With billions of smartphones and potentially many billions of Internet-connected devices of all kinds, the focus of Internet security is shifting from the desktop and the data center to the home, the pocket, the purse, and, ultimately, the infrastructure of the Internet itself.
According to the Symantec Internet Security Threat Report Volume 20 for the 2014 year;
Email remains a significant attack vector for cybercriminals, but there is a clear movement toward social media platforms. In 2014, Symantec observed that 70 percent of social media scams were manually shared. These scams spread rapidly and are lucrative for cybercriminals because people are more likely to click something posted by a friend. Mobile was also ripe for attack, as many people only associate cyber threats with their PCs and neglect even basic security precautions on their smartphones. In 2014, Symantec found that 17 percent of all Android apps (nearly one million total) were actually malware in disguise.
2013 was the year of mega breaches – over 552 million identities were exposed, 23 zero-day vulnerabilities discovered, one in eight web sites had a critical vulnerability, a 62% increase in number of breaches and a 91% increase in targeted attacks.
2014 will be memorable as the year ransomware increased by 113%, new levels of maliciousness, and increased sophistication as cybercriminals employed faster, highly targeted attacks on business.
There’s a very good summary of the report on ITWire here. ITWire states that the report covers six main areas:
- Mobile Devices and Internet of Things
- Web Threats
- Social Media and Scams
- Targeted attacks
- Data breaches and privacy
- E-crime and malware
Today many apps contain malware. As of 2014, Symantec has identified more than 1 million apps that are classified as malware. This includes 46 new families of Android malware in 2014. In addition, there are perhaps as many as 2.3 million “grayware” apps that, while not technically malware, display undesirable behavior, such as bombarding the user with advertising.
Symantec expects the growth in mobile malware to continue in 2015, becoming more aggressive in targeting a user’s money. Already 51 percent of U.S. adults bank online and 35 percent use mobile phones to do so. This creates an incentive for malware writers to target phones to capture bank details.5
Today, Android malware can intercept text messages with authentication codes from your bank and forward them to attackers. Fake versions of legitimate banks’ mobile applications also exist, hoping to trick users into giving up account details.
Of the 6.3 million apps analyzed in 2014, one million of these were classified as malware, while 2.3 million were classified as grayware. A further 1.3 million apps within the grayware category were classified as madware.
There were 168 mobile vulnerabilities disclosed in 2014, a 32 percent increase compared to 2013.
Growth in mobile malware is expected to continue in 2015, becoming more aggressive in targeting your money. So, if there is a “clear movement towards social media platforms” and most people access social media from their mobile, we can assume that social media apps should provide better protection by blocking websites that are labeled as malicious.
Social media apps use a WebView so end-users can visit websites that are being shared by friends without having to close the app to open a native browser. The WebView is what’s vulnerable to phishing attacks as Apple and Google don’t offer any support in this area. So any social network app that’s not protected by the MetaCert Security API, will be vulnerable to attacks.