By Charles Leaver

Holiday season malware shows need for cross-platform endpoint security

With a high volume of online shoppers, the holiday shopping season inevitably attracts the attention of cybercriminals, creating heightened network security risks for individuals and businesses. Targeted parties can learn from the season’s unusual threat environment and ultimately mitigate danger with endpoint security and control measures. Locking down devices and networks need not be a seasonal solution and can instead become the foundation for better cybersecurity for the whole year.

Financial malware on the rise during holiday season
A cybersecurity vendor recently observed the seasonal rise of mobile apps and malware that steal financial information. Trend Micro’s “Q3 2013 Security Roundup Report” found that even iOS, once a safe haven against threats, has come into the crosshairs of cybercriminals trying to steal sensitive data via Trojans and hijacked mobile banking solutions.

From June to August 2013, approximately 5,800 iOS phishing sites were identified. During that time, nearly 50 million iOS devices were sold, indicating the considerable scope of these phishing efforts. While platforms such as Android have traditionally been associated with the lion’s share of mobile endpoint security issues, the uptick in iOS campaigns demonstrates a greater need than ever for cross-platform security solutions, such as the ones provided by Ziften, that can address complex, varied device fleets.

Overall, there were more than 200,000 mobile banking and malware infections in the third quarter. Malware strains ZeuS and ZBOT have caused more than 200,000 infections each, bringing Trojan incidents to levels not seen since 2002. Many of these Trojans use spam email as a delivery vehicle, directing users to imposter sites that collect inputted financial data and relay it to cybercriminals.

“As consumers gravitate to the convenience of online banking, criminals are developing tools at an exceedingly rapid pace to exploit a general lack of awareness,” stated Trend Micro vice president of technology and solutions J.D. Sherry. “In addition, Apple has been traditionally perceived as a safe-haven against threats, but our findings reveal that personal information can be jeopardized as phishing scams that target the platform continue to gain momentum.”

Mobile devices increasingly the cause of data leakage
The Trend Micro report indicated that the number of mobile-specific phishing sites was rising, underscoring the importance of endpoint management technology that can identify advanced threats as they occur. The study found that these mobile-based sites grew 53 percent year-over-year.

More than 40 percent of these phishing portals were targeted at financial institutions, and many contained sophisticated features for stealing data. Examples include:

  • More than 95 percent could access data stored on the device’s SD card
  • Ninety-two percent could read messages
  • Nearly half could view contact lists
  • Eighty-six percent could disseminate predefined spam messages
  • Some malware could also track device location

Malware capable of abusing premium messaging services accounted for more than half of the mobile threats identified by the report in this quarter. This category was followed by adware, data stealers and malicious controllers.

Going forward, mobile devices are unlikely to lose steam, raising the stakes for sounder endpoint security measures that expose threats before it’s too late. ComScore recently estimated that mobile commerce spending from tablets and smartphones increased by nearly $6 billion during the third quarter, up 26 percent year-over-year. At the same time, the number of mobile malware threats grew by more than one-quarter.

Many of the 1,400 respondents to a survey from Dimensional Research and OnePoll actually reported that they felt safer shopping on a PC than a mobile device, and nearly two-thirds stated that they had no security software on their smartphones. As enterprises adjust to the new endpoint landscape, they will need monitoring solutions that can identify threats on many different platforms. The heightened risks of the holiday season may provide the impetus for beefing up security across the board.

Get the Blog Here