Security threats to watch have become real
Android malware highlights problems
Published 10:40, 21 March 11
Being right so soon can be bittersweet! For those of you who missed my January webinar, I highlighted 5 security threats to watch out for in 2011 - malware, advance persistent threats (APT), fraud and insiders, mobile devices and cyberthreat/cybercrime.
(Also see my previous blog post.) Just a few short weeks later, we see Google pulling over 50 infected apps from its Android market. In fact, this is not the only incident of threats targeting mobile applications. Just before the Android malware, several variants of the Zeus Trojan that targets online banking users were discovered on Blackberry phones. These instances roll many, if not all, of the threats I spoke about into a couple of nicely packaged incidents for me to refer to.
According to ComputerWorld, the malicious apps had hidden Trojans that gained privileged access to the OS. This means the software effectively became an “insider” and could do almost anything on the mobile device, including siphon privileged data off and take control of the device. The malware was only discovered when a user suspected the apps he downloaded to his Android device were infected.
Malware is the primary mechanism hackers use to distribute persistent software. In classic APT fashion, once the malicious software has found its target, the next step - APT - kicks in. In the case of the infected Android apps, the malware was designed to persist on the mobile device and communicate with a command and control (C&C) server for instructions, and to transmit data. This C&C server software itself resides on a compromised host that belongs to a legitimate business in California.
The simple fact in this connected age is that we as individuals, communities, businesses and government entities, continue to expand our use of communications technology to improve our lives. We must, at the same time, be keenly aware of the threats that exist in cyberspace and watch out for security breaches at several points of the process.
First, while Google can be commended for reacting swiftly when it found out, organisations that are in the business of selling and distributing software must also ensure that the apps are not malicious.
This is only possible through extensive testing of the applications during the application development phase. Next, the application developers must monitor their application framework and be wary of any anomalous behavior indicative of foul-play during application run time. Third, the users of any application must treat every piece of software with suspicion and react quickly and decisively if they feel their device or any software on it is not operating appropriately.
Finally, the organisations and networks that Internet devices are communicating on must be comprehensively monitored for peculiar activity that is different from previously seen patterns.
That we will see many incidents similar to what we’ve seen recently is certain - I hope that with the steps I outlined, such incidents can be prevented before they have the opportunity to cause significant harm.
Post by Aarij Khan