Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

11/17/2017
11:20 AM
50%
50%

Mobile Malware Incidents Hit 100% of Businesses

Attempted malware infections against BYOD and corporate mobile devices are expected to continue to grow, new data shows.

Every business with BYOD and corporate mobile device users across the globe has been exposed to mobile malware, with an average of 54 attempts per company played out within a 12-month period, according to a Check Point report released today.

The study, based on data collected from Check Point SandBlast Mobile deployments at 850 organizations, is the latest sign of growth in mobile malware incidents.

"100% of businesses [facing an attempted attack] was not surprising because the statistics from a year or two ago started to show it was going this way," says Michael Shaulov, head of Check Point's product management for mobile and cloud security. "But the average of 54 [attempts] was surprising. I was expecting two, three, or four."

The report also notes that 94% of security professionals anticipate actual mobile malware attacks to continue to increase, with nearly 66% doubting they can prevent them. 

"We've seen a steady parade of malware specimens over the last several years," says James Plouffe, lead solutions architect at MobileIron. He notes although the 100% mobile malware figure seems high at first blush, it is important to distinguish between organizations that have been exposed to malware versus actually getting infected.

Patrick Hevesi, a Gartner analyst, anticipates a continued rise in mobile malware incidents and breaches. "There are billions of mobile devices for the attackers to try and gain access and some form of monetary gain," he says. "I feel as more and more people continue to make phones and tablets their primary device, the attacks will continue to grow."

Attack Drivers

Most of the malware that BYOD and corporate devices encounter comes from apps at third-party stores, Shaulov says.

Other forms of malicious activity against these devices are also taking place with great frequency. The report reveals 89% of organizations experience a least one man-in-the-middle incident stemming from users connecting to a risky WiFi network. "Attackers are trying to get access to the data transmitted, rather than inject malware," Shaulov says.

Phil Hochmuth, an IDC analyst, says BYOD devices are usually more susceptible to attack than corporate devices because they are not managed by such security measures as an enterprise mobility management platform or mobile threat management platform. These platforms can restrict some of the more liberal permissions and user settings on BYOD devices, he adds.

"We've seen mobile threats become more elaborate and go beyond malware or bad apps," says Hochmuth. "They use a mix of network-based attacks, like spoofed WiFi, or malicious management profiles to steal data. Attacks on the core mobile OS kernel, iOS and Android, are also becoming more sophisticated."

Mobile malware, for example, is also showing up pre-installed on some of the smartphone brands or embedded in apps in app stores like Google Play and Apple's App Store.

And while the report notes 75% of organizations average 35 rooted or jailbroken devices on their networks, Shaulov does not attribute that to the high percentage of companies exposed to malware. "People with jailbroken or rooted devices are power users and these are the guys who know what they are doing and are less susceptible to attacks," he says.

By industry, the Check Point report shows that financial services industry encountered the most mobile malware incidents, 39%, followed by government, 26%.

 [Source: Check Point]

Financial services devices also took the brunt of the various mobile malware types that surfaced, according to the report. Their devices accounted for:

  • 44% of all detected remote access Trojans (mRATs)
  • 40% of rough ad networks that run in the background and click on ads
  • 32% of information stealers

But when it comes to premium dialers, government-issued phones and government employees' BYOD devices were exposed to 43% of this type of malware. "Many of these premium dialers are related to phishing attacks and government employees, in particular, were more susceptible to phishing attacks," Shaulov says.

Related Content:

 

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
onlineit1
50%
50%
onlineit1,
User Rank: Apprentice
10/16/2019 | 7:42:05 AM
Power BI latest updates
Microsoft Power BI is the trending BI tool in the IT market. The demand for this product has increased day-to-day. Microsoft has released the Power BI latest updates to attract more and more customers in the IT market. Recently, it has released some updates in July. But they did not stop there. So now, they have released the new updates. And today, in this article, I would share the Power BI latest updates.

Today organizations were very curious to drive the business decisions. Moreover, today enterprises need an enterprise business platform to meet sophisticated needs. And These needs range from self-service of power BI to full-enterprise governance.  Additionally,  from paginated reports to full interactive data exploration. And finally from small data-sets to petabytes of data.

Power BI latest updates :

In July, power BI laid the road-map. This helps organizations to modify the modern and traditional Power bi platform. This empowers the business analyst by expanding the self-data preparation. Moreover, Through this, we can analyze the big data.  Since then, they have shipped the number of capabilities that deliver on this road-map. Additionally premium, multi Geo allows customers to address the data residency requirements. Moreover, with trillions of rows of data, aggregations enable the data analysis over the petabytes data sets. Moreover, Power BI home landing  and dashboard commenting make it easier to get the most important content and collaborate across the  enterprises
mounikakits
50%
50%
mounikakits,
User Rank: Apprentice
10/13/2019 | 2:59:00 AM
best online training
Thank you for the information.
https://www.kitsonlinetrainings.com/application-packaging-online-training.html
https://www.kitsonlinetrainings.com/business-analysis-online-course.html
https://www.kitsonlinetrainings.com/cognos-online-training.html
https://www.kitsonlinetrainings.com/data-modeling-online-training.html

 
<a href="https://www.kitsonlinetrainings.com"> training</a><br>
<a href="https://www.kitsonlinetrainings.com/abinitio-online-training.html">abinitio training</a><br> 
<a href="https://www.kitsonlinetrainings.com/active-directory-online-training.html">active directory training</a><br>
<a href="https://www.kitsonlinetrainings.com/aws-online-training.html">aws training</a><br>
<a href="https://www.kitsonlinetrainings.com/amazon-web-server-online-training.html">amazon web server training</a><br>
<a href="https://www.kitsonlinetrainings.com/android-online-training.html">android training</a><br>
<a href="https://www.kitsonlinetrainings.com/angular-js-online-training.html">angular js training</a><br>
<a href="https://www.kitsonlinetrainings.com/appium-online-training.html">appium training</a><br>
<a href="https://www.kitsonlinetrainings.com/application-packaging-online-training.html">application packaging training</a><br>
<a href="https://www.kitsonlinetrainings.com/business-analysis-online-course.html">business analysis online course</a><br>
mounikakits
50%
50%
mounikakits,
User Rank: Apprentice
10/12/2019 | 3:00:06 AM
best online training
Thank you for the information.
https://www.kitsonlinetrainings.com/android-online-training.html
https://www.kitsonlinetrainings.com/angular-js-online-training.html
mounikakits
50%
50%
mounikakits,
User Rank: Apprentice
2/8/2019 | 12:59:22 AM
best online trainings

Your blog is really nice and informative. Thanks for sharing this post. Keep posting..
h
mounikakits
50%
50%
mounikakits,
User Rank: Apprentice
2/8/2019 | 12:57:40 AM
best online trainings

Thank you for your blog.Really looking forward to read more.
 
PaulChau
50%
50%
PaulChau,
User Rank: Apprentice
8/14/2018 | 3:23:42 AM
Re: Healthcare attacks
Every device becomes vulnerable as long as it is connected to the internet. Anything can be done when it comes to malware unless we install an anti-spam software. Nevertheless, the developers of malwares are very smart when it comes to attacking tech gadgets. They would know how to work their way around and could even get past anti-spam and anti-virus softwares. This is rather worrying but as long as we install expensive and trusted softwares, we can rest at ease.
elenakretova
50%
50%
elenakretova,
User Rank: Apprentice
11/24/2017 | 2:02:07 AM
Re: Healthcare attacks
Thanks for sharing the information on Mobile Malware Incidents hit 100% of businesses
DonHarper
50%
50%
DonHarper,
User Rank: Apprentice
11/23/2017 | 4:42:46 PM
Re: Healthcare attacks
I'd really like to have an answer too !
alexporubay
50%
50%
alexporubay,
User Rank: Apprentice
11/23/2017 | 6:33:25 AM
Re: Healthcare attacks
nice one!
JackDilon
50%
50%
JackDilon,
User Rank: Apprentice
11/21/2017 | 5:59:26 PM
Re: Healthcare attacks
Read about this too. Can't remember where !
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19740
PUBLISHED: 2019-12-12
Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
CVE-2019-19746
PUBLISHED: 2019-12-12
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
CVE-2019-19748
PUBLISHED: 2019-12-12
The Work Time Calendar app before 4.7.1 for Jira allows XSS.
CVE-2017-18640
PUBLISHED: 2019-12-12
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVE-2019-19726
PUBLISHED: 2019-12-12
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from th...