Mobile malware is like Ebola – an overhyped threat
“Today, at RSA Conference 2015 in San Francisco, Damballa unveiled research which details the overblown nature of the mobile malware problem.
Damballa monitos nearly 50% of US mobile traffic and, based on this Big Data set, the research team set out to determine actual malware infection rates not just samples found, or vulnerabilities/theoretical attacks. In his talk, senior scientific researcher Charles Lever highlighted the actual risks to devices, the number of devices seen communicating with known bad domains, and the comparison to historical rates.
In 2012, monitoring 33% of US Mobile Data Traffic, Damballa saw 3,492 out of a total of 23M mobile devices 0.015% – contacting a domain on the mobile blacklist (MBL). In Q4 2014, monitoring nearly 50% of US Mobile Data Traffic, only 9,688 out of a total of 151M mobile devices contacted mobile black list domains (.0064%). The National Weather Services says the odds of being struck by lightning in a lifetime are 0.01%.
This research shows that mobile malware in the Unites States is very much like Ebola harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection, said Charles Lever, senior scientific researcher at Damballa. Ask yourself, How many of you have been infected by mobile malware? How many of you know someone infected by mobile malware?
Lever continued, Mobile operators and platforms have invested significant resources in preventing malicious applications from being installed, especially in North America. For example, iOS developers must submit an application for approval before their app is available on iTunes. And Google has developed ‘Bouncer,’ a system that scans submitted apps for evidence of malware. So for a majority of the population, by simply staying within the authorized app stores for their respective devices, they will drastically reduce the risk of being infected with mobile malware.
Brian Foster, CTO of Damballa, added, While it would be naïve to think there is no risk in mobile, the true extent of mobile infections is still not widely understood. By providing an extensive network-level analysis, across millions of devices, Charles and his team are helping the industry better understand the underlying infrastructure of mobile traffic, and the risks that are likely to come in the future. By understanding these risks, organizations will be better able to apply network-based countermeasures to help detect and protect themselves going forward.
“This study empirically demonstrates what we and many others have been emphasizing for a while. The cause for urgency and panic when it comes to mobile malware, at least in the US, is more of a result of industry hype rather than reality,” says Lever.
“However, this does not mean enterprises should ignore mobile device security; mobile users are still susceptible other threats such as phishing or privacy violations due to poorly written mobile applications. Therefore, it’s important that IT should set and communicate proper, realistic mobile device policies, and users should stick to first party application markets for their respective devices in order to dramatically reduce their risk.”