trojanized version asks for more access permissions. It also gathers device information like IMEI and IMSI numbers and roots affected devices.

• One of the malware variants found in the Android Market is the notorious DroidDreamLight variant. Trend Micro researchers found an app that promotes itself as a .APK file management tool. However, instead of helping users, this app (detected as ANDROIDOS_DORDRAE.M) collects device-related information and uploads it to remote servers. It was immediately taken off the Android Market.

• Google released the Android Market Security Tool in the Android Market. Cybercriminals, on the other hand, were not deterred by this tool and even released a Trojanized version. Detected as ANDROIDOS_BGSERV.A, it acts as a backdoor that gathers information from the device and sends these to a remote URL.

Cybercriminals have also created and distributed malware using the names of popular apps that are not yet available on the Android Market. Android users anticipating these games are the likely victims of this ruse. A recent example is a fake version of Temple Run we found in the Android Market. The reports alert mobile users regarding the extention of common threat to mobile environments like advanced persistent threats (APTs). For the implicit nature of the attacks they are considered “campaigns” rather than singular “incidents,”. The introduction of mobile devices has considerably incremented the attack surface making this attacks most frequent. Mobile are simple to infect trought any infected media.

The report provides some interesting data related to the “Luckycat Campaign” linked to 90 attacks targeting several industries in Japan and India as well as Tibetan activists in 2011. The attacks exploited several vulnerabilities in Microsoft Office as well as Adobe Reader, Acrobat, and Flash Player via specially crafted email attachments.

But mobile is synonimous of social, the social networks are the application that most benefit of mobility revolutionizing the concept of privacy. The imperative are “be social” and “share”, two concepts that expose million of unsuspecting users to serious cyber threats. Exploiting with different techniques the “social” model its is possible to reveal personal data to other parties.
This situation is most dangerous if we consider that the accesses are made via mobile devices. We have discovered a lot vulnerabilities related to this platforms and the application that run on it, let’s also considere the increment of malware developed with the specific intent to steal any kind of information from this instruments.

As predicted cyber criminals are exploiting new vector to spread their attacks, the report end with some interesting data on email spam and ramsonware, two cyber threats in constant growing. Mobile phone spam is a form of spamming directed at the text messaging service of a mobile phone. It is described as mobile spamming, SMS spam, text spam or mspam. Through spam can ensnare a user into visiting infected or link to download a malicious application.

The quick overview of the mobile universe has the purpose to spread awareness on emerging cyber threats, unfortunately today it is still low. The increased diffusion of mobile devices and the increasing processing capacity represent an high motive of interest on the part of cybercrime and even governments to spy on users.
For now, the concept of security and mobility clashing and there is still much to do …

Pierluigi Paganini