Derek Manky. Image supplied
Fortinet’s FortiGuard Labs has reported a 30 per cent increase in mobile malware in the last six months, with 1,300 samples per day. Derek Manky, the company’s global security strategist, spoke to HumanIPO about the rising problem.
The team at FortiGuard discovered attackers are taking advantage of old vulnerabilities, despite patches. The platforms mostly being targeted are Ruby on Rails, Java, Acrobat and Apache.
Manky confirmed the 30 per cent increase in mobile malware is global.
HumanIPO: Please describe the 1,300 new samples and do they refer to individual viruses or malware programs and applications?
Manky: [They are] not individual virus families, but different versions of the virus strains mixed in.
For example, it could be the same virus under various application guises. Mostly the latter – mobile malware is not yet fully polymorphic where a single .APK file can change form every 30 seconds as PC based malware does.
Once mobile malware becomes polymorphic (changing form to evade detection), we will see that figure of 1,300 per day jump quite dramatically.
In terms of Bring Your Own Device (BYOD), a lenient policy is a disadvantage due to the threat of mobile malware infecting the users’ devices and the business network. What advice can you offer to intensify BYOD control and limit malware penetration?
Control of both the endpoint and your gateway. Your gateway security should be able to understand what type of device is connecting to the network. What that means in terms of security context (should it be allowed?) and more importantly, what is the behaviour of that device.
BYOD allows devices that could be infected from outside the network to be allowed inside.
Proper profiling, segmentation of these devices that connect via Wi-Fi to the network is key. Egress traffic monitoring for botnet C&C (command and control) traffic is also key.
Scanning for malicious applications (AV), using web-filtering and intrusion prevention are all valid technologies that can be applied to mobile devices within your network.
This limits malware penetration, while application control or egress monitoring limits an infected mobile device introduced into the network from infecting further or leaking intellectual property.
Please describe “ransomware” as mentioned in a FortiGuard statement, and how it operates?
Ransomware is a new flavour of malware that cybercriminals are using for monetisation.
Popular forms include locking out access to applications and data, claiming that the system is infected where in fact it is being held hostage. Once the user pays the ‘cleaning’ fee, system access may or may not be restored.
Other forms completely render a computer useless so that they cannot even boot into their operating system, or encrypting an entire hard disk holding all of its information hostage until a fee is paid for a key to unlock this.
There are many forms and social engineering ploys, from fake antivirus software to screen saver locks.
This type of threat is now beginning to float over to mobile platforms. Be on the lookout for mobile ransomware that locks out access to say, Facebook until users pay a fee of US$50 or less to ‘clean’ their phone.