Cisco says attackers will take aim at Apple, Android mobile devices

Article

Cisco says attackers will take aim at Apple, Android mobile devices

Robert Westervelt, News Director

A sharp rise in the number of mobile devices in use globally and significant improvements in Microsoft Windows security could force attackers to target smartphones, tablets and other devices that are making their way onto enterprise networks.

As these devices become more and more powerful they're going to be roughly equivalent to the power of PCs. You can run more software on them and there's more likely to be defects.

Henry Stern,
CSIRT security engineerCisco Systems Inc.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

The Cisco 2010 Annual Security Report (PDF) cited progress by Microsoft and other software vendors to improve security by providing updates, alerting users to potential flaws and making patches available to users. The progress on the desktop is going to force cybercriminals to shift their activities to mobile platforms, which often times have similar vulnerabilities, said Henry Stern, a CSIRT security engineer at Cisco Systems Inc. Apple, with the popularity of its iPhone and iPad and Android, with dozens of different smartphones are the likely targets, according to the report.

"We see the warning signs of activity around mobile applications on smartphones," Stern said in an interview with SearchSecurity.com. "We've seen people attempting to add rogue applications in the Android application store and there's evidence that the jailbreak procedure used by some Apple users can also be used by attackers."

The Cisco report cites the more than more than 60 patches designed to fix security vulnerabilities in Apples iOS 4, the latest version of its mobile platform, as evidence that attackers could attempt to exploit mobile zero-day vulnerabilities. In addition, Some Apple users are jailbreaking their devices, unlocking Apple-imposed security limitations making them more vulnerable to an attack.

The increase in marketshare of Google's Android platform and its more open architecture also makes it a likely target, Cisco said. The platform is a relative newcomer to the market and embraces an more open architecture. Its less restrictive app store could put it in the crosshairs of attackers, according to the report.

"As these devices become more and more powerful they're going to be roughly equivalent to the power of PCs," Stern said. "You can run more software on them and there's more likely to be defects."

The Cisco report also highlighted the emergence of a variant of the Zeus Trojan attempting to target users of Symbian-based phones as further evidence that cybercriminals are shifting their focus to mobile users.

The mobility issue is also causing problems at enterprises. Cisco said the recent financial crisis has motivated cash-strapped organizations to allow employees to purchase the mobile devices they prefer, simply because it is more cost-effective for the organization. It causes issues when trying to apply and enforce security policies across multiple mobile platforms, according to the report.

Some organizations are assigning mobile management to a dedicated specialist, but many organizations lack the resources to establish a position. Other companies are assigning the task to the person responsible for managing the BlackBerry Enterprise Server (BES). The report says the mobility issue is forcing companies to deploy more fully configured data loss prevention (DLP) technologies to monitor the data usage of mobile users.

Attacks could become more targeted
Cisco's annual Global ARMS Race Index was set at 6.8, down 5% from the December 2009 level of 7.2. The index is fashioned after the Richter Scale and provides a measurement of the overall level of compromised resources worldwide. The decline in the index is the result of the high-profile takedowns of the Waledac, Mariposa and Cutwail botnets, according to Cisco. Stern said that despite the decline, attacks are still coming in at persistent and alarming rates. He cited the Stuxnet Trojan as an example of the kind of targeted malware that enterprises may see in the future.

"Previously we've seen that cybercrime, for the most part, to steal information, but here we see something that was out to cause physical damage," Stern said. "It's very much an escalation in the technology being employed by attackers."

Spam reduced
Stern said Cisco found spam down 90% from its previous levels last summer. Law enforcement have brought legal cases against spammers in greater numbers and antispam technologies have been more successful in weeding out the unwanted messages. "Put together this has caused the first year in the history of spam that the levels have dropped," Stern said.

The financial infrastructure behind profiting from spam has taken a big hit. Russian authorities cracked down on an order processing and fulfillment website for online pharmaceutical sales, which could have contributed to the decline of spam. Law enforcement has also taken out spam operations in the United States and Armenia. The number of organizations that are responsible for the bulk of spam have declined from six to two, according to the report.

"It's the Al Capone approach to spam," Stern said. "When you take out the ability of criminals to make money, criminals will go and do something else."