Third Annual Mobile Threats Report

Copyright © 2013 Juniper Networks, Inc. www.juniper.net

THIRD ANNUAL MOBILE THREATS REPORT

Juniper Mobile Threat Center Research

June 2013

2 Copyright © 2013 Juniper Networks, Inc. www.juniper.net

M O B I L E D E V I C E S

MARKET TRENDS

“Of the 1.875 billion mobile phones to be sold in 2013, 1 billion units will be

smartphones, compared with 675 million units in 2012.” – Gartner

“Tablet shipments alone to outpace the entire PC market by 2015” - IDC

Canalys: 2012 worldwide smart phone shipments


GROWING EXPONENTIALLY

614% increase in malware samples! Total mobile malware samples across all platforms

increased to 276,259 at the end Q1-2013

133% more mobile applications analyzed! Juniper’s MTC examined 1.85 million mobile

applications compared to 793,631 in 2011

M O B I L E M A L W A R E


ANDROID - GAINING SHARE




SUPPLY CHAIN

Russia and Eastern Europe - hotbeds for malicious mobile activity. Malware is an

easy moneymaking venture…

China - rapidly expanding population of smartphones and an attractive market for

cyber criminals…

US and Western Europe - large smartphone markets…



PATHS TO PROFITS

9 out of every 10 malicious mobile

applications:

• 29% Fake Install apps

• 48% SMS Trojans

• 19% Spyware Applications



FRAGMENTED ECOSYSTEM A Fragmented Android Ecosystem

contributes further to malware threat

• 41% of devices still running

Gingerbread or older version

• Only 4% running version 4.2x

• In contrast iOS6 reported close to

90% adoption ( third party est. )

Android - Open for Malware •Annonymity of app developers

• Loosely managed marketplace

• Fragmented ecosystem



IT’S THE SEASON!

More than half of malware is created from Oct to Jan

• Smartphones and tablets are hot gift items

• App download picks up as new devices come online



BYOD: ENTERPRISE THREAT MTC Research indicates several attacks that could impact enterprise

• Attacks could be used to steal information

• Or, stage larger network intrusions

• Junos Pulse Mobile Security Suite data: 3.1% of enteprise user

device with at least one infection over the year

NotCompatible • Malware distributed by drive-by downloads, connects to C&C server

• Evidence of distribution by email phishing attacks suggests it could be used for

directed device attacks leading to an enterprise breach

Tascudap • Example of a complex and feature-rich mobile botnet that could be used to attack,

distribute spam and be part of DDoS against an enterprise.

• Tascudap mimics the Google Play icon to trick user to click in third pary app stores,

webpages or phishing messages

• Messages supported could compromise the device to become part of DDoS, send

premium SMS or monitor messages/calls



BYOD: DATA & APP PRIVACY

Insecure or Voracious Mobile Apps could

undermine enterprise security:

• One-third free apps had permission to

track user’s location

• Apps downloaded without corporate

oversight can access corporate

address book, documents and location

App Privacy Violations: An Upward Trend

• Juniper MTC researched 1.6 M Apps;

increasing population of apps, both free

and paid, that are seeking more access

• FTC Staff report recommended number

of improvements in Feb ’13, but

progress is slow



BYOD:DEVICE LOSS & THEFT

Loss of Data and Intellectual Property are top of mind concerns in

BYOD

• Loss of device, specially without strong access password and data

encryption can be a serious loss to business and gov organizations

• MTC saw that a sizable number of Junos Pulse Mobile Security Suite

customers used Locate and Lock functions but only a small fraction

actually used Wipe function



REVISITING 2011 PREDICTIONS

Prediction 1: Further dramatic malware growth Numbers don’t lie - the growth of malware through March of 2013 continues to grow at a

steady clip, with a clear focus on Android. We were on target with this prediction.

Prediction 2: Targeting of device applications The continued popularity of Fake Installer malware suggests that malicious actors have

found easier means to do so than by exploiting vulnerabilities in the underlying mobile

application code. Mark this as “to be continued.”

Prediction 3: Focus on mobile banking Mobile banking was a focal point for malware writers and security researchers alike in

2012. Malware such as Zitmo (Zeus-in-the-Mobile) or similar styles of applications geared

towards thwarting financial transaction authentication mechanisms continued to surface.

We were mostly right on this prediction.

Prediction 4: Direct attacks grow While exposed vulnerabilities certainly exist in nearly every mobile operating platform, it

remains difficult for attackers to launch viable attacks at devices whose locations,

network reliance and identities continually change. This prediction didn’t pan out.



FUTURE OUTLOOK 1. Android adoption – and Android malware – outpaces competitors We believe that the current trends in smartphone and tablet adoption will continue, if not

intensify. While direct attacks on Android are possible, we expect that the current focus on

Trojan-izing mobile applications will continue, as attackers are still garnering plenty of

success in penetrating official and third-party Android application marketplaces.

2. Continue to keep an eye on research of the iOS platform However, with a shrinking share of the smartphone market, especially outside of North

America, Apple could find itself in the same position with its mobile operating system as with

the MAC desktop operating system: controlling a small piece of the market and seeing a

proportionally small share of the malicious activity.

3. Coordinated efforts to snuff out SMS fraud The SMS Trojan problem is linked closely with “Premium SMS” operations in Europe and

Asia, creating something of a choke point for Premium SMS or “Toll Fraud” malware.

Concerted efforts by regulators to put pressure on SMS aggregators and wireless providers

to implement features that make it harder for malware to send or approve premium SMS

messages could dry the swamp of illegal funds linked to this major category of mobile

malware.



ENTERPRISE GUIDANCE

3. Control the Attack Surface • Implement secure access systems that provide network-level mobile security

• Consider mobile security solutions that integrate well with back-end servers, NAC

and policy servers for internal and regulatory compliance

• Utilize mobile device management (MDM) features that blacklist known bad

applications

• Manage what corporate device users can download

1.Secure Connectivity • Implement mobile VPN, with strong

identity-based authentication, SSO, etc.

• Explore application-level VPN and

container technologies

2. Protect against Malware • Enable on-device mobile anti-virus and

network level protection

• Use device tracking and control,

including strong passcode and encryption

enforcement


M O B I L E M A L W A R E JUNOS PULSE MOBILE THREAT CENTER

Worldwide 24/7 Team of Leading Security Experts

Team with vast experience in Security, Information

Technology, Engineering, Software Development, and

Management

Team members have advanced degrees in Engineering and

various training courses completed

Certified Ethical Hackers (CEH),Certified Hacking Forensic

Investigators (CHFI) and Certified Wireless Network

Administrators (CWNA)

Certified Information Systems Security Professionals

(CISSP)

Team members located in different time zones to ensure

timely responses to emerging threats



JUNIPER MOBILE SECURITY

Juniper Networks’ Junos Pulse client and Junos Pulse services

simplify secure access and connectivity to networks based on the

device type and device security posture, location, user identity and

role, and adherence to corporate access security policies. For mobile

devices, Junos Pulse provides secure connectivity, mobile threat

protection, and remote mobile device configuration and management

in a single solution. Junos Pulse is available for major mobile

operating systems in addition to Windows and Mac OS: iOS, Android,

BlackBerry and Windows Mobile.

For more information please visit: www.juniper.net/junos-pulse



THROUGH BROAD COVERAGE,

FLEXIBLE DEPLOYMENT

OPTIONS, SCALABILITY AND

OPERATIONAL SIMPLICITY,

JUNIPER PROVIDES SOLUTIONS

THAT SPAN THE ENTIRE

SECURITY SPECTRUM

Platforms

Applications

and Content

COMPREHENSIVE

SECURITY Connectivity


T h a n k y o u !