IT departments trying to deliver enterprise mobility to their workers will have more to worry about in 2011, which a cyber security expert is calling the year of mobile malware.
The introduction of tablet computers, such as the Apple iPad, HP Slate, and smart phones, including Android-based devices, will create a perfect playground for cyber thieves looking to exploit the illicit profit potential of enterprise mobility, M86 Security Labs said in a recent report. These e-criminals are exploiting the very same cloud-computing infrastructure that is helping manufacturers become more efficient.
Prepare yourself for the new trend of malware-as-a-service.
According to M86 Security Labs, teams of cyber crime partners are creating an ecosystem of data-stealing Trojans and delivering them to users with bad intentions via one-stop-shop cyber crime platforms.
For example, the sites behind the NeoSploit, an Internet toolkit designed to compromise the data of Website visitors, and the Phoenix exploit kit, another form of crime ware, now offer different malware services to their customers, ostensibly saving them the trouble of finding malware to load into the exploit kit. In other words: malware made easy.
M86 does not anticipate a decline in the usage of exploit kits, but predicts there more consolidated service offerings for cybercriminals, instead of just application offerings.
M86 Security Labs is already seeing activity in this area, with attacks aimed at the mobile banking industry. But that does not mean that you, Mr. Manufacturer, are safe.
Remember Stuxnet?
According to the M86 report, titled “Threat Predictions 2011,” Stuxnet, which was intended to sabotage certain industrial systems, included two legitimate, digitally signed certificates. That means the operating systems that are designed to check the validity of a signature and issue alerts or deny access can be outsmarted by this type of malware. This basically opens the door to the plant floor and allows the bad guys in.
“We expect this trend to increase in the coming year as cybercriminals continue to experiment with different ways to avoid detection and lower victims’ suspicion levels,” the report said.
These cyber thieves will also target users where they are least protected, on mobile platforms, the M86 report said. The report cited the recent discovery of a new variant of Zeus malware targeting users of Nokia phones running the Symbian OS.
The report offered a thorough review of the issues involved in enterprise mobility security, but I was a bit disappointed to find that it held no tips or best practices to help companies outfox the cyber sneaks. I suppose just knowing the threat exists is important. Now, it’s back on your shoulders, Mr. Manufacturer. Perhaps now is the time to hire a mobile security expert.
