Mobile Android Is an Even Bigger Opportunity for Attackers Than Windows PCs

Terry Young


Mobile Android is now a bigger threat opportunity than Windows PCs – in terms of shipments, usage, installed base and the number of vulnerable targets.

According to Statcounter, at the end of 2017, the leading mobile operating system, Android OS, was the most used global operating system, surpassing usage of 17 other operating systems, including Windows. Android had surpassed Windows shipments a few years ago, reaching 1.9 billion by the end of 2017 – nine times the shipments of traditional PCs according to Gartner. There are now 2.7 billion Android-based smart devices in use, compared to an estimated 1.5 billion Windows devices.

Historically, cybercriminals simply did not have enough vulnerable mobile devices out there to make significant attacks worthwhile. That’s changed. Cybercriminals are in it for the money; and they look for the most vulnerable targets, in the greatest quantity, that will take the least amount of effort to breach and have the highest potential for monetary gain.

This building of mobile threat has been foreseen for some time. In 2006, roughly six months before the release of the first iPhone, Scientific American warned about the perils of mobile malware and noted mobile malware growth at that time roughly paralleled that of computer viruses in the first two years after the first PC virus, “Brain,” was released in 1986.

In 1988, computer experts dismissed viruses as inconsequential, vastly underestimating how quickly malware could grow in prevalence, diversity and sophistication. In their 2006 article, Scientific American also warned about making the same mistakes with mobile, pointing out that the bigger the target, the greater the attraction for malicious programmers and that smartphones would soon make up most of the world’s computers (now true).

Outdated Windows devices have proven to be a significant security risk. About 140 million active Windows PCs are still running Windows XP, a 14-year-old operating system that Microsoft stopped updating in 2014. The massive WannaCry cyberattack last year exploited a security hole in the Windows XP operating system.

But in comparison, Android has about one billion of the 2.7 billion active devices running outdated operating systems. That’s about seven times the amount of vulnerable XP devices.

Mobile devices do have had some advantages over Windows security-wise, so maybe that will help stall the pace of infection and attack going forward. Applications are more tightly controlled by OS leaders, like Apple and Google, and users must provide permission to allow access to core phone functions. There are fewer malicious actors adept in mobile software. But counter to that is the more casual attitude of subscribers towards security of their mobile devices and the fact that mobile devices have billing mechanisms built in, leading to SMS fraud.

Most mobile subscribers don’t apply even the basic security passwords, and even fewer install device protection. Permissions in new apps are requested and granted broadly by impatient subscribers. The monetary incentives are also getting sweeter for cybercrime. Use of mobile for financial transactions is growing. The GSMA estimated that the industry processed 22 billion financial transactions in 2016 and identifies mobile technology as key to transforming access to financial services in emerging markets for hundreds of millions of people.

Our Unit 42 threat intelligence team has been analyzing threat trends and reporting on the last four years of new Android malware evolution. Check out their latest research on Android threats.

Will the threat landscape for mobile networks and devices reach the attack volume witnessed with Windows devices and enterprise networks? We believe the answer is “yes,” and we think the trend is well underway.

For mobile network operators, the growing number of attacks threatens their own infrastructure as well as their subscribers. Malware-infected devices can be recruited into botnets and turn against mobile infrastructure to degrade network availability. The full visibility provided by Palo Alto Networks Next-Generation Security Platform is essential as it allows mobile network operators to monitor building threats, identify already infected devices and determine appropriate action.

 

PAN_MWC-18_Social-Suite_blog_600x200

Connect with us at Mobile World Congress in Barcelona

Want to learn what we’re doing to help secure the new hyper-connected world that we live in? Connect with our mobile network specialists or reserve your seat at one of our speaking sessions at Mobile World Congress in Barcelona.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42