Today’s mobile malware vastly different from a decade ago: Fortinet

A decade may have passed since mobile malware showed up, but according to Fortinet Global security strategist, Derek Manky, the biggest shifts took place in the last two years.

Manky said mobile malware a decade ago was in its infancy and limited in what it could do.

“There was a limitation not from a threat landscape, but from the platforms it could run on,” he said.

Manky claims cybercriminals back then struggled to create mobile malware because they did not have necessary access to APIs.

Exploits in Symbian OS, as well as the popularity of Nokia handsets, enabled the mobile platform to be one of the larger targets for mobile malware.

Even then, the worst threat a mobile user could expect was battery drainers and premium SMS messages.

Manky said the introduction of smartphones in the late ‘00s is what really changed the threat landscape, particularly the introduction and popularity of the Android platform.

“The open source nature of Android made it easy for malware authors to do quick and dirty attacks,” he said.

In the period from 2010 to 2011, Manky said Fortinet registered an 8000 per cent increase in Android malware.

A growing threat

In 2013, Fortinet discovering more than 1300 new malicious applications per day.

The security vendor is currently keeping track of more than 300 malware families and over 500,000 malicious applications for Android alone.

While smartphone adoption has driven the BYOD movement, Manky said the trend itself is changing into Internet of Things.

“Devices are plugging into the network and can they potentially be malicious,” he said.

For any devices connecting to the network, Manky said it is important to inspect them see if a botnet, a piece of malware sending out stolen information from the network, is active.

“Any mobile device that is connecting through Wi-Fi access point in the organisation should take into consideration scanning for potential malicious activities in these devices,” he said.

“It’s really the same as a PC now, so businesses should have intrusion prevention to scan for the web sites attacking the mobile devices when they are connected to the network.”

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.