Globally, at least 18 million Android users will encounter mobile malware from the beginning of 2012 to the end of 2013 according to Lookout’s 2013 Mobile Threat Predictions, a forecast that identifies mobile threats people and businesses may face in the coming year.
In addition, the global likelihood of a new Lookout user encountering a mobile threat, such as malware or spyware, is .84% on average from June to October 2013. The US likelihood remained low at .40% in October 2012.
Web-based mobile threats like phishing links or malicious websites, continue to be the most prevalent and relevant threat to smartphone users. Nearly four in ten people encountered a web threat over the course of 2012 and we expect this trend to continue.
Highlights for the 2013 Predictions include:
- Toll fraud continues to grow: 72% of all of Lookout’s malware was classified as toll fraud in 2012. This class of premium SMS fraud will continue to dominate the 2013 mobile threat space despite improvements made on the Android platform. Toll fraud is the easiest and least technical path to monetization and provides considerable ROI that is built into most mobile networks via pre-existing billing channels. In addition, while more recent versions (Jellybean 4.2) of Android devices provide updated protection against premium SMS abuse, older versions of Android remain vulnerable.
- Spam harvests personal data: SMS-based spam will increase in its volume across mobile networks in 2013. Lookout recently observed a number of malicious applications toll fraud-based and otherwise, actively collecting contact information from infected devices. It’s not a stretch to expect that malware writers will seek to monetize these datasets via spammers. It’s only a matter of time before writers send spam in-network, infecting devices to appear they have come from inside as the have on PCs in the past.
- Businesses strike a balance between control and employee empowerment: Finding the right balance between protection and employee empowerment will be the business mobile threat challenge of 2013. As corporate IT administrators seek to manage the various mobile threats, there is the potential that by over-correcting for the problem, employees will seek new ways to subvert processes and policies that constrain the pure consumer experience.
For in-depth information, tips and graphics, read the complete 2013 Mobile Threat Predictions on the Lookout blog.
How Individuals Can Stay Safe in 2013
- Avoid toll fraud, regularly check your phone bill: Always review your monthly phone bill statements for suspicious charges. Contact your carrier if you identify something you believe to be fraud.
- Double-check URLs on your mobile: After clicking on a web link, pay close attention to the address to make sure it matches the website it claims to be, especially if you are asked to enter account or login information.
- Protect your privacy, understand app permissions: Be cautious about granting applications access to personal information on your phone or letting the application have access to perform functions on your phone. Make sure to check the privacy settings for each app before installing it.
- Be smart about device settings: Keep network connectivity such as NFC / WiFi, or Bluetooth ‘OFF’ when not in use. Be sure to disable settings such as debug mode that can open a device up to illicit access.
- Download a security app: Download a security app that scans the apps you download for malware and spyware, helps you locate a lost or stolen device, and protects you from unsafe websites.
- Update your phone and apps: Make sure to download and install updates from your mobile operator as soon as they are available for your device. The same goes for apps, download app updates when they are available.
How Businesses Can Stay Safe in 2013
- Raise employee awareness: Help employees understand the threats and risks in the wild so that employees can take action to safeguard their phones.
- Protect employees’ phones. Ensure that every phone – personal or business – is protected with a mobile security software that finds malware, scans apps, and locates and remotely wipes the device.
- Patch known vulnerabilities: Keep employee phones’ operating system software up-to-date by enabling automatic updates or accepting service provider’s updates when prompted. Stay up to speed on what vulnerabilities are not patched across device types and carriers to maintain a proper threat model. The National Institute of Standards and Technology offers a database of device vulnerabilities.
- Toll fraud malware will inflate your mobile bill, eat your data and steal your identity
- Android the most targeted mobile platform for malware
- Mobile malware on the rise, four tips for staying safe
- Top Five tips for avoiding bad mobile apps
- Mobile malware and increasing threat, infographic outlines problem, solutions
© 2012, TechJournal. All rights reserved.