Mobile Devices Continue to Attract Cyber-Scamsters

Sunday, April 17, 2011

Rahul Neel Mani


Harvinder S Rajwant, Vice President, Borderless Networks – Security, Cisco Systems talks to Varun Aggarwal about the increasing threats on the mobile platform, fired up by 3G.

Q: What trends do you see in the way various cyber-threats are emerging?

A: While it’s only beginning to percolate, a trend is clearly emerging—Cyber criminals are looking for new opportunities outside of the PC environment. They are investing more resources toward developing exploits that specifically target users of mobile devices.

Taking advantage of the rapidly multiplying number of mobile users worldwide makes business sense. Less developed nations are particularly ripe for opportunity:

Due to vulnerability exploits in various Windows PC operating systems, Microsoft has improved security in Windows 7 and taken a more aggressive approach to patching vulnerabilities.

This makes it tougher for scammers to infiltrate Windows 7 effectively; having reached the Windows vulnerability ‘tipping point,’ they have moved on to other operating systems, applications, software services, and devices such as smartphones, iPads, and iPods.

Apple and its products, including iPhones, iPads, and the iTunes media service, have all experienced an increase in exploits.  Just as important in driving this trend is the embrace of mobile devices and applications by consumers and enterprises.

The worldwide adoption of mobile devices presents even more opportunities for intrusions and theft. While security researchers have identified many focused scams that target mobile devices, a widespread incident is almost certainly on its way.

To date, scams have targeted select groups of mobile users, such as customers of a specific bank. The massive and relatively new market for mobile applications also offers new markets for criminals.

Researchers have detected exploits in which wallpaper apps for Android Market, the app store for the Android mobile operating system, have been collecting mobile subscriber information and sending it to a website owned by a scamster.

According to market research firm IDC, the number of mobile devices, from smartphones to tablet PCs, accessing the Internet will surpass 1 billion by 2013, creating more opportunities for cybercrime.

In the Indian market, with the advent of 3G, as mobile data traffic increases it will lead to increased threats in the mobile space. According to the Cisco Visual Net-working Index (VNI) Global Mobile Data Traffic Forecast for 2010 to 2015, in India, mobile data traffic will grow 114-fold from 2010 to 2015.

Q: What impact do you see with the increased focus on Java as an attack vector by various malware writers?

A: Cybercriminals aim their campaigns at software programs, devices, and operating systems where they can reach the widest net of potential victims. This is demonstrated by the noticeable increase in exploits involving the Java programming language, and the ongoing use of PDF documents to launch exploits.

At this point, Java appears to be the greater threat. The flaws in Java have made it a promising target for criminals.

When it comes to PDFs, organizations rely heavily on these documents to conduct business, so the idea of limiting their use within corporate networks is seen as impossible. Yet Adobe Reader and Acrobat continue to be strong threat vectors online.

It’s the rare business or personal computer that doesn’t have the Adobe Reader software for viewing PDFs, and computer users continue to place an undue amount of trust in these documents. With people increasingly accessing official documents on smartphones, it poses a huge threat in the mobile space.

New on the horizon are exploits delivered via social networking that can infiltrate multiple platforms.

The massively successful banking Trojan, Zeus — which, according to the U.S. Federal Bureau of Investigation (FBI), has played a key role in the theft of more than $70 million from 400 U.S. organizations over the past several years — is already being adapted for the mobile platform.

It appears the mobile malware, which users download after falling prey to a social engineering ploy, is designed to defeat the SMS-based two-factor authentication most banks use to confirm online funds transfers by customers.

Cisco security experts anticipate that the real focus of cybercriminal investment for 2011, however, will be on improving the success and expanding the number of cashout services (‘money-muling’ operations). These operations are a vital component of the cybercrime lifecycle and are becoming more elaborate and international in scope.

‘Money Mules’ are individuals who help launder money by accepting and transferring funds earned in online scams. Money mules are sometimes criminals; more often, however, they are people in need of money who are tempted into this activity by ‘work-at-home’ spam.

Regardless of whether they are willing participants or unsuspecting victims, money mules are integral to enabling criminals to profit from their campaigns. Users can limit these operations by not becoming unwitting accomplices.

Since people are the weak point in forming a defense against socially engineered scams, user education must be ongoing and effective. However, in spite of many organizations’ best efforts to teach workers to exercise caution when responding to emails or social network messages, social engineering continues to be a highly successful method for cybercriminals.

Q: How would 3G change the mobile threat landscape?

A: Third-generation (3G) mobile networks are opening the way for access to an ever expanding array of high-bandwidth applications and data services to mobile subscribers. The ability to use applications such as Skype, which within a year have been downloaded more than 17 million times, on a mobile network may change all provisioning assumption used in its design.

“Always-on” connections, as made possible by mobile data access networks such as General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), wireless LAN (WLAN), and 3G, expose subscribers to a growing number of malicious threats such as the upcoming mobile viruses or even traditional broad-band viruses and worms, degrading the overall user experience.

High-end cell phones are getting infected with the deadly viruses such as the Cabir virus, causing untold damage, deleting all stored information. This is the first cell phone virus, which originated in Philip-pines and has already infected many high-end cell phones.

Another virus, Cardtrap-A, targets Series 60 Symbian devices and spreads via Bluetooth or if it is downloaded and executed on the phone from the web. After infecting the phone, Cardtrap-A copies two Windows worms (Padobot-Z and Rays) to the memory card of the phone in an attempt to get onto other devices.

Q: What should organizations do to mitigate these new threats?

A: Since social networking is one of the main causes for security breaches, it is important for organizations to adopt strict policies around this. It is important to have tighter controls on how workers use social networks such as Facebook.

Security solutions that allow businesses to fine-tune how individuals navigate around a social networking site, and what information  they can post and share, already are in the market.

For corporations today, products are driven by the ‘User Experience’ which is driven by the latest tools and applications that are part of their social networking. Corporate IT is now forced to not only give access to these sites but also ensure security without compromising the ‘User Experience.’

So corporate IT policy has to keep track of all the ‘SMART’ devices  getting connected to the corporate network, identify their context and profile and dynamically enforce policies based on the service requirement identified by each business demand.

This policy not only should cover the end devices or for that matter any SMART entity getting connected to the network, but also the network itself, which should be intelligent enough to adopt itself to the changing demands and should cover the underlined network services and selectively give access to the resources such as application servers and back-end database servers.

Q: What role can service providers play in securing the mobile device? How viable is it to do this in India at the moment?

A: The opportunity provided by data services has prompted mobile operators around the world to launch new architectures, marketing campaigns, and service strategies to gain market share and revenue.

With the adoption of IP-based service models, and with the introduction of ‘true’ high-speed mobile access, operators are facing an increasing number of new challenges  that threaten the success of their initiatives by turning their data networks into generic access pipelines with little service differentiation.

Moreover, as service offerings mature and are supported by higher access bandwidth, subscriber quality expectations increase tremendously.

As operators capitalize on IP networks, they need to create higher-margin, higher-revenue premium services such as video streaming, push-to-talk, or interactive gaming. Mobile operators are looking for profitable ways to deliver such value-added, bundled, or personalized IP services to greater numbers of subscribers.

Critical to the current strategy is the ability to  understand at a granular level how subscribers are using the network, identify what applications or services are being consumed, and then intelligently apply network resources to applications and subscribers that promise the highest return on investment.

Operators need to manage and control subscriber traffic. This can be accomplished by implementing service control technology, which enhances the transport network with application and subscriber awareness. Service control allows the network to identify, classify, and guarantee performance for services based on unique application content and subscriber criteria.

Service control reinforces the new paradigm in which mobile service providers can define and enforce the policies for application traffic management on their network. In this way, operators can optimize network performance, overcome QoS constraints, ensure that infrastructure is used for maximum return on investment and secure their network from malicious traffic.

Mobile service providers will play a major role in securing the Mobile device connectivity as they are in the best position to reach and service this vast population with disparate end devices which converge at their network layer.

In fact we have partnered with most of the large service providers today who are offering securing email services and secure web browsing services and secure corporate connectivity services for their broadband and enterprise users who have availed their bandwidth connectivity services and it is a matured market with stable technology.

Cross-posted from CTO Forum

Possibly Related Articles:
PDAs/Smart Phones
scams malware Mobile Devices Cyber Crime Smart Phone 3G
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.