Why mobile malware attacks vary by region

News by Doug Drinkwater

Researchers at Lookout Security have found that mobile malware is becoming a big business, with cyber-criminals tweaking the method of their attack for different regions to avoid detection and improve profits.

For its latest ‘Mobile threats, Made-to-Measure' report, the firm collected data from more than 50 million users between January and December last year, and on evaluating this data, was able to break down attacks and malware types by region.

What stood out was that attackers are not only viewing mobile as a new avenue to spread malicious code – and in turn boost profits – but that they are also spreading their attacks out by region to maximise profitability and to avoid potential detection.

“2013 stood out as the year when mobile threat campaigns became increasingly targeted by geographic region as the criminals adapted their practices to maximise profit and minimise ability to be detected,” reads the report.

“Regulation varies by country and a criminal enterprise that might be highly profitable and difficult to prosecute in one part of the world is often explicitly forbidden and easy to prosecute in another. This regulatory variation produces a state of natural selection in which criminals evolve to exhibit attack strategies that are best suited for their environment.”

Marc Rogers, Lookout's principal security researcher, later added in an interview with the BBC: "When it comes to mobile malware, everything is now regionalised.”

For example, Rogers said that European mobile users – and those in China and Russia - were increasingly targeted by so-called “chargeware”, which attempts to trick people into paying for a service or an app, while there has been a rise of adware apps and others which look to steal sensitive data, such as log-in details for online banking systems in the US.

Chargeware, which is often used by pornographic apps, was also a significant concern in the UK, where it had a 20 percent “encounter rate”.

Premium-rate malware remains prevalent in Russia, but this was partly due to most of these users getting apps from third-parties, and sometimes unvetted, application stores and not from Google Play or Apple's App Store.

Indeed, Russian mobile users, especially those on Android, had the highest rate of encountering malware (63 percent), but this was much lower in the US and Canada (both 4 percent), as well as in the UK (5 percent). Spain (18 percent) and China (28 percent) were more susceptible to mobile malware attacks.

Regulation, profit and BYOD play a part

Speaking to SCMagazineUK.com, Larry Ponemon, founder and analyst at Ponemon Institute, said that most attacks rely on the weakest link – the end-user.

“It appears that one of the most significant threats to mobile security is the human factor -- that is, good people who do stupid things such as downloading mobile apps without fear of malware infection,” said in an email exchange.

But he added that the infection rate was also down to cultural differences, with users in some countries less aware of privacy and security matters.

“In my opinion, country differences are most likely due to cultural factors. In countries with high malware infection rates, mobile users are less likely to hold expectations of privacy or security.

“Another reason for country differences concerns wealth. I predict mobile users in high wealth countries have more to lose and therefore are more risk averse to insecure mobile apps. Finally, countries with strict compliance over privacy, data protection and information security are more likely to experience a lower mobile infection rate.”

Brian Honan, analyst and founder at BH Consulting, told SCMagazineUK.com that how often these devices are updated or even replaced is likely to play a part too.

“Other areas that may influence issues on a regional basis would be the adoption rate of latest mobile devices,” he said. “In regions with high adoption rate of new phone models, such as Japan, and other parts of Asia, infected devices have a short lifespan as they are replaced by newer ones.

“The opposite would be true in countries and regions where adoption of new technologies is slower resulting in devices having older operating systems. This leaves them at a higher risk of becoming compromised and remaining online longer as they are not replaced as quickly.”

Honan continued that the popularity of less secure – but more affordable – Android devices is also likely to be a contributing factor, as is how often telcos provide system updates.

All of this is likely to be a big business concern, not least considering that a third of all mobile phones and tablets (approximately one billion devices) are expected to be in the workplace by 2018, most likely as part of some bring-your-own-device (BYOD) scheme.

“As BYOD becomes more common in the workplace, rather than attacking traditional, heavily monitored network services, we expect criminals to evolve once again and turn to mobile devices as an easier way to get into the enterprise and access valuable data,” the report states.

Ponemon added: “This problem is exacerbated by the BYOD movement.  Despite the predicted rise in mobile risk, I don't have much faith that end users will proactively defend their smart phones or tablets from criminal attacks.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews