Malware has gone mobile.
Android became the second most targeted operating system in 2015, accounting for 18 percent of attacks, Hewlett Packard Enterprise’s new Cyber Risk Report found.
The platform was second only to Microsoft Windows, which fielded 42 percent of attacks, and just ahead of Oracle Java and Microsoft Office, which were targeted by 12 percent and 11 percent of attacks respectively.
But Android took home more than one silver medal in the report.
According to HPE’s findings, Android was also second in the number of malware samples discovered in 2015. With a total of nearly 4.5 million, threats against Android last year accounted for three percent of total malware samples discovered during the year. Windows again remained the platform for malware, accounting for 94 percent of samples discovered.
While Android’s figures still lag significantly behind those of Windows, HPE noted that the number of threats targeting Android devices represented a massive 153 percent increase year over year.
“We’re clearly seeing a shift toward the mobile side away from the computing side,” said Jewel Timpe, Senior Manager of HPE Security Research Communications. “I like to say attackers are lazy, they’re going to go after the know that works rather than creating a new way in. But when they do go after the new or when what they don’t know doesn’t work and they have to find new ways in, they’ll go after what looks the most vulnerable. The more and more we expand the landscape and it allows us to collaborate digitally globally, the more they’re going to shift to try to find new ways in.”
The report found the most common forms of Android malware included agents and SMS agents designed to install additional unwanted components, send or steal SMS messages or steal confidential information. More than 10,000 new Android threats are discovered daily, the report found.
But Android wasn’t the only mobile OS to see its malware threat level increase.
According to the report, the number of Apple-targeted threats jumped a whopping 235 percent, to 70,000. While this number may seem small by comparison, the report said such a large increase in the number of threats is notable.
“Although the total number of iOS malicious apps is very low compared to all other popular malware platforms, the growth of 235% indicates that it should be a closely watched area in 2016,” the report said.
The HPE report also found that 2015 was the first year in which malicious apps managed to penetrate Apple’s App Store through an attacker’s modification of Apple’s Xcode. The information-stealing malicious code, known as XcodeGhost, was incorporated into more than 4,000 apps brought to the App Store by legitimate developers.
Timpe said there are a number of reasons for the increase in mobile malware – including the increase footprint of Android and other mobile devices – but said a lack of security knowledge among app developers is likely a contributing factor.
“What we found was 75 percent of the mobile applications in general that we scanned in our research had a high, very severe vulnerability,” Timpe said. “Android and Apple have security features that can be integrated into apps but a lot of those security features may not be well understood by those developing apps.”