Security Research Shows Mobile Attackers Continue to Reap Rewards as Attacks Grow More Calculated
SUNNYVALE, CA--(Marketwired - Jun 26, 2013) - Juniper Networks (NYSE: JNPR), the industry leader in network innovation, today released its third annual Mobile Threats Report showing the rapid growth and evolution of mobile malware into a profitable business for attackers. From March 2012 through March 2013, the Juniper Networks Mobile Threat Center (MTC) -- a global research facility dedicated to around-the-clock mobile security and privacy research -- found mobile malware threats growing at a rapid rate of 614 percent to 276,259 total malicious apps, demonstrating an exponentially higher cyber criminal interest in exploiting mobile devices.
Additionally, it is clear from developments in the threat landscape that malware writers are increasingly behaving like profit-motivated businesses when designing new attacks and malware distribution strategies. Attackers are maximizing their return on investment by focusing 92 percent of all MTC detected threats at Android, which has a commanding share of the global smartphone market. According to analyst firmCanalys, Android devices accounted for 67.7 percent of all smartphones shipped in 2012 and is projected to ship more than 1 billion smartphones in 2017. Attackers are also leveraging loosely regulated third-party app marketplaces to distribute malware and more quickly get threats on the market.
This year's MTC report uncovered several mobile malware trends that demonstrate increased business savvy by attackers including:
- Preying on High-Growth Market Opportunities: Mobile malware developers are recognizing huge opportunity in the growing market dominance of Android. Malware for the Android operating system has increased at a staggering rate since 2010, growing from 24 percent of all mobile malware that year to 92 percent by March 2013.
- More Effective Distribution: Attackers made strides to shorten the supply chain and find more agile methods to distribute their wares into the wild around the globe. The MTC identified more than 500 third-party Android application stores worldwide, most with very low levels of accountability or oversight, that are known to be hosting mobile malware -- preying on unsuspecting mobile users as well as those with jail-broken iOS mobile devices. Of the malicious third-party stores identified by the MTC, three out of five originate from either China or Russia.
- Multiple Paths to Big Profits: Almost three-fourths (73 percent) of all known malware are FakeInstallers or SMS Trojans, which exploit holes in mobile payments to make a quick and easy profit. These threats trick people into sending SMS messages to premium-rate numbers set up by attackers. Based on research by the MTC, each successful attack instance can yield approximately $10 USD in immediate profit. The MTC also found that more sophisticated attackers are developing intricate botnets and targeted attacks capable of disrupting and accessing high-value data on corporate networks.
- Exploiting Industry Fragmentation: The fragmented Android ecosystem keeps the vast majority of devices from receiving new security measures provided by Google, which could leave users exposed to even known threats. According to Google, as of June 3, 2013, only four percent of Android phone users were running the latest version of the operating system, which provides mitigation against the most popular class of malware measured by the MTC that makes up 77 percent of Android threats.
- Increasing Privacy Violations: In addition to malicious apps, Juniper Networks found several legitimate free applications that could pose a risk of leaking corporate data on devices. Juniper Networks found free mobile applications sampled by the MTC are three times more likely to track location and 2.5 times more likely to access user address books than their paid counterparts. Free applications requesting/gaining access to account information nearly doubled from 5.9 percent in October 2012 to 10.5 percent in May 2013.
The Mobile Threats Report, conducted by the Juniper Networks Mobile Threat Center, is one of the largest first-hand quantitative research studies of its kind. The report is based on analysis of more than 1.85 million mobile applications and vulnerabilities, up more than 133 percent from the last report released in February 2012.
"With mobile malware on the rise and attackers becoming increasingly clever, we need better protection for mobile users and corporations. While on one hand the OEMs, carriers and software vendors must collaborate to develop platforms that mitigate large threats, enterprises and government organizations need to take a comprehensive look at protecting their data and networks by adopting a holistic approach to mobile security."
- Michael Callahan, vice president of global product marketing for the Security Business, Juniper Networks
"There's no doubt mobility will continue to be a pervasive and disruptive force across every industry. We have found that it has created an easy business opportunity for malware developers who are becoming savvy in their approach to quickly turn profits in a rapidly growing market. We anticipate that similar to the evolution of PC-based threats, mobile attacks will continue to increase and become more sophisticated in the coming years."
- Troy Vennon, director of the Mobile Threat Center, Juniper Networks
- Third Annual Mobile Threats Report Executive Summary
- Third Annual Mobile Threats Report (registration required)
- Blog post: Four Key Takeaways from Juniper's New Mobile Threat Center Report
- Blog post: Premium Text Message Threats: Popular, Profitable and Proliferating in Third-Party App Stores
- Third Annual Mobile Threats Report presentation on Slideshare
- Follow the conversation on Twitter @JuniperNetworks and @JuniperSecurity
- Information on Juniper Networks Junos Pulse Mobile Security Suite
About Juniper Networks
Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. Additional information can be found at Juniper Networks (www.juniper.net) or connect with Juniper on Twitter and Facebook.
Juniper Networks and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks and Junos logos are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.