SlideShare a Scribd company logo

Blue Coat 2013 Systems Mobile Malware Report

Content Rules, Inc.
Content Rules, Inc.
TechnologyBusiness
1 of 16
Download to read offline
Blue Coat Systems 2013 Mobile Malware Report How Users Drive the Mobile Threat Landscape
Table of Contents Summary of Key Findings 3 Understanding the Mobile Threat Landscape 4 Behavioral Patterns of Mobile Users 6 Mobile Threat Vectors: User Behavior Becomes the Achilles Heel 9 Delivering Mobile Malware with Malnets 13 Summary 15 2
Summary of Key Findings Mobile users are transforming the scope and volume of human interactions globally. This transformation is enabled by the ubiquity of mobile devices, unprecedented access to the Internet from virtually any location and a growing wealth of mobile applications. Mobile devices in the enterprise represent the confluence of personal and corporate needs and usage. Businesses are challenged to keep pace with the proliferation of mobile devices and maintain control over them as they strain the boundaries of corporate control. The unfettered growth in mobility has also created an alluring opportunity for cybercriminals to generate profits through mobile malware. This report examines the mobile threat landscape and the behavioral patterns of mobile users that make them most vulnerable to data loss, malicious applications, fraud and other mobile threats. Data in this report comes from the Blue Coat WebPulse collaborative defense and the Blue Coat Security Labs. WebPulse analyzes requests in real-time from 75 million users worldwide to gain a comprehensive view of the web and malware ecosystems. By tracking malnets, WebPulse also delivers the industry’s only Negative Day Defense. Key Takeaways: 1. Mobile threats are still largely mischiefware – they have not yet broken the device’s security model but are instead more focused on for-pay texting scams or stealing personal information. 2. The most successful mobile malware tactics, including scams, spam and phishing, are classics that dominated the threat landscape when malware first moved to the web. These device-agnostic, easy-to-deploy attacks provide a natural crossover point for cybercriminals that are interested in launching attacks against mobile devices. 3. Pornography is proving to be the great weakness for mobile users. While mobile users don’t go to pornography sites often, when they do, the risk of finding malicious content is nearly three times as high as any other behavior. 4. While relatively small compared to desktops threats, the mobile threat landscape is becoming active. Malnets, the infrastructures that successfully drove nearly two thirds of all web-based attacks in 2012, are setting their sights on mobile users. To date, 40 percent of mobile malware blocked by WebPulse has originated from known malnets. 5. Extending security to mobile devices will be essential for businesses that need to protect their assets as well as their employees. Cybercriminals see the value in these targets as businesses continue to adopt BYOD initiatives, and businesses need to be prepared in 2013. 3
Understanding the Mobile Threat Landscape In 2012, mobile threats were a relatively small but growing percentage of overall traffic. The threat landscape was marked by a resurgence of classic scams attempting to convince users to enter sensitive information into a website that replicates a bank’s website, for instance. Malicious applications typify another sort of risk for mobile devices. These applications often exhibit malicious behavior such as texting to “for-pay” services run by the attacker or in-app purchases. Collectively, these threats don’t break the security model of the phone but simply act in a manner in which they were expected to perform, albeit, for malicious reasons. They are really more mischiefware than malware. MOBILE THREATS: A RETURN TO THE CLASSICS SCAMS PH ISH I NG SPAM Enter Name Figure 1: Leading Mobile Threats Mobile malware that truly breaks the security model of the phone is still in its infancy with little evidence of attacks beyond a few incidents that targeted the Android platform (see Targeting Android Platforms section later in the report). In 2013, this is likely to change as adoption of mobile devices continues to grow rapidly and businesses increasingly provide access to corporate assets. According to the IDG Global Mobility Study, 70 percent of employees surveyed access the corporate network using a personally owned smartphone or tablet. This access extends to business-critical applications as well. For example, 80 percent of employees access email from their personal devices. In the desktop world, cybercriminals can purchase exploit kits on the underground market and utilize malnet infrastructures to continually launch malware attacks on users. For mobile devices, however, weaponized exploit kits are not yet as common as exploits targeting desktop and laptop 4 MALICIOUS APPS Malnets (malware networks) are distributed infrastructures within the Internet that are built, managed and maintained by cybercriminals for the purpose of launching on-going attacks against users over extended periods of time. computers. However, established techniques such as pornography, spam and phishing that have worked well in the desktop world are now successfully migrating to the mobile world. Many of these tactics are device agnostic, so expanding the attack to target mobile devices is relatively simple. Phishing, scams and spam target users on all devices in an effort to convince users to provide credentials or other confidential information, such as credit card information. A recent phishing attack demonstrates how easy it is to be tricked into providing credentials on a mobile device. In the attack, a user received a perfectly formatted, grammatically correct phishing email informing them that Paypal had detected suspicious activity during the user’s last transaction. The email went on to say that PayPal had temporarily blocked the account until the user verified the account by clicking on a link.
It is also often harder to make good choices about the links you visit on a mobile device. Many times these links are truncated or shortened via a service such as bitly, which impedes a user’s ability to make a good decision about their destination. In the phishing attack, a user wouldn’t be able to hover over the link in the email and see the true URL address. If they clicked on the link, they wouldn’t see the fully resolved link in the address bar either. Further complicating the matter is behavioral conditioning. Users are taught to expect mobile websites to look different than the desktop versions. This gives attackers the ability to prey on that perception difference and craft a fake mobile site at a strange URL for an established company. This is a classic phishing attack. After clicking the link in the email, the user would have been sent to a webpage that is an exact replica of the PayPal credentials page. The only exception was that the actual URL behind the link in the email did not take the user to PayPal. Mobile Risks: Setting users up for failure Mobile devices have empowered users, giving them access to a wealth of information and corporate assets from anywhere. Yet, we haven’t put in place the tools and practices that will allow them to make good, safe choices. Essentially, we have set them up to fail. When we think about security under the lens of mobile devices, some risks decrease, some increase and some stay the same. For example, consider the increased risk of your password being exposed to an onlooker. Mobile phones often reverse the yearslong practice of instantly masking passwords when you type them in – these devices typically expose the password, character by character, to ensure your entry is correct. Another important difference between desktop and mobile environments is that mobile versions of websites are often crafted and hosted by third parties. For the user, that means the URL might not even be a good indicator of the relative safety of the site. Accessing the website for Hilton Hotels from your mobile device, for example, redirects you to usable. net. This practice essentially conditions customers to be comfortable with going to a strange URL to find an official site and gives attackers an edge they can potentially leverage to deceive mobile users. Mobile applications themselves also provide a point at which it is difficult for customers to make safe, well-informed decisions. In its current state, the most popular mobile applications are produced by companies with which most users are unfamiliar. If a piece of software makes it to the shelves of Best Buy, consumers perceive that both the software and the company that designed it have been vetted. In the mobile app world, new players emerge constantly with no reputation in areas like security quality. Nor is there a good mechanism for creating reputation ratings. Already, this is resulting in applications that send unencrypted personal data over open networks or collect too much personal information. . 5
Behavioral Patterns of Mobile Users To understand mobile risks, it’s critical to look at the behavioral patterns of how these devices are used. On average, a user spends 72 minutes a day browsing the mobile web. This is independent of the time spent using native applications and represents the time when users are most vulnerable to threats. During that time, users are spending more than 11 minutes with content related to computers/Internet. The remaining 60 minutes are spent looking at a variety of content, ranging from social networking and shopping to business/economy and entertainment. The diversity of topics that comprise a user’s day on the web demonstrates how important mobile devices have become. By effectively putting a computer in the hands of user, mobile devices have given them access to any information from any location. That will have security implications. A DAY OF A MOBILE USER Total time spent browsing the mobile Web is 72 MINUTES ENTE RTAI NM BUSI N ESS/ EC O GS ENT min 11 .6 .4m 1.6 in min 1.7m CO I NT M PU ER TE N E RS/ T SBL n AL P AG E 8.5mi SO N OTH ER PER S RE PO R CR TS/ EA TIO N1 UN .2 RAT mi ED n 1 in O N O MY 2m in NON- VIEWABLE CONTENT SERVERS 2.4min REFEREN CE G PPI N min 3.2 SO 4m IA ED ADS 5.3m in /M WS n 6.1mi WEB ES/ NE IN H EN G S E A R C LS PO RTA in SH O 2.7min Figure 2: Where Mobile Users Spend Their Time 6 CIA LN ET WO RK IN G 9. 6m in 10.7min
For mobile users, the patterns we observed in 2012 show a marked difference from the patterns of desktop users and point to the ways in which behavior can be exploited by cybercriminals. For most users, mobile devices are a personal experience. Users access much more recreational content, including shopping, entertainment and personal pages/blogs, from their mobile devices than desktops or laptops. In fact, the percentage of requests for recreational content was twice as high for mobile users. Likewise, news/media was one of the most popular categories of content requested from mobile devices. Social networking also continued to rank slightly higher for mobile users versus desktop users, as first noted in the Blue Coat Systems 2012 Web Security Report, which is interesting given the predominance of native mobile applications for social networking sites. KEY CONTRASTS: MOBILE VS. DESKTOP USAGE Differences in Device Purpose Drive Priorities in Web Use Mobile Web Use Desktop Web Use 20% 19.26% 15% MOBILE RECREATION • PERSONAL PAGES/BLOGS – 2.20% • ENTERTAINMENT – 2.35% • SHOPPING – 4.45% 13.35% 10% 11.25% 9% 8.47% 5% 5.65% 1.96% 0.94% 0% Social Networking Search Engine/Portals 5.61% Audio/Vido Clips News/Media 4.18% Recreational Figure 3: Most Requested Categories: Mobile vs. Desktop Users Among the most noticeable difference between user behavior occurs within search engines/portals. Desktop users use search engines twice as much as mobile users. For mobile users, search engines ranked as the fourth most requested category of content. This difference points to less reliance on search engines by users on mobile devices. Mobile users look for rapid access to information they need, often going directly to a source rather than waiting for search results. Additionally, the availability of native apps changes the search dynamic on mobile devices, making it easier to access the applications and features that are most important. 7
The high use of search engines by desktop users has driven a correlation in threat vectors, with search engine poisoning consistently ranking as the leading entry point to malware. As the mobile malware ecosystem expands, cybercriminals will likely be less inclined to spend the same level of resources targeting mobile users through search engines. Users also favor desktops over mobile devices for audio/video content by an overwhelming margin. For desktop users, audio/video content is the sixth most requested category of content, representing more than five percent of all requests, and growing steadily. Conversely, requests for audio/video content from mobile users accounted for just one percent of all requests. The small screen impacts user experience while the lack of Flash support on some devices limits the audience for this type of content. The uniform demand for a quality experience regardless of platform type is creating a bifurcation in the application market. Today, users will move between web, mobile web and native mobile applications, depending on which can best meet their experience expectations. For example, users are clearly opting to use web or native mobile applications to access audio/video content. These applications optimize their experience better than mobile web versions. The search for the optimal user experience continues to condition users and extends to the use of corporate applications on mobile devices. As organizations introduce corporate app stores to better manage the applications on their network, user experience will be a key driver of adoption. From a security perspective, users will tend to go with the application that provides the best user experience even if it is not the most secure option. For example, most organizations set size limits on email attachments. An employee facing these limits would be forced to split a large file into two different attachments, requiring effort on the part of the sender and the receiver, who would then need to piece the two files together. Alternatively, the employee could upload the file to Box.com and just send out a link. This option is not necessarily the most secure and might even violate compliance to relevant regulations. By not paying attention to the user experience, organizations can inadvertently create security gaps. Best Practices Close the mobile app gap on your network. Make sure that you can see and consistently enforce policy across all three types of applications (and their operations) that may be running on your network: 1. Web applications (desktop browser) 2. Mobile web applications (mobile browser) 3. Native mobile applications As you adopt BYOD initiatives and allow employees to access corporate assets with their own devices, be sure these controls extend to those devices as well. 8
Mobile Threat Vectors: User Behavior Becomes the Achilles Heel Mobile user behavior creates opportunities for cybercriminals to lure users to malware by leveraging popular categories of content. Protecting users that are vulnerable to manipulation or behavioral exploitation can be challenging without understanding where they are most at risk. These threat vectors are driven by user choices or behavior and are designed to lead mobile users to malware. While many threat vectors correlate directly to high usage categories, there are some interesting exceptions. In 2012, the most dangerous place for mobile users was pornography. More than 20 percent of the time that a user went to a malicious site, they were coming from a pornography site. It is important to note that mobile users are going to pornography sites less than one percent of the time. When they do visit pornography sites, though, they have a high risk of finding a threat. Interestingly, when malware first moved to the Internet, pornography was one of the leading sources of malware for desktop users. The prevalence of pornography as the leading threat vector for desktop users has ebbed, giving way to attacks that target much larger user populations, such as search engine poisoning. In the desktop environment, pornography continued to fall as a threat vector as it became easier to target a large number of users on places like search engines or social networking sites. It is reasonable to expect that the same will be true for the mobile environment, especially considering that in both environments pornography is not a frequently requested category of content. TOP THREAT VECTORS FOR MOBILE USERS % Of Malicious Requests Driven By Each Threat Vector % Web Requests From Mobile Users 25 % of Requests 20 15 10 5 0 Pornography Suspicious Computers/Internet Web Advertisements Entertainment Unrated Search Engines/ Portals Categories of Web Content Figure 4: Percent of Malicious Requests Driven by Each Category Compared to Requests for Content in that Category 9
The second most popular entry point into malware was through sites categorized as suspicious. These typically include sites that are part of the Web and email spam ecosystem and aren’t hosting or otherwise more explicitly linked to a malicious site. With users spending the most amount of their mobile web browsing time accessing computers/Internet content, it’s not surprising that this content is also a leading threat vector, responsible for more than seven percent of all malicious requests from mobile devices. Many of the early successful mobile malware attacks offered users an Android version of Skype or an Opera browser. This category of content, which includes sites that sponsor or provide information on computers, technology, the Internet and technologyrelated organizations and companies, is also frequently requested by desktop users though, as a threat vector, it is not as popular. Web advertisements are an interesting case. They rank as both the fourth most requested category of content as well as the fourth ranked threat vector for mobile users, demonstrating that both the ad-based revenue model and malvertising attack methodology have transitioned to the mobile web nicely. Cybercriminals have been refining malvertising attacks against desktop users for several years, and it consistently appears as a top threat vector. Mobile users who shop or conduct online banking on their smartphones are important targets for both commercial businesses and malware operators. The volume of web advertisements that are delivered through these mobile applications creates an effective entry point for cybercriminals to inject ads that lead to malicious downloads. A recent example was an advertisement for a fake Angry Birds download. The download delivered an SMS Trojan that made premium SMS calls (texts) to the malware host, which then billed users without their knowledge. Other similar tactics involve presenting fake downloads such as PDFs, browser updates or executable files that then deliver malicious payloads designed to steal personal information and other assets. Figure 5: Malicious Ad Serving Malware Disguised as a PDF Download Given the success of the model in desktop environments and the seemingly successful transition to mobile environments, it is reasonable to expect malvertising will continue to be a key threat vector. Note that social networking is absent as a mobile threat vector, despite being the third most requested category of content. One explanation is that some social networks deploy separate and distinct mobile and web-based applications. For example, the Yammer mobile application has a different URL than the web-based version. Users of social networking mobile apps are also less likely to click on links people send because it is more disruptive than opening the link in a new tab of a desktop browser. While search engine poisoning (SEP) is a top threat tactic against desktop users, the vector will likely remain low on the list for mobile devices as long as mobile search usage remains at its current level. 10
Mobile Malware Tactics Behavioral information provides insight into where users might be targeted and the threat vectors show where they are most successfully being targeted at any given point. The tactics will now show how they are targeted. While spam was the second highest “malicious” category of requested content, it was not an efficient tactic. Mobile devices represented 1.71 percent of all requests for spam content yet 4.39 percent of all spam websites were targeting mobile devices. TARGETING THE MOBILE USER CLASSIC THREATS FIND SUCCESS WITH MOBILE USERS PERCENTAGE OF UNIQUE SITES REQUESTED BY MOBILE DEVICES PERCENTAGE OF REQUESTS FROM MOBILE DEVICES TO MALICIOUS CATEGORIES 2.23% Spam 1.71% 1.52% 1.34% Suspicious Phishing Potentially Unwanted SW 0.9% SPAM 4.39% PORNOGRAPHY 3.8% PROXY AVOIDANCE 1.2% SUSPICIOUS 0.98% MALICIOUS SOURCES 0.78% PHISHING 0.77% POTENTIALLY UNWANTED SW Pornography 0.46% Figure 6: Relative Effectiveness of Tactics Spam, by its nature, uses many domain names in an effort to avoid detection. In 2012, cybercriminals cycled through more than 2.5 domains for every successful attack. This high work to return ratio is in contrast to the more efficient phishing attacks. Phishing as a tactic is a more productive method that uses fewer websites to attract a relatively larger amount of traffic. Mobile devices accounted for 1.34 percent of all phishing requests, yet only 0.77 percent of all phishing sites are targeting mobile users exclusively. This data indicate that phishing attacks on mobile devices are much more effective at driving users to their sites. Given this dynamic, you could reasonably assume that there would be a spike in phishing attacks. However, the presence of malnets is the great equalizer. By leveraging an existing infrastructure, cybercriminals can easily change domain names for any one attack while leaving the rest of the attack path in place. This has the effect of making spam attacks relatively easy to launch and sustain despite its seemingly low rate of return. Best Practices • Block all content to mobile and desktop devices from dangerous categories, including pornography, phishing and spam. • Block executable content from un-rated domains and categories that typically host malware, such as Dynamic DNS hosts. 11
Targeting Android Platforms Android devices offer a unique case study on the rise of mobile malware. The unregulated app market and diversity of Android-based devices ensures that cybercriminals will find greater success targeting these platforms. Blue Coat WebPulse collaborative defense first detected an Android exploit in real time on February 5, 2009. Since then, Blue Coat Security Labs has observed a steady increase in Android malware. In the July-September 2012 quarter alone, Blue Coat Security Labs saw a 600 percent increase in Android malware over the same period last year. In June 2012, requests to malware targeting Android devices reached more than 1,000. While requests ebbed and flowed over the course of a 12-month period, one thing is clear: Cybercriminals are launching more threats and becoming more efficient at driving users to those threats. Prior to a period of heightened activity in May and June, the highest volume of threat activity was in November 2011, peaking at just over 500 threats for the month. TARGETING ANDROID Mobile Malicious Category Requests Intercepted by WebPulse 1200 1000 800 600 400 200 0 Sep 2011 Oct Nov Dec Jan 2012 Feb Mar Apr May Jun Jul Aug Sep Figure 7: Volume of Requests for Android Malware The Android-based malware blocked by WebPulse included an Android root exploit and a variety of rogue Android software. Forty percent of Android malware was delivered via malnets, demonstrating how cybercriminals can successfully utilize embedded infrastructures to attack mobile users. In the most recent six months, WebPulse also blocked an increasing number of unique malicious Android applications. 12
BREAKDOWN OF ANDROID MALWARE BLOCKED BY WEBPULSE IN 2012 Unique Android Malware URLs 1% Andriod Malware via Malnets 40% Unique Android Malicious Applications 1% 58% Andriod Root Exploit and Rogue SW Figure 8: Android Malware Blocked by WebPulse in 2012 Best Practices: Protect Your Users and Business from Mobile Malware • Only download mobile applications only from trusted sources. • Extend the same threat protection in your corporate network to mobile devices in any location. • Enforce use of trusted applications with granular native and mobile web application controls. Delivering Mobile Malware with Malnets Malnets revolutionized the way cybercriminals deliver malware attacks to desktop and laptop users. In 2012, they set their sights on mobile devices. Malnet infrastructures are embedded in the Internet. They are such a powerful tool for cybercrime because they are always there, ready to be used in any attack, and are extremely adaptable. With these infrastructures, cybercriminals can launch ongoing attacks on users, targeting wide swaths of users with very little effort. Read more on malnets in the Blue Coat Systems 2012 Malnet Report. Cybercrime organizations spent 2012 tuning malnets to require low investment and deliver high impact results. This same strategy is now being extended to mobile devices for further financial gain. This is a significant shift that will rapidly increase attacks on mobile devices. 13
Prior to 2012, mobile-specific attacks launched from malnets consisted primarily of malicious Java apps. Malnet components serving malicious Android apps first appeared in October 2011. It wasn’t until February 2012, though, that malnets targeting mobile users showed real activity. That month, Blue Coat Security Labs saw not only a significant surge in mobile malware but the adoption of classic evasion techniques as well. The impact of this shift has been noticeable. Since early 2012, cybercriminals have expanded their infrastructure to launch attacks on mobile devices. In 2012, mobile traffic to malnets increased to two percent of overall malnet traffic. This growth is further evidence that mobile malware is poised to make an impact in 2013. The growth in requests to malnets from mobile devices was driven by eight unique malnets in 2012. Three of the malnets, Narid, Devox and Criban, targeted mobile devices exclusively while the others simply expanded their malicious activities to include mobile devices. Narid and Devox are no longer active malnets. Criban continues to show a low level of activity with 83 new hosts over the past year. The maximum number of hosts used in a given day was 3. THREE LARGEST MOBILE MALNETS NARI D DEVOX CRI BAN Figure 9: Leading Malnets Exclusively Targeting Mobile Devices It is clear that in 2012, malnets were in an experimental phase of targeting mobile devices. They will continue to invest in their strategies, develop better tactics and show greater success in 2013. web host with many other sites. There was nothing suspicious about the web host though the fact that the offer was delivered via a Russian website should have been an immediate red flag for users. Anatomy of a Mobile Malware Attack When a user clicked on the download button, they were relayed to a different website that was in a bad Internet “neighborhood” – one known to be associated with suspicious and malicious activities. The user was then relayed to another known suspicious site for the actual download. In September, Blue Coat Security Labs examined an Android attack launched by a known malnet. In this particular attack, a user was offered an Android version of Skype via a website that lived on a shared 14
At the time of this attack, the download was recognized by only 10 of the 41 anti-virus engines in Virustotal. During the same week that this attack occurred, one of the mobile malware malnets used 38 domain names and another used 14 domain names for a variety of sites that were involved in attacks. Among the sites were two Flash update sites, four pornography sites, a movie site, a couple of browser sites and several general “file” and “app” sites. The diversity of these concurrently running attacks shows that although mobile malware is in the early stages, it is clear it will continue to grow and become a problem for users as well as businesses that allow those users access to the corporate network. Figure 10: Malware Attack Offering Android Version of Skype Summary Mobile users represent a complex and growing constituency for organizations today. Those that can securely manage mobile devices can gain a competitive advantage by enabling their employees to be more productive. As businesses increasingly open their networks to mobile devices, cybercriminals will be knocking at the door. As we have seen in this report, they are already arming themselves for an attack. Extending an enterprise-class web security solution to include mobile devices is a good first step towards protecting your employees. By closing the mobile security gap and enabling access to corporate assets with appropriate policy controls, businesses can proactively protect themselves against this evolving mobile threat landscape while capitalizing on the innovation and productivity of a mobile workforce. 15
Blue Coat Systems, Inc. • 1.866.30.BCOAT • +1.408.220.2200 Direct +1.408.220.2250 Fax • www.bluecoat.com Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter and BlueTouch are registered trademarks of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. v.BC-2013-MOBILE-MALNET-SECURITY-REPORT-V1D-0213

Recommended

Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threatAli J
 
Is Your Dating App Breaking Your Heart?
Is Your Dating App Breaking Your Heart?Is Your Dating App Breaking Your Heart?
Is Your Dating App Breaking Your Heart?IBM Security
 
11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In DangerCopper Mobile, Inc.
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 
proofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperproofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperKen Spencer Brown
 
RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014EMC
 

Recommended

Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threatAli J
 
Is Your Dating App Breaking Your Heart?
Is Your Dating App Breaking Your Heart?Is Your Dating App Breaking Your Heart?
Is Your Dating App Breaking Your Heart?IBM Security
 
11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In DangerCopper Mobile, Inc.
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 
proofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperproofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperKen Spencer Brown
 
RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014EMC
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageCindy Kim
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011subramanian K
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentK Singh
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
The Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaThe Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaPriyanka Aash
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
HinDroid
HinDroidHinDroid
HinDroidHinDroid
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 
Social media & cyber crime
Social media & cyber crimeSocial media & cyber crime
Social media & cyber crimeatifkhanniazi
 
Phishing on android
Phishing on androidPhishing on android
Phishing on androidGenaroSantiago3
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
Cisco solutions guide
Cisco solutions guideCisco solutions guide
Cisco solutions guideContent Rules, Inc.
 
Planning Your Global Content Strategy
Planning Your Global Content StrategyPlanning Your Global Content Strategy
Planning Your Global Content StrategyContent Rules, Inc.
 

More Related Content

What's hot

Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageCindy Kim
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011subramanian K
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentK Singh
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
The Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaThe Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaPriyanka Aash
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 
Social media & cyber crime
Social media & cyber crimeSocial media & cyber crime
Social media & cyber crimeatifkhanniazi
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 

What's hot (20)

Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the Message
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or not
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environment
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security Software
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
The Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaThe Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social Media
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
 
HinDroid
HinDroidHinDroid
HinDroid
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
 
Social media & cyber crime
Social media & cyber crimeSocial media & cyber crime
Social media & cyber crime
 
Phishing on android
Phishing on androidPhishing on android
Phishing on android
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 

Viewers also liked

Planning Your Global Content Strategy
Planning Your Global Content StrategyPlanning Your Global Content Strategy
Planning Your Global Content StrategyContent Rules, Inc.
 
Solving the quality content problem
Solving the quality content problemSolving the quality content problem
Solving the quality content problemContent Rules, Inc.
 
Content Rules Tech Illustrations Samples
Content Rules Tech Illustrations SamplesContent Rules Tech Illustrations Samples
Content Rules Tech Illustrations SamplesContent Rules, Inc.
 
NetScout Data Sheet UMTS-HSPA Migration
NetScout Data Sheet UMTS-HSPA MigrationNetScout Data Sheet UMTS-HSPA Migration
NetScout Data Sheet UMTS-HSPA MigrationContent Rules, Inc.
 
Preparing the Sentriant CE150 for Operation Module 7
 - - Training Sample
Preparing the Sentriant CE150 for Operation Module 7
 - - Training SamplePreparing the Sentriant CE150 for Operation Module 7
 - - Training Sample
Preparing the Sentriant CE150 for Operation Module 7
 - - Training SampleContent Rules, Inc.
 

Viewers also liked (7)

Cisco solutions guide
Cisco solutions guideCisco solutions guide
Cisco solutions guide
 
Planning Your Global Content Strategy
Planning Your Global Content StrategyPlanning Your Global Content Strategy
Planning Your Global Content Strategy
 
Solving the quality content problem
Solving the quality content problemSolving the quality content problem
Solving the quality content problem
 
Content Rules Tech Illustrations Samples
Content Rules Tech Illustrations SamplesContent Rules Tech Illustrations Samples
Content Rules Tech Illustrations Samples
 
NetScout Data Sheet UMTS-HSPA Migration
NetScout Data Sheet UMTS-HSPA MigrationNetScout Data Sheet UMTS-HSPA Migration
NetScout Data Sheet UMTS-HSPA Migration
 
Sejin Datasheet
Sejin DatasheetSejin Datasheet
Sejin Datasheet
 
Preparing the Sentriant CE150 for Operation Module 7
 - - Training Sample
Preparing the Sentriant CE150 for Operation Module 7
 - - Training SamplePreparing the Sentriant CE150 for Operation Module 7
 - - Training Sample
Preparing the Sentriant CE150 for Operation Module 7
 - - Training Sample
 

Similar to Blue Coat 2013 Systems Mobile Malware Report

Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
The Current State of Cybercrime 2013
The Current State of Cybercrime 2013The Current State of Cybercrime 2013
The Current State of Cybercrime 2013EMC
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfkostikjaylonshaewe47
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malwareeSAT Publishing House
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware surveyeSAT Journals
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfGMATechnologies1
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsBMI Healthcare
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문Jiransoft Korea
 
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docxGemalto Building Trust in Mobile Apps The Consumer Perspecti.docx
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docxhanneloremccaffery
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfvenkatprasadvadla1
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 

Similar to Blue Coat 2013 Systems Mobile Malware Report (20)

Protecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingProtecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile Phishing
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
The Current State of Cybercrime 2013
The Current State of Cybercrime 2013The Current State of Cybercrime 2013
The Current State of Cybercrime 2013
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malware
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware survey
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_report
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdf
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-payments
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docxGemalto Building Trust in Mobile Apps The Consumer Perspecti.docx
Gemalto Building Trust in Mobile Apps The Consumer Perspecti.docx
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 

More from Content Rules, Inc.

Taxonomy and Terminology: The Crossroad of Controlled Vocabulary
Taxonomy and Terminology: The Crossroad of Controlled VocabularyTaxonomy and Terminology: The Crossroad of Controlled Vocabulary
Taxonomy and Terminology: The Crossroad of Controlled VocabularyContent Rules, Inc.
 
Taking Your Content to Global Proportinos - Global Website Best Practices
Taking Your Content to Global Proportinos - Global Website Best PracticesTaking Your Content to Global Proportinos - Global Website Best Practices
Taking Your Content to Global Proportinos - Global Website Best PracticesContent Rules, Inc.
 
Do Personas Work in a Global Marketplace?
Do Personas Work in a Global Marketplace?Do Personas Work in a Global Marketplace?
Do Personas Work in a Global Marketplace?Content Rules, Inc.
 
Processing Source Terminology - Localization World 2014
Processing Source Terminology - Localization World 2014Processing Source Terminology - Localization World 2014
Processing Source Terminology - Localization World 2014Content Rules, Inc.
 
Global content strategy meetup 10_16_14
Global content strategy meetup 10_16_14Global content strategy meetup 10_16_14
Global content strategy meetup 10_16_14Content Rules, Inc.
 
Your Brain on XML: Structured Content and Operational Efficiency
Your Brain on XML: Structured Content and Operational EfficiencyYour Brain on XML: Structured Content and Operational Efficiency
Your Brain on XML: Structured Content and Operational EfficiencyContent Rules, Inc.
 
WikiProject Medicine: Breaking Down Barriers to Save Lives
WikiProject Medicine: Breaking Down Barriers to Save LivesWikiProject Medicine: Breaking Down Barriers to Save Lives
WikiProject Medicine: Breaking Down Barriers to Save LivesContent Rules, Inc.
 
Content rules overview and global readiness
Content rules overview and global readinessContent rules overview and global readiness
Content rules overview and global readinessContent Rules, Inc.
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleContent Rules, Inc.
 
NetApp Word Cloud - Marketing Sample
NetApp Word Cloud - Marketing SampleNetApp Word Cloud - Marketing Sample
NetApp Word Cloud - Marketing SampleContent Rules, Inc.
 
How to Write Using International English - Excerpt
How to Write Using International English - ExcerptHow to Write Using International English - Excerpt
How to Write Using International English - ExcerptContent Rules, Inc.
 
P03 swisher val_developing a global content strategy_swisher
P03 swisher val_developing a global content strategy_swisherP03 swisher val_developing a global content strategy_swisher
P03 swisher val_developing a global content strategy_swisherContent Rules, Inc.
 
The Seven Components of a Global Content Strategy
The Seven Components of a Global Content StrategyThe Seven Components of a Global Content Strategy
The Seven Components of a Global Content StrategyContent Rules, Inc.
 
Using Language to Change the World - Translators Without Borders
Using Language to Change the World - Translators Without BordersUsing Language to Change the World - Translators Without Borders
Using Language to Change the World - Translators Without BordersContent Rules, Inc.
 
Thinking Strategically About Content Destined for Machine Translation
Thinking Strategically About Content Destined for Machine TranslationThinking Strategically About Content Destined for Machine Translation
Thinking Strategically About Content Destined for Machine TranslationContent Rules, Inc.
 
Shepherding Your Content for Operational Efficiency
Shepherding Your Content for Operational EfficiencyShepherding Your Content for Operational Efficiency
Shepherding Your Content for Operational EfficiencyContent Rules, Inc.
 
It Starts With The Source - Source English Terminology in a Multi-Channel, Gl...
It Starts With The Source - Source English Terminology in a Multi-Channel, Gl...It Starts With The Source - Source English Terminology in a Multi-Channel, Gl...
It Starts With The Source - Source English Terminology in a Multi-Channel, Gl...Content Rules, Inc.
 
Cisco Integrated Selling Process Presentation
Cisco Integrated Selling Process PresentationCisco Integrated Selling Process Presentation
Cisco Integrated Selling Process PresentationContent Rules, Inc.
 

More from Content Rules, Inc. (20)

Taxonomy and Terminology: The Crossroad of Controlled Vocabulary
Taxonomy and Terminology: The Crossroad of Controlled VocabularyTaxonomy and Terminology: The Crossroad of Controlled Vocabulary
Taxonomy and Terminology: The Crossroad of Controlled Vocabulary
 
Taking Your Content to Global Proportinos - Global Website Best Practices
Taking Your Content to Global Proportinos - Global Website Best PracticesTaking Your Content to Global Proportinos - Global Website Best Practices
Taking Your Content to Global Proportinos - Global Website Best Practices
 
Do Personas Work in a Global Marketplace?
Do Personas Work in a Global Marketplace?Do Personas Work in a Global Marketplace?
Do Personas Work in a Global Marketplace?
 
Processing Source Terminology - Localization World 2014
Processing Source Terminology - Localization World 2014Processing Source Terminology - Localization World 2014
Processing Source Terminology - Localization World 2014
 
Global content strategy meetup 10_16_14
Global content strategy meetup 10_16_14Global content strategy meetup 10_16_14
Global content strategy meetup 10_16_14
 
Your Brain on XML: Structured Content and Operational Efficiency
Your Brain on XML: Structured Content and Operational EfficiencyYour Brain on XML: Structured Content and Operational Efficiency
Your Brain on XML: Structured Content and Operational Efficiency
 
WikiProject Medicine: Breaking Down Barriers to Save Lives
WikiProject Medicine: Breaking Down Barriers to Save LivesWikiProject Medicine: Breaking Down Barriers to Save Lives
WikiProject Medicine: Breaking Down Barriers to Save Lives
 
Content rules overview and global readiness
Content rules overview and global readinessContent rules overview and global readiness
Content rules overview and global readiness
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training Sample
 
NetApp Word Cloud - Marketing Sample
NetApp Word Cloud - Marketing SampleNetApp Word Cloud - Marketing Sample
NetApp Word Cloud - Marketing Sample
 
How to Write Using International English - Excerpt
How to Write Using International English - ExcerptHow to Write Using International English - Excerpt
How to Write Using International English - Excerpt
 
P03 swisher val_developing a global content strategy_swisher
P03 swisher val_developing a global content strategy_swisherP03 swisher val_developing a global content strategy_swisher
P03 swisher val_developing a global content strategy_swisher
 
The Seven Components of a Global Content Strategy
The Seven Components of a Global Content StrategyThe Seven Components of a Global Content Strategy
The Seven Components of a Global Content Strategy
 
Using Language to Change the World - Translators Without Borders
Using Language to Change the World - Translators Without BordersUsing Language to Change the World - Translators Without Borders
Using Language to Change the World - Translators Without Borders
 
Google Course Lecture
Google Course LectureGoogle Course Lecture
Google Course Lecture
 
Thinking Strategically About Content Destined for Machine Translation
Thinking Strategically About Content Destined for Machine TranslationThinking Strategically About Content Destined for Machine Translation
Thinking Strategically About Content Destined for Machine Translation
 
Shepherding Your Content for Operational Efficiency
Shepherding Your Content for Operational EfficiencyShepherding Your Content for Operational Efficiency
Shepherding Your Content for Operational Efficiency
 
It Starts With The Source - Source English Terminology in a Multi-Channel, Gl...
It Starts With The Source - Source English Terminology in a Multi-Channel, Gl...It Starts With The Source - Source English Terminology in a Multi-Channel, Gl...
It Starts With The Source - Source English Terminology in a Multi-Channel, Gl...
 
Silver Peak Case Study
Silver Peak Case StudySilver Peak Case Study
Silver Peak Case Study
 
Cisco Integrated Selling Process Presentation
Cisco Integrated Selling Process PresentationCisco Integrated Selling Process Presentation
Cisco Integrated Selling Process Presentation
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Blue Coat 2013 Systems Mobile Malware Report

  • 1. Blue Coat Systems 2013 Mobile Malware Report How Users Drive the Mobile Threat Landscape
  • 2. Table of Contents Summary of Key Findings 3 Understanding the Mobile Threat Landscape 4 Behavioral Patterns of Mobile Users 6 Mobile Threat Vectors: User Behavior Becomes the Achilles Heel 9 Delivering Mobile Malware with Malnets 13 Summary 15 2
  • 3. Summary of Key Findings Mobile users are transforming the scope and volume of human interactions globally. This transformation is enabled by the ubiquity of mobile devices, unprecedented access to the Internet from virtually any location and a growing wealth of mobile applications. Mobile devices in the enterprise represent the confluence of personal and corporate needs and usage. Businesses are challenged to keep pace with the proliferation of mobile devices and maintain control over them as they strain the boundaries of corporate control. The unfettered growth in mobility has also created an alluring opportunity for cybercriminals to generate profits through mobile malware. This report examines the mobile threat landscape and the behavioral patterns of mobile users that make them most vulnerable to data loss, malicious applications, fraud and other mobile threats. Data in this report comes from the Blue Coat WebPulse collaborative defense and the Blue Coat Security Labs. WebPulse analyzes requests in real-time from 75 million users worldwide to gain a comprehensive view of the web and malware ecosystems. By tracking malnets, WebPulse also delivers the industry’s only Negative Day Defense. Key Takeaways: 1. Mobile threats are still largely mischiefware – they have not yet broken the device’s security model but are instead more focused on for-pay texting scams or stealing personal information. 2. The most successful mobile malware tactics, including scams, spam and phishing, are classics that dominated the threat landscape when malware first moved to the web. These device-agnostic, easy-to-deploy attacks provide a natural crossover point for cybercriminals that are interested in launching attacks against mobile devices. 3. Pornography is proving to be the great weakness for mobile users. While mobile users don’t go to pornography sites often, when they do, the risk of finding malicious content is nearly three times as high as any other behavior. 4. While relatively small compared to desktops threats, the mobile threat landscape is becoming active. Malnets, the infrastructures that successfully drove nearly two thirds of all web-based attacks in 2012, are setting their sights on mobile users. To date, 40 percent of mobile malware blocked by WebPulse has originated from known malnets. 5. Extending security to mobile devices will be essential for businesses that need to protect their assets as well as their employees. Cybercriminals see the value in these targets as businesses continue to adopt BYOD initiatives, and businesses need to be prepared in 2013. 3
  • 4. Understanding the Mobile Threat Landscape In 2012, mobile threats were a relatively small but growing percentage of overall traffic. The threat landscape was marked by a resurgence of classic scams attempting to convince users to enter sensitive information into a website that replicates a bank’s website, for instance. Malicious applications typify another sort of risk for mobile devices. These applications often exhibit malicious behavior such as texting to “for-pay” services run by the attacker or in-app purchases. Collectively, these threats don’t break the security model of the phone but simply act in a manner in which they were expected to perform, albeit, for malicious reasons. They are really more mischiefware than malware. MOBILE THREATS: A RETURN TO THE CLASSICS SCAMS PH ISH I NG SPAM Enter Name Figure 1: Leading Mobile Threats Mobile malware that truly breaks the security model of the phone is still in its infancy with little evidence of attacks beyond a few incidents that targeted the Android platform (see Targeting Android Platforms section later in the report). In 2013, this is likely to change as adoption of mobile devices continues to grow rapidly and businesses increasingly provide access to corporate assets. According to the IDG Global Mobility Study, 70 percent of employees surveyed access the corporate network using a personally owned smartphone or tablet. This access extends to business-critical applications as well. For example, 80 percent of employees access email from their personal devices. In the desktop world, cybercriminals can purchase exploit kits on the underground market and utilize malnet infrastructures to continually launch malware attacks on users. For mobile devices, however, weaponized exploit kits are not yet as common as exploits targeting desktop and laptop 4 MALICIOUS APPS Malnets (malware networks) are distributed infrastructures within the Internet that are built, managed and maintained by cybercriminals for the purpose of launching on-going attacks against users over extended periods of time. computers. However, established techniques such as pornography, spam and phishing that have worked well in the desktop world are now successfully migrating to the mobile world. Many of these tactics are device agnostic, so expanding the attack to target mobile devices is relatively simple. Phishing, scams and spam target users on all devices in an effort to convince users to provide credentials or other confidential information, such as credit card information. A recent phishing attack demonstrates how easy it is to be tricked into providing credentials on a mobile device. In the attack, a user received a perfectly formatted, grammatically correct phishing email informing them that Paypal had detected suspicious activity during the user’s last transaction. The email went on to say that PayPal had temporarily blocked the account until the user verified the account by clicking on a link.
  • 5. It is also often harder to make good choices about the links you visit on a mobile device. Many times these links are truncated or shortened via a service such as bitly, which impedes a user’s ability to make a good decision about their destination. In the phishing attack, a user wouldn’t be able to hover over the link in the email and see the true URL address. If they clicked on the link, they wouldn’t see the fully resolved link in the address bar either. Further complicating the matter is behavioral conditioning. Users are taught to expect mobile websites to look different than the desktop versions. This gives attackers the ability to prey on that perception difference and craft a fake mobile site at a strange URL for an established company. This is a classic phishing attack. After clicking the link in the email, the user would have been sent to a webpage that is an exact replica of the PayPal credentials page. The only exception was that the actual URL behind the link in the email did not take the user to PayPal. Mobile Risks: Setting users up for failure Mobile devices have empowered users, giving them access to a wealth of information and corporate assets from anywhere. Yet, we haven’t put in place the tools and practices that will allow them to make good, safe choices. Essentially, we have set them up to fail. When we think about security under the lens of mobile devices, some risks decrease, some increase and some stay the same. For example, consider the increased risk of your password being exposed to an onlooker. Mobile phones often reverse the yearslong practice of instantly masking passwords when you type them in – these devices typically expose the password, character by character, to ensure your entry is correct. Another important difference between desktop and mobile environments is that mobile versions of websites are often crafted and hosted by third parties. For the user, that means the URL might not even be a good indicator of the relative safety of the site. Accessing the website for Hilton Hotels from your mobile device, for example, redirects you to usable. net. This practice essentially conditions customers to be comfortable with going to a strange URL to find an official site and gives attackers an edge they can potentially leverage to deceive mobile users. Mobile applications themselves also provide a point at which it is difficult for customers to make safe, well-informed decisions. In its current state, the most popular mobile applications are produced by companies with which most users are unfamiliar. If a piece of software makes it to the shelves of Best Buy, consumers perceive that both the software and the company that designed it have been vetted. In the mobile app world, new players emerge constantly with no reputation in areas like security quality. Nor is there a good mechanism for creating reputation ratings. Already, this is resulting in applications that send unencrypted personal data over open networks or collect too much personal information. . 5
  • 6. Behavioral Patterns of Mobile Users To understand mobile risks, it’s critical to look at the behavioral patterns of how these devices are used. On average, a user spends 72 minutes a day browsing the mobile web. This is independent of the time spent using native applications and represents the time when users are most vulnerable to threats. During that time, users are spending more than 11 minutes with content related to computers/Internet. The remaining 60 minutes are spent looking at a variety of content, ranging from social networking and shopping to business/economy and entertainment. The diversity of topics that comprise a user’s day on the web demonstrates how important mobile devices have become. By effectively putting a computer in the hands of user, mobile devices have given them access to any information from any location. That will have security implications. A DAY OF A MOBILE USER Total time spent browsing the mobile Web is 72 MINUTES ENTE RTAI NM BUSI N ESS/ EC O GS ENT min 11 .6 .4m 1.6 in min 1.7m CO I NT M PU ER TE N E RS/ T SBL n AL P AG E 8.5mi SO N OTH ER PER S RE PO R CR TS/ EA TIO N1 UN .2 RAT mi ED n 1 in O N O MY 2m in NON- VIEWABLE CONTENT SERVERS 2.4min REFEREN CE G PPI N min 3.2 SO 4m IA ED ADS 5.3m in /M WS n 6.1mi WEB ES/ NE IN H EN G S E A R C LS PO RTA in SH O 2.7min Figure 2: Where Mobile Users Spend Their Time 6 CIA LN ET WO RK IN G 9. 6m in 10.7min
  • 7. For mobile users, the patterns we observed in 2012 show a marked difference from the patterns of desktop users and point to the ways in which behavior can be exploited by cybercriminals. For most users, mobile devices are a personal experience. Users access much more recreational content, including shopping, entertainment and personal pages/blogs, from their mobile devices than desktops or laptops. In fact, the percentage of requests for recreational content was twice as high for mobile users. Likewise, news/media was one of the most popular categories of content requested from mobile devices. Social networking also continued to rank slightly higher for mobile users versus desktop users, as first noted in the Blue Coat Systems 2012 Web Security Report, which is interesting given the predominance of native mobile applications for social networking sites. KEY CONTRASTS: MOBILE VS. DESKTOP USAGE Differences in Device Purpose Drive Priorities in Web Use Mobile Web Use Desktop Web Use 20% 19.26% 15% MOBILE RECREATION • PERSONAL PAGES/BLOGS – 2.20% • ENTERTAINMENT – 2.35% • SHOPPING – 4.45% 13.35% 10% 11.25% 9% 8.47% 5% 5.65% 1.96% 0.94% 0% Social Networking Search Engine/Portals 5.61% Audio/Vido Clips News/Media 4.18% Recreational Figure 3: Most Requested Categories: Mobile vs. Desktop Users Among the most noticeable difference between user behavior occurs within search engines/portals. Desktop users use search engines twice as much as mobile users. For mobile users, search engines ranked as the fourth most requested category of content. This difference points to less reliance on search engines by users on mobile devices. Mobile users look for rapid access to information they need, often going directly to a source rather than waiting for search results. Additionally, the availability of native apps changes the search dynamic on mobile devices, making it easier to access the applications and features that are most important. 7
  • 8. The high use of search engines by desktop users has driven a correlation in threat vectors, with search engine poisoning consistently ranking as the leading entry point to malware. As the mobile malware ecosystem expands, cybercriminals will likely be less inclined to spend the same level of resources targeting mobile users through search engines. Users also favor desktops over mobile devices for audio/video content by an overwhelming margin. For desktop users, audio/video content is the sixth most requested category of content, representing more than five percent of all requests, and growing steadily. Conversely, requests for audio/video content from mobile users accounted for just one percent of all requests. The small screen impacts user experience while the lack of Flash support on some devices limits the audience for this type of content. The uniform demand for a quality experience regardless of platform type is creating a bifurcation in the application market. Today, users will move between web, mobile web and native mobile applications, depending on which can best meet their experience expectations. For example, users are clearly opting to use web or native mobile applications to access audio/video content. These applications optimize their experience better than mobile web versions. The search for the optimal user experience continues to condition users and extends to the use of corporate applications on mobile devices. As organizations introduce corporate app stores to better manage the applications on their network, user experience will be a key driver of adoption. From a security perspective, users will tend to go with the application that provides the best user experience even if it is not the most secure option. For example, most organizations set size limits on email attachments. An employee facing these limits would be forced to split a large file into two different attachments, requiring effort on the part of the sender and the receiver, who would then need to piece the two files together. Alternatively, the employee could upload the file to Box.com and just send out a link. This option is not necessarily the most secure and might even violate compliance to relevant regulations. By not paying attention to the user experience, organizations can inadvertently create security gaps. Best Practices Close the mobile app gap on your network. Make sure that you can see and consistently enforce policy across all three types of applications (and their operations) that may be running on your network: 1. Web applications (desktop browser) 2. Mobile web applications (mobile browser) 3. Native mobile applications As you adopt BYOD initiatives and allow employees to access corporate assets with their own devices, be sure these controls extend to those devices as well. 8
  • 9. Mobile Threat Vectors: User Behavior Becomes the Achilles Heel Mobile user behavior creates opportunities for cybercriminals to lure users to malware by leveraging popular categories of content. Protecting users that are vulnerable to manipulation or behavioral exploitation can be challenging without understanding where they are most at risk. These threat vectors are driven by user choices or behavior and are designed to lead mobile users to malware. While many threat vectors correlate directly to high usage categories, there are some interesting exceptions. In 2012, the most dangerous place for mobile users was pornography. More than 20 percent of the time that a user went to a malicious site, they were coming from a pornography site. It is important to note that mobile users are going to pornography sites less than one percent of the time. When they do visit pornography sites, though, they have a high risk of finding a threat. Interestingly, when malware first moved to the Internet, pornography was one of the leading sources of malware for desktop users. The prevalence of pornography as the leading threat vector for desktop users has ebbed, giving way to attacks that target much larger user populations, such as search engine poisoning. In the desktop environment, pornography continued to fall as a threat vector as it became easier to target a large number of users on places like search engines or social networking sites. It is reasonable to expect that the same will be true for the mobile environment, especially considering that in both environments pornography is not a frequently requested category of content. TOP THREAT VECTORS FOR MOBILE USERS % Of Malicious Requests Driven By Each Threat Vector % Web Requests From Mobile Users 25 % of Requests 20 15 10 5 0 Pornography Suspicious Computers/Internet Web Advertisements Entertainment Unrated Search Engines/ Portals Categories of Web Content Figure 4: Percent of Malicious Requests Driven by Each Category Compared to Requests for Content in that Category 9
  • 10. The second most popular entry point into malware was through sites categorized as suspicious. These typically include sites that are part of the Web and email spam ecosystem and aren’t hosting or otherwise more explicitly linked to a malicious site. With users spending the most amount of their mobile web browsing time accessing computers/Internet content, it’s not surprising that this content is also a leading threat vector, responsible for more than seven percent of all malicious requests from mobile devices. Many of the early successful mobile malware attacks offered users an Android version of Skype or an Opera browser. This category of content, which includes sites that sponsor or provide information on computers, technology, the Internet and technologyrelated organizations and companies, is also frequently requested by desktop users though, as a threat vector, it is not as popular. Web advertisements are an interesting case. They rank as both the fourth most requested category of content as well as the fourth ranked threat vector for mobile users, demonstrating that both the ad-based revenue model and malvertising attack methodology have transitioned to the mobile web nicely. Cybercriminals have been refining malvertising attacks against desktop users for several years, and it consistently appears as a top threat vector. Mobile users who shop or conduct online banking on their smartphones are important targets for both commercial businesses and malware operators. The volume of web advertisements that are delivered through these mobile applications creates an effective entry point for cybercriminals to inject ads that lead to malicious downloads. A recent example was an advertisement for a fake Angry Birds download. The download delivered an SMS Trojan that made premium SMS calls (texts) to the malware host, which then billed users without their knowledge. Other similar tactics involve presenting fake downloads such as PDFs, browser updates or executable files that then deliver malicious payloads designed to steal personal information and other assets. Figure 5: Malicious Ad Serving Malware Disguised as a PDF Download Given the success of the model in desktop environments and the seemingly successful transition to mobile environments, it is reasonable to expect malvertising will continue to be a key threat vector. Note that social networking is absent as a mobile threat vector, despite being the third most requested category of content. One explanation is that some social networks deploy separate and distinct mobile and web-based applications. For example, the Yammer mobile application has a different URL than the web-based version. Users of social networking mobile apps are also less likely to click on links people send because it is more disruptive than opening the link in a new tab of a desktop browser. While search engine poisoning (SEP) is a top threat tactic against desktop users, the vector will likely remain low on the list for mobile devices as long as mobile search usage remains at its current level. 10
  • 11. Mobile Malware Tactics Behavioral information provides insight into where users might be targeted and the threat vectors show where they are most successfully being targeted at any given point. The tactics will now show how they are targeted. While spam was the second highest “malicious” category of requested content, it was not an efficient tactic. Mobile devices represented 1.71 percent of all requests for spam content yet 4.39 percent of all spam websites were targeting mobile devices. TARGETING THE MOBILE USER CLASSIC THREATS FIND SUCCESS WITH MOBILE USERS PERCENTAGE OF UNIQUE SITES REQUESTED BY MOBILE DEVICES PERCENTAGE OF REQUESTS FROM MOBILE DEVICES TO MALICIOUS CATEGORIES 2.23% Spam 1.71% 1.52% 1.34% Suspicious Phishing Potentially Unwanted SW 0.9% SPAM 4.39% PORNOGRAPHY 3.8% PROXY AVOIDANCE 1.2% SUSPICIOUS 0.98% MALICIOUS SOURCES 0.78% PHISHING 0.77% POTENTIALLY UNWANTED SW Pornography 0.46% Figure 6: Relative Effectiveness of Tactics Spam, by its nature, uses many domain names in an effort to avoid detection. In 2012, cybercriminals cycled through more than 2.5 domains for every successful attack. This high work to return ratio is in contrast to the more efficient phishing attacks. Phishing as a tactic is a more productive method that uses fewer websites to attract a relatively larger amount of traffic. Mobile devices accounted for 1.34 percent of all phishing requests, yet only 0.77 percent of all phishing sites are targeting mobile users exclusively. This data indicate that phishing attacks on mobile devices are much more effective at driving users to their sites. Given this dynamic, you could reasonably assume that there would be a spike in phishing attacks. However, the presence of malnets is the great equalizer. By leveraging an existing infrastructure, cybercriminals can easily change domain names for any one attack while leaving the rest of the attack path in place. This has the effect of making spam attacks relatively easy to launch and sustain despite its seemingly low rate of return. Best Practices • Block all content to mobile and desktop devices from dangerous categories, including pornography, phishing and spam. • Block executable content from un-rated domains and categories that typically host malware, such as Dynamic DNS hosts. 11
  • 12. Targeting Android Platforms Android devices offer a unique case study on the rise of mobile malware. The unregulated app market and diversity of Android-based devices ensures that cybercriminals will find greater success targeting these platforms. Blue Coat WebPulse collaborative defense first detected an Android exploit in real time on February 5, 2009. Since then, Blue Coat Security Labs has observed a steady increase in Android malware. In the July-September 2012 quarter alone, Blue Coat Security Labs saw a 600 percent increase in Android malware over the same period last year. In June 2012, requests to malware targeting Android devices reached more than 1,000. While requests ebbed and flowed over the course of a 12-month period, one thing is clear: Cybercriminals are launching more threats and becoming more efficient at driving users to those threats. Prior to a period of heightened activity in May and June, the highest volume of threat activity was in November 2011, peaking at just over 500 threats for the month. TARGETING ANDROID Mobile Malicious Category Requests Intercepted by WebPulse 1200 1000 800 600 400 200 0 Sep 2011 Oct Nov Dec Jan 2012 Feb Mar Apr May Jun Jul Aug Sep Figure 7: Volume of Requests for Android Malware The Android-based malware blocked by WebPulse included an Android root exploit and a variety of rogue Android software. Forty percent of Android malware was delivered via malnets, demonstrating how cybercriminals can successfully utilize embedded infrastructures to attack mobile users. In the most recent six months, WebPulse also blocked an increasing number of unique malicious Android applications. 12
  • 13. BREAKDOWN OF ANDROID MALWARE BLOCKED BY WEBPULSE IN 2012 Unique Android Malware URLs 1% Andriod Malware via Malnets 40% Unique Android Malicious Applications 1% 58% Andriod Root Exploit and Rogue SW Figure 8: Android Malware Blocked by WebPulse in 2012 Best Practices: Protect Your Users and Business from Mobile Malware • Only download mobile applications only from trusted sources. • Extend the same threat protection in your corporate network to mobile devices in any location. • Enforce use of trusted applications with granular native and mobile web application controls. Delivering Mobile Malware with Malnets Malnets revolutionized the way cybercriminals deliver malware attacks to desktop and laptop users. In 2012, they set their sights on mobile devices. Malnet infrastructures are embedded in the Internet. They are such a powerful tool for cybercrime because they are always there, ready to be used in any attack, and are extremely adaptable. With these infrastructures, cybercriminals can launch ongoing attacks on users, targeting wide swaths of users with very little effort. Read more on malnets in the Blue Coat Systems 2012 Malnet Report. Cybercrime organizations spent 2012 tuning malnets to require low investment and deliver high impact results. This same strategy is now being extended to mobile devices for further financial gain. This is a significant shift that will rapidly increase attacks on mobile devices. 13
  • 14. Prior to 2012, mobile-specific attacks launched from malnets consisted primarily of malicious Java apps. Malnet components serving malicious Android apps first appeared in October 2011. It wasn’t until February 2012, though, that malnets targeting mobile users showed real activity. That month, Blue Coat Security Labs saw not only a significant surge in mobile malware but the adoption of classic evasion techniques as well. The impact of this shift has been noticeable. Since early 2012, cybercriminals have expanded their infrastructure to launch attacks on mobile devices. In 2012, mobile traffic to malnets increased to two percent of overall malnet traffic. This growth is further evidence that mobile malware is poised to make an impact in 2013. The growth in requests to malnets from mobile devices was driven by eight unique malnets in 2012. Three of the malnets, Narid, Devox and Criban, targeted mobile devices exclusively while the others simply expanded their malicious activities to include mobile devices. Narid and Devox are no longer active malnets. Criban continues to show a low level of activity with 83 new hosts over the past year. The maximum number of hosts used in a given day was 3. THREE LARGEST MOBILE MALNETS NARI D DEVOX CRI BAN Figure 9: Leading Malnets Exclusively Targeting Mobile Devices It is clear that in 2012, malnets were in an experimental phase of targeting mobile devices. They will continue to invest in their strategies, develop better tactics and show greater success in 2013. web host with many other sites. There was nothing suspicious about the web host though the fact that the offer was delivered via a Russian website should have been an immediate red flag for users. Anatomy of a Mobile Malware Attack When a user clicked on the download button, they were relayed to a different website that was in a bad Internet “neighborhood” – one known to be associated with suspicious and malicious activities. The user was then relayed to another known suspicious site for the actual download. In September, Blue Coat Security Labs examined an Android attack launched by a known malnet. In this particular attack, a user was offered an Android version of Skype via a website that lived on a shared 14
  • 15. At the time of this attack, the download was recognized by only 10 of the 41 anti-virus engines in Virustotal. During the same week that this attack occurred, one of the mobile malware malnets used 38 domain names and another used 14 domain names for a variety of sites that were involved in attacks. Among the sites were two Flash update sites, four pornography sites, a movie site, a couple of browser sites and several general “file” and “app” sites. The diversity of these concurrently running attacks shows that although mobile malware is in the early stages, it is clear it will continue to grow and become a problem for users as well as businesses that allow those users access to the corporate network. Figure 10: Malware Attack Offering Android Version of Skype Summary Mobile users represent a complex and growing constituency for organizations today. Those that can securely manage mobile devices can gain a competitive advantage by enabling their employees to be more productive. As businesses increasingly open their networks to mobile devices, cybercriminals will be knocking at the door. As we have seen in this report, they are already arming themselves for an attack. Extending an enterprise-class web security solution to include mobile devices is a good first step towards protecting your employees. By closing the mobile security gap and enabling access to corporate assets with appropriate policy controls, businesses can proactively protect themselves against this evolving mobile threat landscape while capitalizing on the innovation and productivity of a mobile workforce. 15
  • 16. Blue Coat Systems, Inc. • 1.866.30.BCOAT • +1.408.220.2200 Direct +1.408.220.2250 Fax • www.bluecoat.com Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter and BlueTouch are registered trademarks of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. v.BC-2013-MOBILE-MALNET-SECURITY-REPORT-V1D-0213