hp-security-research-cyber-risk-report-pdf-2-w-1408

Recommendations

Info

HP Security Research | Cyber Risk Report 2015Mobile malwareThe year 2014 was a significant one for mobile malware. It was the year when mobile malwarestopped being considered just a novelty. After all, in July we “celebrated” 10 years since thediscovery of the first malware for mobile devices 92 —Cabir or Caribe.Cabir, which targeted the Nokia Series 60 Symbian platform, was a worm that used theBluetooth OBEX protocol to spread from smartphone to smartphone. It was proof-ofconceptmalware created by the virus-writing group 29a (hexadecimal 666)—well-known fordeveloping innovative pieces of malware at a time when malware developing was more of ahobby than a way to make money and attack organizations.Fast-forward 10 years and we are seeing exponential growth in the number of discoveredmalicious apps, with the majority of them targeting the Android platform. The actual reportednumbers vary from company to company, but the general consensus inside the anti-malwareindustry is that there are over one million unique malicious apps known today, with severalthousand more discovered on a daily basis.Reasons for the popularity of the Android platform for the development of malicious apps areobvious. Android has become the most popular mobile platform, with over 1 billion 93 activeusers and over 1.5 million more registered every day. 94 Its reported market share is over 70percent. 95 Google Play market, the most significant source of Android app distribution, currentlyhosts over 1.3 million apps but there is a large number of third-party app stores in the UnitedStates and worldwide, especially in China. These marketplaces, which often have less oversight,contribute to the growing malware problem on Android.96, 97, 98, 99Figure 13. Ten years of mobile malware; note the rapid rise in Android popularity (and decline in Symbian popularity) in the last five yearsAndroidiOSWindowsSymbianRelative market shareCabirSymbian2004DreverSymbian2005XroveWinCE2006FlexiSpySymbian2007MeitiWinCE2008IKEEiOS2009WallpapersAndroid2010KongfuAndroid2012DroidDreamAndroid2011MasterkeyAndroid2013KolerAndroid201492http://nakedsecurity.sophos.com/2014/06/01/from-cabir-to-koler-10-years-of-mobilemalware/.93http://www.engadget.com/2014/06/25/googleio-2014-by-the-numbers/.94http://www.androidcentral.com/larry-page-15-million-android-devices-activated-every-day.95http://stats.unity3d.com/mobile/os.html.96http://www.zdnet.com/article/mobile-os-market-shares-in-2005-symbian-51-linux-23-windows-17/.97http://www.gartner.com/newsroom/id/910112.98http://www.statista.com/statistics/266136/global-market-share-held-by-smartphoneoperating-systems/.99http://www.idc.com/prodserv/smartphone-osmarket-share.jsp.2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 201434
HP Security Research | Cyber Risk Report 2015Android anti-malware marketSince the discovery in August 2010 of the first malware for Android, Google’s approach toallowing security apps for Android was very different from Apple’s. While Apple exposed verylittle data that could be used for inspection and on-device malware classification and wasactively discouraging development of security software for iOS, Google took a more hands-offapproach and allowed anti-malware vendors to develop anti-malware software and publish itto Google Play.However, a decision has been made that anti-malware apps on Android will not have any specialprivileges. As a result, unless the device is rooted, anti-malware apps are unable to preventinfection, but can only detect the installation of malicious apps onto the device and open astandard Android dialog that allows the user to remove the detected app.APIs used by anti-malware solutions on Android are available to any apps allowed to listento events triggered by the operating system when apps are installed. That may be one ofthe reasons for the large number of Android AV offerings—over 300 alleged anti-virus andanti-malware apps are currently hosted on Google—including all the traditional vendors withsignificant market share in the world of desktop anti-malware.Nevertheless, awareness around the existence of security software for Android is relativelylow. While we can expect more than 90 percent of Windows systems to be protected by securitysoftware, the overall protection level of Android devices is lower. We estimate that just below40 percent of Android devices have some kind of anti-malware solution installed (based on thenumbers displayed by Google Play market), which may be a bit low considering that the numberof malicious apps for Android discovered daily is close to the number of Windows malwaresamples discovered around 10 years ago.Meanwhile Google is not encouraging reports coming from anti-malware vendors, claiming thatonly 0.0001 percent of devices may ever encounter a malicious app. 100 That claimed numberis backed by the data collected by the Google Play app. On the other side of the spectrum,vendors such as Kaspersky are reporting that the rates 101 of malicious apps are severalorders of magnitude higher on Android devices protected by their own software. The disparitybetween Google’s and other vendors’ data may arise from the fact that Google only measureddownloads from Google Play market, while other vendor reports account for installs from allsources.According to av-test.org, current anti-malware products for Android, although being ratherrudimentary in terms of available technology and detection techniques compared to theirWindows counterparts, are quite effective against known Android malware, with detection ratesover 99 percent 102 achievable by the majority of reputable vendors.At the same time, with the release of Android 4.2 Google included its own Verify Apps antimalwarefeature into the Google Play app. Verify Apps is an app scanner; it started as a simplefeature that used SHA1 checksum calculation and cloud (Google Safe Browsing) API lookupto check apps for known-malicious samples during installation. With the release of AndroidLollipop (5.0), Verify Apps has evolved more sophisticated protection mechanisms. Theseinclude re-scanning of apps after they are installed, as well as scanning of apps outside theGoogle Play market. We can expect that the Verify Apps functionality will develop into a fullyfeatured anti-malware product, which will certainly be welcomed by Android users and thesecurity industry.100http://www.infosecurity-magazine.com/news/google-android-malware-threat-is-vastly/.101http://media.kaspersky.com/pdf/Kaspersky-Lab-KSN-Report-mobile-cyberthreats-web.pdf.102http://www.av-test.org/en/news/news-singleview/32-protection-apps-for-android-put-tothe-test/.35
Page 1 and 2: BrochureHP SecurityResearchCyber Ri
Page 3 and 4: HP Security Research | Cyber Risk R
Page 33: HP Security Research | Cyber Risk R
Page 74: HP Security Research | Cyber Risk R

hp-security-research-cyber-risk-report-pdf-2-w-1408

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?