Last week, I was looking toward the future and the first tidbits of security-related predictions for 2014. Today, I’m going to look backwards a bit, to see what the security problems of the past few months have been.
Perhaps not surprisingly, the third quarter of 2013 was all about mobile malware. It was only a matter of time until the bad guys put out real effort to go after our mobile devices, and according to Kaspersky Lab, the malware developers went all out over the summer months, creating a whole new bag of tricks. In July, the security experts saw, for the first time, third-party botnets. According to the SecureList blog:
This is how the most sophisticated Android Trojan, known as Obad, was distributed – using mobile devices infected with Trojan-SMS.AndroidOS.Opfake.a. Upon receiving a command from the C&C server, Opfake began sending text messages to all of the victim’s contacts, inviting them to download a new MMS message. If a user who received the text followed the link provided in the message, this resulted in Backdoor.AndroidOS.Obad.a being automatically downloaded onto the device.
The third quarter also saw more vulnerability problems for Android, and in general a 20 percent increase in mobile malware problems since the second quarter. Yet, at the same time, the folks at Kaspersky Lab said they saw a decrease of overall attacks. That right there is a pretty good sign of how our technology use is trending more to the mobile space. The bad guys will go where the users are, and right now the users are on smartphones and tablets. And they are using them more often as BYOD grows within the workspace.
The third-quarter threat report is a clear sign that IT departments and those in charge of security policies need to step up BYOD protection efforts. In today’s world, employees are going to be more likely to suffer an attack or a breach via their mobile device as opposed to their desktop computer. The bad guys are specifically going after those devices, with full force, and pulling new tricks out of their hats. It is only a matter of time until someone sends me a prediction list that puts attacks on mobile devices as its number-one security threat for 2014 (and if I don’t get one that states that, I’ll be very surprised because that’s my prediction). We see how mobile attacks are trending, so the question is, is your company prepared for the attacks to get worse?