Isn’t Android malware just the most terrifying thing in the entire universe? Not really. But it’s still a problem in today’s smartphone space – especially if you’re unfortunate enough to be on the receiving end of an attack. But there is some good news, dear reader: the number of Android malware families decreased by almost half in 2013.
That’s what Symantec says with 57 families emerging in 2013, compared to 103 in the previous year. The number of vulnerabilities in mobile operating systems is falling too. Indeed, there was a decline of 69 per cent, with a total of 127 vulns reported last year. Most of those were for iOS, but there have been very few reported attacks on Apple’s platform.
Yet we shouldn’t be overly optimistic here. Malware families are specific strains of malicious software, which then have different kinds of variants. The figures from Symantec, whilst indicating that the average cyber criminal can’t be bothered to create entirely new pieces of evil software, also showed the number of variants per family had risen by 50 per cent, from 38 to 57.
This indicates attackers are focusing on improving current strains of malware, according to the security firm. “They keep twitching a little bit, obfuscating a little bit,” says Candid Wueest, from Symantec’s Security Response team. “They are making sure they infect as many phones as they can.”
Symantec also reports 38 percent of smartphone users have experienced “mobile cyber crime” in the past 12 months, which seems rather high, but that term covers rather a lot. It includes any kind of spam attack or any kind of data leak.
What does the Symantec data actually tell us then? Put simply: the mobile malware scene is still in its embryonic stage. The Android malware explosion is also something of a myth, but attackers are playing with different kinds of malicious code until they pick some favorites. The threat is simply evolving, as attackers figure out how to evade security software and make significant sums via people’s phones.
When I speak to security chiefs at organisations, they often say the biggest worry they have is still simple loss and theft of devices. That’s where the threat to the business is most severe, hence why the world goes a bit bananas when the NHS loses another USB with a load of information on.
If that’s the most worrying threat to businesses, then it’s likely what most consumers are concerned about. The same old advice applies here: use passcodes on your phone and fingerprint sensors where possible. And make sure you are able to lock and wipe your device where possible.
Many continue to flout such basic protections, however. The security company, whilst undoubtedly hoping to get people investing in its own mobile anti-virus systems, says half of consumers fail to take simple steps to secure their data. For instance, one in five share logins and passwords with families and friends. It’s time for users to wise up.