MWC - Malware World Congress?

To coincide with Mobile World Congress, on Tuesday Kaspersky published its 2016 report on mobile malware attacks. The results are alarming. The number of malicious installations hit more than 8.5m – that is a 300% increase from the level seen in 2015. 

So called Trojan apps are spreading at an eye-watering rate, particularly on Android. These applications are uploaded unwittingly and mask their true purpose, which is typically to exploit a security vulnerability in a specific app. The more benign Trojans insert advertising applications or trackers but much more insidious is capturing users’ credentials, often from banking or payments apps. By far the most rapidly growing type of Trojan is ransomware, which grew 650% during 2016. These still only represent 4% of all malware installations but look likely to become mainstream. Kaspersky Lab detected 261,214 mobile ransomware Trojans during the year. These applications will lock the device until a ransom of approximately $100 to $200 is paid by the user.

Kaspersky also highlighted Trojans designed specifically for Internet of Things (IoT) devices. An "attack-the-router" Trojan Switcher was found to be targeting the Wi-Fi network that an infected device is connected to. "If the Trojan manages to guess the password to the router, it changes the DNS settings, implementing a DNS-hijacking attack," the report stated.

The problem of malware is primarily caused by users not updating their mobile operating system in a timely fashion as new vulnerabilities are discovered and patches are released. However, this is out of the control of app owners. So what can app owners and IoT managers do to mitigate the risks? One obvious step is to ensure their app is penetration tested for vulnerabilities but that only provides a partial solution.

Omlis has developed the world’s first integrated mobile and IoT authentication and encryption platform designed to prevent application malware compromises. The system, OASIS, has some major advantages over other products: one of them is that it can identify any attempt by malicious code to compromise its function. Put simply, OASIS prevents any malware from compromising the security of an OASIS enabled app. Depending on the app owner’s policies, the moment the malware operates, OASIS will simply lock down, preventing any loss.

This is just one of many innovations in what we call Authenticated Security that Omlis will be launching soon.

To find out more, drop me a line: [email protected]