July 16, 2009
By Natalie Apostolou & Robert Clark
telecomasia.net
High-end smartphones and unaware users are becoming the next target for cybercriminals, Cisco and F-Secure have warned.
In its latest cybersecurity report, Cisco says the mobile sector is emerging as a “new frontier for fraud irresistible to criminals,” F-Secure spotted another Symbian worm and cautioned that such attacks are “becoming more and more popular.”
Cisco claims that text message scams have escalated in frequency since the start of 2009, with at least two or three new campaigns surfacing each week and warn that with 4.1 billion mobile phone subscriptions worldwide, “a criminal may cast an extraordinarily wide net and still walk away with a nice profit, even if the attack yields only a small fraction of victims.”
The Symbian worm is a classic example, distributing itself through a modified version of a legitimate app from the vendor “Play Boy”, F-Secure says.
"The worm uses the pornographic subject to social engineer a person into installing a malware on their phone,” said Chia Wing Fei, a senior security response manager for F-Secure. It opens an HTTP connection and when the app is executed it sends hundreds of messages to a web site where a copy of the worm can be found
“Even if you are running the latest phone you can get infected by malware,” Chia said.
The phone is a tempting target because users are storing more and information on the device. Cybercriminals “understand the value of this. It’s just a matter of time before they start to target it.”
Most of the malware today is being written for Symbian-powered phones because they dominate the market. Windows Mobile did not have such a large user base, but because they used the same code as Windows XP it was easy for criminals to target them.
Increasingly, the attacks are financially-driven. Some have hidden commands linked to a billing mechanism triggered when a user clicks on a link, he said. In-game purchasing, which is a feature of the iPhone 3GS, was a new financial incentive.
The Cisco 2009 Midyear Security Report also raises the alarm on disgruntled ex-employees affected by the recession.
“Insider threats are an increasing concern for businesses in the months ahead. Insiders who commit fraud can be contractors or other third parties as well as current and former employees,” said Patrick Peterson, Cisco fellow and chief security researcher
Digital fraudsters had evolved into highly sophisticated criminals.
“What is striking in our latest findings is how, in addition to using their technical skills to cast a wide net and avoid detection, these criminals are also demonstrating some strong business acumen.
“They are collaborating with each other, preying on individuals' greatest fears and interests, and increasingly making use of legitimate Internet tools like search engines and the software-as-a-service mode,” Peterson said.
No comments:
Post a Comment