As the UK seeks to grow the next generation of cyber-security talent to protect people and organisations against the latest threats, cyber-criminals are honing their skills and applying business sophistication to mastermind new threats, so it is claimed.
Increasingly skilled mobile malware developers are applying business sophistication to exploit market vulnerabilities by hyper-targeting high-value information and using better distribution channels of malware to put mobile users and businesses at risk.
That’s according to Juniper Networks, which released its third annual Mobile Threats Report. The company points to the shortage of cyber-security talent equipped to combat IT attacks, a problem highlighted in a National Audit Office report
From March 2012 through March 2013, the Juniper Networks Mobile Threat Center
Malware developers
This year’s report uncovered several trends that indicate mobile malware developer skills are becoming increasingly sophisticated:
Opportunities
Malware aimed at the Android operating system has increased since 2010, growing from 24 percent of all mobile malware to 92 percent in March 2013. According to Google, as of June 3, 2013 only four percent of Android phone users were running the latest version of the Android operating system, which provides mitigation against the most popular class of malware, measured by the MTC that makes up 77 percent of Android threats.
Paths to profits
Almost three quarters (73 percent) of all known malware are FakeInstallers or SMS Trojans, which exploit holes in mobile payments to make a quick and easy profit. These threats trick people into sending SMS messages to premium-rate numbers set up by attackers. Based on research by the MTC, each successful attack instance can yield about £7 in immediate profit. The MTC also found that more sophisticated attackers are developing intricate botnets and targeted attacks capable of disrupting and accessing high-value data on corporate networks.
Distribution
Attackers made strides to shorten the supply chain and find more agile ways to distribute malware into the wild globally. The MTC identified more than 500 third-party Android application stores worldwide, most with very low levels of accountability or management, that are known to be inadvertently hosting mobile malware – preying on unsuspecting mobile users as well as those with jail-broken iOS mobile devices.
Mark Quartermaine, vice president, UK and Ireland, Juniper Networks, said: “While the U.K. is struggling to nurture talent to fill the cyber-security skills gap, the black market is booming with mobile malware developers. Hyper-targeting of high-value information and better distribution channels of malware are leading to more prevalent threats and attackers are applying business sophistication to exploit market vulnerabilities and in turn significantly increasing profits. As these attacks become more and more multi-faceted, organisations need to recruit the right talent and deploy intelligent security solutions to ensure they have robust protection against next-generation threats.”
And Oliver Crofton, ethical hacker and co-founder, Vigilante Bespoke, said: “The cyber-security industry is failing to attract young talent for numerous reasons. If you’re a newly qualified computer science graduate, the perception that jobs are hard to come by combined with the stuffy image corporate environments are lumbered with can make it an unappealing career prospect. Compare that with writing some malicious code from the comfort of your own bedroom, high tax-free earnings, hours you can pick and choose, and the likelihood of going to prison almost zero; it’s no wonder cyber-crime is booming. As an ethical hacker, I consider myself to be in one of the most exciting professions out there and I’d encourage younger generations to explore the vast opportunities on offer in cyber-security.”
The Mobile Threats Report, by the Juniper Networks Mobile Threat Center
Third Annual Mobile Threats Report