Next time you find a mobile app that seems too cool to be true, it just may be: Research from the Juniper Networks Mobile Threat Center shows mobile malicious apps have grown an astounding 614 percent in the last year to more than 276,000 apps.
The Juniper Networks Mobile Threat Center, a global research facility “dedicated to around-the-clock mobile security and privacy research,” noted the dramatic increase shows mobile malware has quickly become a profitable business for attackers.
“There's no doubt mobility will continue to be a pervasive and disruptive force across every industry. We have found that it has created an easy business opportunity for malware developers who are becoming savvy in their approach to quickly turn profits in a rapidly growing market,” said Troy Vennon, director of the Mobile Threat Center. “We anticipate that similar to the evolution of PC-based threats, mobile attacks will continue to increase and become more sophisticated in the coming years."
The majority of the malicious, evil, mobile apps—92 percent, in fact—were directed at Android devices, thanks in part to the fragmented Android market and the sheer number of third-party Android application stores worldwide (more than 500, according to the Threat Center). Malicious haymakers are taking advantage of the lack of oversight and low levels of accountability, the center said, and using those app stores to seed their mobile malware.
Another strike against Android’s fragmented ecosystem: A majority of Android devices don’t receive security updates and other measures provided by Google (GOOG), which leaves users susceptible to mobile threats of all kinds. The center noted that as of June 3, only 4 percent of Android phone users were running the latest version of the operating system. Yikes.
Other interesting—and potentially frightening—findings from the Mobile Threat Center:
- An astounding 73 percent of all known malware are FakeInstallers or SMS Trojans, which exploit holes in mobile payments to make a quick and easy profit—about $10 in immediate profit for each successful attack instance. These threats trick people into sending SMS messages to premium-rate numbers set up by attackers. The center also found that more sophisticated attackers are developing intricate botnets and targeted attacks capable of disrupting and accessing high-value data on corporate networks.
- In addition to malicious apps, the center found several legitimate free applications that could pose a risk of leaking corporate data on devices. Free mobile applications in particular are three times more likely to track location and 2.5 times more likely to access user address books than their paid counterparts. What’s more, free applications requesting/gaining access to account information nearly doubled to 10.5 percent in May 2013 from 5.9 percent in October 2012.
In short, companies with a BYOD or mobility plan for their employees but don’t have some sort of mobile device management solution in place are playing Russian roulette with their corporate networks. Research such as Juniper’s only serves to prove the importance of ensuring mobile devices on the corporate network are locked down tight. No one is more suited to ensure that happens than the solution provider channel. Go get ‘em.