THE BLOG

Security on the Go: Smartphones Increasingly at Risk

16/03/2016 12:40 GMT | Updated 17/03/2017 09:12 GMT

Mobile devices have become an extension of our everyday lives. Whether we're checking the news, browsing an online shop or catching up with loved ones on social networks - there's no denying that our handheld devices make our lives much more convenient. However, despite our growing reliance on smartphones and the massive increase in the number of threats facing them, recent Kaspersky Lab research found that UK consumers are still failing to adequately protect their devices. In fact, only a quarter of us take steps to install extra security on our smartphones.

These figures are especially worrying when we consider how frequently we use our smartphones to conduct financial transactions. For one thing, the information that is transmitted when using mobile banking apps, retail apps and when accessing online marketplaces for apps on an insecure wi-fi network can easily be intercepted by cybercriminals who are desperate to get their hands on our sensitive data. Additionally, if we're already infected, a malicious app can collect sensitive data and send it automatically to the cybercriminals behind the malware.

In our increasingly connected lives, our mobile devices have become an extension of not just our personal lives, but our professional lives too. In fact, they're now considered a greater source of personal and business information than desktop computers and are often much less secure. This is due to the fact that roaming devices are notoriously difficult to manage in terms of security.

Let's look at the numbers. Our data indicates that the volume of malware targeting mobile devices grew more than three times in 2015 in comparison to 2014. The statistics speak for themselves. We detected 884,774 new malicious programs in 2015 - a three-fold increase on 2014 (295,539). In fact, this conceals the true extent of the risk. Each of these code samples is re-packaged multiple times and we saw a total of 2,961,727 infected installation packages last year. This means that each and every one of us is increasingly likely to become a target.

Mobile malware is also growing in sophistication. In 2015, we reported on a Trojan named 'Acecard', one of the most dangerous Android banking Trojans that we have seen to-date. This Trojan is designed to steal confidential data (among other things) by overlaying the interface of legitimate apps with its own phishing window in order to trick the victim into disclosing sensitive information. Acecard first appeared in June 2014 and developed in leaps and bounds in the 18 months that followed. It targets the customers of around 50 different online financial institutions and captures the credentials of social network apps, as well as having the ability to infiltrate reputable online stores such as Google Play. The sophistication of the Acecard Trojan wasn't the only thing that increased. The number of victims increased also; from May through to December 2015, more than 6,000 people were infected!

But it isn't just the amount or sophistication of malware that's changed; the diversification of mobile malware has also continued. In 2015, we saw a massive increase in ransomware in particular. The number of malware families doubled and the number of variants across these malware families increased three and a half times. In fact, there were five times more victims than there had been in 2014. Moreover, 17 per cent of all ransomware infections were found on Android devices. Ransomware is specially designed to extort money from its victims. Most of these completely block access to the device. Other variants of ransomware display a pop-up window showing a message indicating that the victim has accessed illegal content. In order to unlock the device, they are asked to pay a 'fine' of anything ranging from $10 to $150, depending on the particular malware. Some are cryptors - encrypting data held on the device. One of the most prominent of these is Pletor, which asks for a ransom of $5,000.

We are now so dependent on mobile devices that it is imperative that we take adequate steps to protect them from cybercriminals. There are various measures that we can implement in order to stay safe.

• Download apps only from trusted sources. While we have seen instances of malware in legitimate market places, by sticking to such sites you greatly reduce your exposure to malware.

• Avoid clicking on links in random messages.

• Secure your devices with a reputable mobile security solution.

• Stick to trusted, secure wi-fi networks for confidential transactions.

• Use a strong PIN or passcode or enable the devices fingerprint scanner. Remember that this is all that stands between a criminal and your online identity if your device is lost or stolen.

Security on the go has never been as important as it is today.