Surge in mobile network infections in 2013, says report
Alcatel-Lucent today released new data showing that security threats to mobile devices continues its rapid rise, infecting at any time more than 11.6 million devices and putting their owners at increased risk for stolen personal and financial information; bill shock resulting from pirated data usage; and extortion in exchange for device control. Meanwhile, the security threat to home networks remained constant with traditional "fixed" malware types starting to make the jump to mobile devices.
Figures for the 2013 fourth quarter and year from Alcatel-Lucent's Kindsight subsidiary reveals that malicious software or "malware" used by hackers to gain access to devices continues to rise with consumer ultra-broadband usage. In addition to the posed risks to consumers, the malware is used to commit espionage and launch denial of service attacks on businesses and governments.
Due to the unique position of Alcatel-Lucent's network security and analytic products within networks, it can measure the impact of traffic types traversing the network, including malicious and cyber-security threats.
The report found that mobile malware infections increased 20 percent in 2013, with 4G LTE devices being the most likely to be infected. Android devices accounted for 60% percent of total mobile network infections, which frequently took the form of trojanized applications downloaded from third party app stores, Google Play Store or by phishing scams. Forty percent of mobile malware originated from Windows laptops tethered to a phone or connected directly through a mobile USB stick or MIFI hub. Infections on iPhone devices and BlackBerry devices made up less than 1 percent.
Other report highlights include:
- The mobile infection rate was 0.55 percent in the fourth quarter. Based on this, it is estimated that at any time over 11.6 million mobile devices - mostly Android - are infected by malware.
- The number of mobile malware samples grew 20 times in 2013.
- The residential infection rate in fixed networks dropped from 9.6 percent in October to 8.7 percent in December. For the year, it remained relatively flat at 10 percent.
- Six percent broadband residential customers were infected with high-level threats such as a bots, root-kits, and banking Trojans.
- Although ZeroAccess malware topped all infections in the fourth quarter, its infection rate dropped from 0.8 percent to 0.4 percent due to Microsoft's and Symantec's efforts to disrupt its operations.
"Criminals traditionally go after low hanging fruit," said Kevin McNamee, security architect and director of Alcatel-Lucent's Kindsight Security Labs. "Not only is Android the largest smartphone market, unlike iPhone and Blackberry, it allows apps to be loaded from third party sites. This provides cybercriminals with an un-policed mechanism to distribute their malware which can easily evade detection by device-based anti-virus. Thus, in 2013 we saw an increased trend towards operators offering network based anti-virus security to subscribers as a service."
2013 was also a year that saw mobile spyware turn infected smartphones and tablets into a cyber-espionage devices that allowed hackers to remotely track location, download contact lists and personal information, intercept and send messages, record conversation and take pictures.
The report also includes the top 20 home and Internet malware threats in 2013, as well as analysis of malware developments, including ZeroAccess, Alureon, the Zeus banking Trojan, Uapush, Coogos, NotCompatible, QDPlugin, and others.