Following the evolution of cybercrime, mobile security

I am ecstatic, and a bit nervous, to offer my first blog post to Computerworld.com readers interested in mobile security. When offered the opportunity, I jumped at the chance of writing commentary on what I see as the most fascinating segment of the security industry.

Mounting pressure

Everyday, the pressure grows on IT pros to protect corporate networks from possible threats hidden in the growing number of smartphones and tablets employees are carrying to work. Indeed, smartphone shipments exceeded those of PCs for the first time in 2011, and tablet sales are expected to surpass the entire PC market, desktops and laptops, by 2015.

Understandably, this smartphone and tablet tsunami is keeping security pros up at night. Mobile malware is a top concern among companies and the majority see the workplace trend of bringing your own device (BYOD) as a significant risk , according to IDC. At the same time, companies see the shift to BYOD as here to stay.

The sky isn't falling

Despite these troubling trends, there's time to fine tune the policies for device-toting employees to follow and to pull together the technology needed to protect corporate data. That's because -- and here's the fascinating part -- the crooks haven't figured everything out either.

Personal computers remain the bread and butter of cybercriminals. Creating PC malware for stealing credentials to online banking sites and corporate systems supports the high life much easier than trying to feed off mobile devices. So the vast majority of threats target PCs.

More than 90 percent of mobile malware is aimed at Google Android, the dominant platform, according to Juniper Networks' latest Mobile Threats Report. Developers of more than three quarters of that malware are trying to make money by sending SMS messages to premium rate numbers.

The majority of mobile malware today is distributed through online app stores other than the official Android store, Google Play. Many of these third-party stores with sketchy security are located in Asia and Russia. While cybercrooks can infect a few thousand smartphones from these stores, they don't come close to the infection rate of their colleagues on the PC side that build botnets of millions of compromised computers.

Following the money

But criminals are businesspeople and computing trends point to mobile devices as the best investment for future riches. Within the criminal underground, developers are hard at work building the tools they will need once smartphones and tablets take on bigger roles in e-commerce and business.

Last year, Microsoft researchers reported finding pharmacy and penny stock spam coming from a botnet of Android devices. In April, the world's largest spam botnet of PCs was found spewing Viagra ads and get-rich schemes to Android devices infected with the Stels Android Trojan.

Spam is more likely to annoy than to steal from the recipient's wallet, but the discovery shows criminals are developing the tools and partnerships needed to build a lucrative business around mobile devices. "It's an evolution of Android into more like Windows (malware) distribution methodologies," Sean Sullivan, security researcher for F-Secure, told me in April.

Following this shift in malware and other threats from PCs to mobile devices will be a focus of this blog. I will also look at technology for protecting devices, when vendors convince me they have something truly different.

My only request of readers is to voice your opinion in the comment section. If you agree with what I write, tell me. More importantly, slap me around verbally when you believe I got it wrong. I will do my best to respond to every comment.

By working together, this blog can be a valuable resource for you and for me.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies