“The world of mobile ransomware has grown dramatically over the past year,” the report states. “While some varieties that run on Android devices cause little damage beyond convincing victims to pay the cyber hostage-taker, many have adopted more sophisticated approaches common to ransomware in the Windows environment.”
Ransomware creators, the report notes, are taking advantage of modern smartphones’ improved performance and using the Tor network to anonymously encrypt victims’ files, photos, videos and other documents, then demand payment within a specific timeframe in order to decrypt the data.
Websites hosting pornography are now the top mobile infection vector, by a long shot — over 36 percent, compared to 21 percent for “suspicious” sites, including networks that are known to be involved in malware, scams and other shady activities.
“As we sleep, exercise, work and shop with our mobile devices, cyber criminals are waiting to take advantage of the data these devices collect, as evidenced by the types of malware and attacks we’re seeing,” Blue Coat CTO Dr. Hugh Thompson said in a statement. “The implications of this nefarious activity certainly carry over to corporate IT as organizations rapidly adopt cloud-based, mobile versions of enterprise applications, opening up another avenue for attackers.”
“A holistic and strategic approach to managing risk must extend the perimeter to mobile and cloud environments — based on a realistic, accurate look at the problem — and deploy advanced protections that can prioritize and remediate sophisticated, emerging and unknown threats,” Thompson added.
Tripwire senior security analyst Ken Westin told eSecurity Planet by email that it’s important to remember that ransomware doesn’t come from applications downloaded from the Google Play Store or iOS App Store, but from apps downloaded directly from websites or third-party app stores.
“The challenge for security leaders is that no matter how much you train your staff about security, there always seems to be that one employee who downloads a porn app directly from an untrusted third-party website to their phone,” Westin said. “To our horror, those individuals are then connecting their devices to the corporate Wi-Fi, accessing corporate email and documents from that same infected phone.”
In response, Westin said, it’s important that companies not only have clear security policies in place, but also implement the technical controls required to detect and mitigate policy breaks and threats that affect the corporate network.
Recent eSecurity Planet articles have examined the importance of user security training, and using two-factor authentication for mobile security.