Mobile Threat Report: 391% Increase in Malicious Apps

Posted on April 09, 2015

Pulse 2014 Mobile Threat Report Android vs iOS Market Share GraphicA new report released yesterday by the Pulse Secure Mobile Threat Center analyzed threats to the enterprise during 2014 from mobile devices. The report, available for download here, found nearly a million (931,620) unique malicious applications during 2014 ? a 391% increase over 2013.

Additionally, in the report, Pulse says that it found a significant growth in Android malware, which currently consists of 97% of all mobile malware developed. In 2014 alone, there were 1,268 known families of Android malware, which is an increase of 464 from 2013 and 1,030 from 2012. But iOS devices weren?t immune either, the report says, with four major malicious attacks which Pulse Secure sees as a kind of rallying point for malware developers to attack Apple devices in the future.

Jared Hansen, CEO and founder of secure mobile printing leader Breezy, wasn?t surprised at the number of malicious apps identified in the report, nor with the fact that most of the identified malicious applications were written for Android devices. ?Let?s face it, thieves and criminals want to steal from the biggest possible pool of victim ? and that means Android users.? IDC reports that Android currently owns 85% of the world smartphone market with more than 255 million Android units being shipped in Q2 2014.

There were several surprising facts in the report, however, including:

  • The high level of resistance from mobile device users to mobile device management (MDM) or enterprise mobile management (EMM) tools that indiscriminately wipe personal data as well as corporate data in the event an employee leaves a job, or the device is lost or stolen. Pulse says that this ?ongoing battle? between device owners and enterprise IT means that enterprises should expect to see a shift from trying to manage and secure an entire mobile device via MDM to one of employing workspaces to secure only portions of the device that access and store corporate data.
  • The ability to take profit from an end user with SMS premium services or ad networks was a capability of each of the top 10 malware threats identified in 2014.
  • Google?s official Android Play store is nearly free of malicious apps -- the overwhelming majority of Android malware is being developed and distributed in unregulated third party app stores in the Middle East and Asia.
  • One of the fastest growing areas of Android malware is pirated, legitimate apps that are infected with malicious code ? so users think they?re downloading a ?free? version of a well-known, safe app, but are instead targeted by the malware developers.

Troy Vernon, who authored the mobile security report for the Pulse Secure Mobile Threat Center, said, "Enterprise networks, while continually hardened at the perimeter, need to apply similar mobile security controls to appropriately deal with the ever increasing BYOD push coming from employees. The focus on Android and jailbroken iOS devices by mobile malware developers illustrates that they are actively attempting to exploit mobile devices as the weak link in enterprise security."

The report included a table showing that Trojan horse and adware were the largest category of Android malware infecting mobile devices last year, but there are a number of categories of concern to IT.

2014_Malware_Categories_Chart_from_Mobile_Threat_Report

Hansen adds that perhaps the biggest surprise in the new report was that only 33% of malware targeting mobile devices were actually identified within 49 days of the time the malware was created and released. ?To me, it highlighted again the value of on-device encryption to stop the unauthorized movement of valuable company data to third parties. This report talks about the threat to the enterprise from data loss, and even data being held for ransom, as well as the danger to individuals from the leakage of their personal information. On-device encryption protects data, since even if a hacker gets access to the data, it is meaningless without the decryption key.?

Breezy offers device and operating system agnostic secure mobile printing with on-device encryption for smartphones and tablets running Android and iOS operating systems. Breezy?s secure mobile printing technology is fully integrated with leading EMM providers like AirWatch, Citrix, Good Technology, IBM (Fiberlink?s MaaS360), MobileIron and many others, and can add an extra layer of protection to the mobile devices that connect to your network or store your data. For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.