Malware is infiltrating mobile devices at an increasing rate, often bringing user productivity to a halt and opening businesses and individuals up to a potentially costly and devastating risk for breach.
According to Kaspersky Lab, the volume of malware targeting users of mobile devices more than tripled in 2015 compared to 2014. With the number of smartphone users set to surpass two billion this year according eMarketer estimates, malware transmitted through URLs and mobile apps will only continue to grow in frequency and sophistication.
But not all users are created equally when it comes to mobile threats. According to Allot’s recent research, a user’s risk of coming in contact with mobile malware is becoming increasingly dependent on the online behavior itself. Risk level can be determined by a number of factors such as age, gender and more – so it’s not just the app or URL, it’s how you use it that really matters.
For communications service providers, understanding subscriber behavior based on user profiles is a critical step in providing new value-added, network-based security services that can help keep customers safe and secure, no matter what content they choose to access, how and when.
Are we all really at risk?
Our lives have become inseparable from our devices and mobile apps. From chatting on WhatsApp to saving pictures in the cloud, streaming music and conducting mobile banking transactions on the go, our phones are at the center of our digital existence to the point where they have become synonymous with our personal identities.
These types of mobile interactions however, are natural vehicles for spreading mobile malware and are prime targets for hacker activity. For example, Allot found that one in every 30 mobile browsing transactions and one in every seven mobile app sessions were potentially harmful to users. Furthermore, about 5.9 percent of mobile subscribers come in contact with at least one risky website each and every day.
Why is some mobile activity riskier than others?
Oftentimes without even knowing, mobile users click malicious links, forward infected content and download harmful files because it comes from a seemingly trusted source. Malware developers are all too good at exploiting this natural social behavior, which is why roughly 36 percent of social networking and e-commerce apps are potentially risky, while up to 10 percent of media sharing and instant messaging apps come with an associated risk. Not only are users putting themselves and their private data at risk, they are often putting their online contacts in harm’s way based on how they interact with their mobile apps.
Not surprisingly, money-related activity both attracts security threats and is the core motivation for many hackers. While social behavior was risky in terms of apps, risk is highest around monetary transactions when it comes to mobile browsing. For example, Allot data found that about 77 percent of gambling websites, 27 percent of e-commerce URLs and 7.3 percent of finance-related sites pose a risk to mobile users. Additionally, while most e-commerce websites use encryption to assure user privacy, the fact that a website is encrypted does not mean it can’t include malware; on the contrary, this can hide the malware in transit, increasing the chances of infecting the users. In fact, hackers are adding encryption to infected websites to better avoid detection.
Risk increases as usage increases
Many mobile users fall into the trap of feeling a false sense of security when it comes to enjoying digitally connected lives. Many users believe that they are using “safe” apps and URLs and are therefore impenetrable to mobile malware risks. However, just because an app has been downloaded in a secure environment, does not mean app use is secure moving forward once it’s being used in the real world.
A benign application that shares files could be used to introduce an infected file, an obvious example being email. Another case of spreading malware through file sharing comes in the form of P2P file sharing, as downloading movies, books, music, and games can put users at great risk.
Further illustrating this fact, Allot’s data found that as online activity increases – no matter the application being used or website being accessed – so does the potential for malware infection. As a user opens an increasing number of secure apps, the number of insecure, risky apps increases as a result. How does this happen? Legitimate looking advertisements and links are often used to divert users away from a secure URL or app and to a potentially risky one.
However, there are best practices that mobile users can follow to remain safe: keeping smartphone software up-to-date by enabling the automatic updates function, and restricting the installation of apps from alternative sources to Google Play or the Apple Store, can help to decrease the chances of malware infection.
Demographics make a difference
The data shows us that while there are a number of factors at play between apps and browsing, some users always tend to be more vulnerable than others. When broken down by user demographic, business users and the “digitally hooked” (those with intense network usage) are far more susceptible to malware infection than other user groups, visiting roughly 7.7 and 7.3 risky apps and/or URLs, respectively, on a daily basis. Millennials are also at a great risk, with over 12 percent of users in this age demographic coming in contact with risky websites each and every day, the majority of which are social networking sites and applications.
When it comes to the workplace, roughly 6.9 percent of business users come in contact with potentially risky sites – whether it be video streaming, travel sites or mobile hotspots – every day, leaving themselves and their companies exposed to mobile malware that can infect an entire organizations and potentially disrupt business operations. Unlike desktop computers and company-purchased technologies that can be closely managed and monitored by IT, personal devices brought into an enterprise have the potential to wreak havoc when not properly managed on the corporate network.
Where does this leave us?
If you fit the profile of one of the mentioned users, awareness of how your behavior might put you more at risk is key to avoiding mobile malware threats. User education is a fundamental component to any consumer or business security plan, and the more users know about potential risk profiles, the more they can positively modify behaviors.
However, regardless of the amount of education provided to users, mobile malware threats will continue to evolve and persist. While some mobile operators provide security measures to protect users, many unfortunately do not. And oftentimes, those that do, simply resell client software that is only available for certain devices.
Because of this gap, mobile operators are uniquely positioned to proactively offer value-added security services designed protect users at risk. A network-based security approach that allows users to enjoy their mobile lifestyles uninterrupted by device downloads and software upgrades is not only more effective, but it’s also easier to maintain ongoing for subscribers that simply want to enjoy a seamless and safe mobile experience.
Yaniv Sulkes is Allot’s Director of Product Management in the Americas. Sulkes previously managed a large-scale telecoms engineering project and served in different software engineering capacities. His areas of expertise include OTT video, big data analytics, application based charging, mobile security, operator’s OTT strategies, subscriber QoE, net neutrality, SDN and NFV.