A new report from cloud security company ZScaler sheds light on the growing mobile threats on Android operating systems, as well as IoT and OT devices threats. The findings come as more than 60% of the global Internet traffic is now generated by mobile devices and financially-oriented mobile threats have grown by 111% over the last year.
ZScaler’s ThreatLabz witnessed a 29% rise in banking mobile malware over the previous year, with banking malware representing 20% of the total Android threat landscape.
Most active banking malware families to date include:
Most of these banking malware record keystrokes, hijack credentials, and intercept SMS messages in order to bypass Multi-Factor Authentication.
SEE: How to Create an Effective Cybersecurity Awareness Program (TechRepublic Premium)
In addition to banking malware, spyware threats have also grown, with researchers indicating that blocked transactions increased by 100% over the previous year.
The most prevalent spyware reported are SpyLoan, SpinOk, and SpyNote.
According to ZScaler, most mobile malware targeted India (28%), the U.S. (27%), and Canada (15%), followed by South Africa (6%), The Netherlands (5%), Mexico (4%), Nigeria (3%), Brazil (3%), Singapore (3%) and the Philippines (2%).
Impacted sectors include technology (18%), education (18%), manufacturing (14%), retail and wholesale (12%), and services (7%).
Mobile malware are distributed via various methods. One method consists of using social engineering techniques. As an example, ZScaler reports that attackers deployed the Copybara mobile malware by using voice phishing (vishing) attacks, where the victim received voice instructions to install the malware on their Android phones.
QR code scam is also common, where victims are tricked into scanning malicious QR codes leading to malware infections or, in some cases, to phishing pages.
Some malware is also available on the Google Play Store. This includes Joker — which silently subscribes users to premium services without their consent to generate charges — followed by adware malware type and facestealer, a Facebook account stealer.
Overall, despite an overall decrease in Android attacks, financially-oriented mobile threats have grown by 111% over the last year.
Internet of Things and Operational Technology environments keep expanding and are increasingly targeted by attackers, according to the report. The researchers indicate that the number of IoT devices interacting with them has grown by 37% year-over-year.
IoT malware attacks have grown by 45% over the past year, with routers being the most targeted type of device, with more than 66% of attacks aimed at these devices. The leading malware families hitting IoT devices are Mirai (36.3%) and Gafgyt (21.2%). Botnets built with these malware on IoT devices can be used to launch large Distributed Denial of Service attacks.
Regarding the geographical distribution, more than 81% of IoT malware attacks are aimed at the U.S., followed by Singapore (5.3%), the United Kingdom (2.8%), Germany (2.7%), Canada (2%), and Switzerland (1.6%).
Top sectors impacted by IoT malware attacks are manufacturing (36.9%), transportation (14.2%), food, beverage, and tobacco (11.1%).
On the OT side, 50% of the devices in many deployments use legacy, end-of-life operating systems. Protocols prone to different vulnerabilities are also often exposed in OT environments, such as SMB or WMI.
As an example, ThreatLabz analyzed the OT content of a large-scale manufacturing organization, comprising more than 17,000 connected OT devices across more than 40 different locations. Each site contained more than 500 OT devices with end-of-life Microsoft Windows operating systems, many of which had known vulnerabilities.
67% of the global traffic to the OT devices was unauthorized or blocked.
According to ZScaler, IoT and OT devices will remain primary threat vectors, while the manufacturing sector will remain a top target for IoT attacks, including ransomware.
ZScaler also suspects artificial intelligence will be increasingly used to deliver high-quality phishing campaigns targeting mobile users. However, AI will also help defenders automate critical functions and better prioritize their efforts.
To protect from threats on IoT and OT devices, it is necessary to:
To protect from threats on mobile devices, it is important to:
Companies should also be cautious of applications requesting updates immediately after installation. An application downloaded from the Play Store should be the latest version. If an app requests permission to update immediately after installation, it should be treated as suspicious and could indicate malware attempting to download additional malicious components.
Disclosure: I work for Trend Micro, but the views expressed in this article are mine.