While the escalating sales of mobile devices denote an incline in the mobile threat landscape, the majority of mobile malware attacks are neither ingenious nor threatening.
Rather, as South Africans, the most likely attack scenario mobile users face is that of device theft. This is according to mobile security expert Tyrone Erasmus, security consultant at MWR InfoSecurity, who points out that the majority of cyber criminals are by no means highly skilled.
This comes in response to Web security firm Blue Coat Systems' recent 2013 Mobile Security Report, which outlines the behaviours and consequent vulnerabilities of mobile users who use their devices on corporate networks.
"[In light of the local theft threat] the most important protective measure against someone gaining access to company data in SA is to make use of full device encryption with a strong password and the ability to remotely wipe the device," says Erasmus.
Simple lure
In terms of mobile tactics, Justin Lee, country manager at Blue Coat SA, confirms that most mobile threats are still largely 'mischiefware' and have not actually broken the device's security model.
Likewise, Erasmus says the large majority of malware "is not doing anything particularly clever. [It is] tricking the users. Most attacks you see by cyber criminals are relatively low-skilled and device-agnostic."
He says a well-known fact in the security community is that social engineering is still effective. "A company-branded phishing site that contains the promise of winning an iPad or money can easily get people to type their credentials in."
Lee says these are the most successful mobile malware attacks - and are "classics" that dominated the threat landscape when malware first moved to the Web.
The Blue Coat report points out it is often the behaviour of mobile users that leaves them vulnerable to data loss, malicious applications, fraud and other mobile threats.
Slow sophistication
Erasmus notes that, the more mobile devices there are "out there", the more viable it becomes for attackers to spend time and money finding ways to exploit these devices.
"Some of the well-known exploit kits are already including mobile-specific exploits. New exploit mitigations on mobile platforms are making it increasingly more difficult to perform drive-by attacks on these devices and so the platforms are becoming harder to target."
However, Erasmus says at the end of the day social engineering will always work, "no matter how hardened the platform is".
He says, while a targeted attack from a competent attacker will almost always result in compromise, "luckily the majority of cyber criminals are not considered highly skilled".
Share