Despite multiple layers of security, every device is highly vulnerable to cyber attacks. According to a study by Trend Micro, 95 pc of Android devices were affected by Stagefright in Q3 of this year.
Stagefright, which allows attackers to install malware on affected devices by distributing malicious Multimedia Messaging Service (MMS) messages, reportedly put 94.1% of Android devices (as of this July) at risk. Also a bug that could render Android phones silent and unable to make calls or send text messages.
Reports said more than 50% of Android devices (as of this July) were vulnerable to this flaw. Another critical Mediaserver vulnerability, which could cause devices to endlessly reboot and allow attackers to remotely run arbitrary code, was also found.
In response to the recent spate of Android vulnerability discoveries, Google announced regular security updates for the platform. However, it is yet to be seen as how the platform’s current state of fragmentation will affect this plan. Security patches may not be able make their way to all devices without the support of manufacturers and carriers, rendering them vulnerable to exploitation.
“Cyberspace has become more punitive. These were not isolated cases. As a result, enterprises must adjust their incident response plans to manage the advent of secondary stages of attack—whether those be secondary infections or the use of stolen data to target or extort their user communities. Intrusion suppression will become the goal of incident response as it is imperative that the dwell time of an adversary be limited. We must disrupt the capacity of an adversary to maintain a footprint on hosts, and thus inhibit their ability to conduct secondary infections. Virtual shielding, integration of breach detections systems with SEIMs, and file integrity monitoring will be key instruments in mitigating the punitive attacks of 2016,” said Tom Kellermann, Chief Cybersecurity Officer.
Android’s Mediaserver component, which handles media-related tasks, recently became and is likely to remain an active attack target.
The report stated there could be more of these chain reaction-type attacks. Bigger and better-secured organizations may experience breaches of their own if ever attackers successfully manage to leech off data from their smaller, less-secure partners. Consumers may also find their personal information at risk if companies continue to get breached due to this lateral progression of attacks.
iOS not immune to attacks
The discovery of Mediaserver vulnerabilities in Android highlighted the need for a more integrated set of security strategies across Google, manufacturers, and carriers. Modified versions of app-creation tools like Xcode and Unity also dispelled the notion that Apple’s walled garden approach to security can spare iOS from attacks. Attackers continued to take advantage of gaps in security to trail their sights on mobile device users, regardless of platform, thus furthering the already-exponential growth of mobile malware.
“Apple’s increasing phone market share is tempting attackers to exert more effort to exploit iOS apps. Apple’s strict security policies on posting iOS apps are, however, pushing them to come up with cleverer tricks like infection via development tools and libraries to get the job done. We’re bound to see more “Ghost-like” threats in the future. Attackers may also opt to abuse certificates and application programming interfaces (APIs) to distribute iOS malware. In response, Apple needs to constantly tighten its app-posting policies,” said Ju Zhu, Mobile Threat Researcher.
SMBs most affected
Small and medium-sized businesses were heavily affected in the third quarter of 2015, as PoS (point-of-sale) malware attacks were launched using methods that affect a large number of potential targets wholesale in the hopes of hitting one or two truly-desired targets.
“PoS malware targeting SMBs is nothing new, and in fact we have been talking about this for a while now. What is new is that cybercriminals have gone from targeted attacks to traditional mass infection techniques such as spam, botnets, and exploit kits. What remains unchanged is this malware poses to the ordinary individual making credit card payments. A wider net is a risky strategy because the malware will be quickly detected and neutralized, but almost certain to find new victims. Perhaps when a new victim is found and data successfully extracted, the cybercriminals will do a more targeted campaign against that victim,” said Numaan Huq, Senior Threat Researcher.