Google’s Android operating system has long had security issues. But now a new report by Cisco puts those concerns in alarming context.
The networking giant says Google’s mobile platform has become, by a wide margin, the favorite target of those looking to spread malware that can damage or compromise the security of the device.
A whopping 99% of all mobile malware in 2013 targeted Android devices. The Cisco report also says Android users have the highest “encounter rate” (71%) with all forms of web-delivered malware. In second place was Apple’s iPhone at 14%.
It’s all about trust
Cisco’s report says there is a serious abuse of trust that that puts user’s computers and mobile devices at risk.
For example, malware is typically delivered to users legitimately browsing mainstream websites. Then there are the spam emails that appear to be sent by well-known companies, but in fact contain links to malicious sites.
On the mobile front there are third-party mobile apps laced with malware that users unsuspectingly download from popular online marketplaces.
(While apps in Google Play are not immune from security issues, analysts generally acknowledge Google has taken measures to better secure apps there and that third-party, non-Google online storefronts are the bigger risk).
Adding to the risk, many users download mobile apps without any thought to whether they’re safe or secure.
Mobile platforms look familiar to the bad guys
Cisco’s security experts say that the more smartphones, tablets, and other devices perform like traditional desktop and laptop computers (which is a clear trend), the easier it is to design malware for them.
(Securely managing tablets and apps in the enterprise will be the focus of a panel session at the Tablet Strategy conference coming to New York on May 6, 2014)
Crimeware as a service
“The cybercrime network is expanding, strengthening, and, increasingly, operating like any legitimate, sophisticated business network,” the report warned.
“Today’s cybercriminal hierarchy is like a pyramid. At the bottom are the nontechnical opportunists and “crimeware-as-a-service” users who want to make money, a statement, or both with their campaigns.
“In the middle are the resellers and infrastructure maintainers—the “middlemen.” At the top are the technical innovators—the major players who law enforcement seeks most, but struggles to find.”
Hope for a long term solution
Cisco concludes that better cybersecurity for all users can be achieved in the long term, but key issues remain including the implementation of effective privacy policies and robust network defenses that intelligently distribute the burden of security across the endpoints and the network.