The top threat vector for mobile devices? Porn

As mobile devices become more deeply woven into the fabric of our personal and work lives, cyber criminals are taking increasingly vicious and disturbingly personal shots at us, according to Blue Coat Systems.

Mobile ransomware attacks lead the way as a top malware type in 2015, along with the stealthy insertion of spyware on devices that allows attackers to profile behavior and online habits. Key findings:

• Pornography returned as the number one threat vector after dropping to number two last year.
• The three top types of malware in this year’s report are Ransomware, Potentially Unwanted Software (PUS), and Information Leakage.
• The mobile threat landscape is becoming more active.

Porn isn’t just back on top – it’s bigger than ever – jumping from 16.55 percent in 2014 to over 36 percent this year. That is, when we see a mobile user’s traffic heading to a malicious site, 36 percent of the time that user is following a link from a porn site. To put this in some perspective: when porn led the pack in the 2013 report, it was with a market share of just 22.16 percent.

WebAds dropped from almost 20 percent last year to less than five percent this year. These include both malvertising attacks and sites that host Trojan horse apps designed to appeal to porn site visitors. Blue Coat has also tracked and defined suspicious WebAd networks that are heavily involved in malware, scams, Potentially Unwanted Software (PUS), and other shady activities.

The world of mobile ransomware has grown over the past year. While some varieties that run on Android devices cause little damage beyond convincing victims to pay the cyber hostage-taker, many have adopted more sophisticated approaches common to ransomware in the Windows environment.

With the increased performance capabilities of modern smartphones, it was only a matter of time before more advanced cryptographic ransomware, such as SimpleLocker, started showing up on mobile devices. These threats render music files, photographs, videos, and other document types unreadable – while typically demanding an untraceable form of payment such as Bitcoin – and employing a strict time limit for payment before the files become permanently inaccessible to the owner.

Blue Coat researchers have seen a major shift in the volume of potentially unwanted software in the traditional malware space – and this is also true of the mobile space – as the number of junk mobile apps hosted on sites the researchers classify in this category has been rising steadily. This type of mobile app, notable for its dubious utility, frequently finds its way onto a mobile device through the use of deceptive advertising, or other social engineering attacks designed to deceive the victim into installing the unwanted program.

Most people are unaware that apps on their mobile device may be watching them – and reporting out – on a 24x7x365 basis. This information leakage is usually a minor drip, showing the version of their phone’s operating system, the manufacturer, the specific app or browser being used, and similar information. Complicating matters is the fact that there are typically no included system tools available for users to see or know what data is going out of their devices. Whether on an Android or iOS device, leaky data is often openly revealed in the “User Agent” string.

The future of mobile security

With no signs of slowing down, the market for mobile devices is booming. Anticipating that millions more of these devices will hit the street in the coming years, Blue Coat makes the following observations and predictions about the future of this trend.

• Mobile payment systems – Mobile payment systems are set to grow, and services including contactless payment methods will incorporate additional security features, such as biometrics or two-factor authentication.
• Support for traditional PC and mobile platforms – There are already too many mobile devices vulnerable to a host of threats in use. These devices will almost certainly not receive needed OS updates, and that will drive a market in security solutions that can support both traditional PC and mobile platforms.
• OTA updates to vulnerable devices – Mobile carriers and handset makers are already working on plans to fast-track critical OTA updates to vulnerable devices, but the work is slow and it may be some time before this segment of the mobile market matures.