Symantec warns of cyber attack threats on mobile devices

PHILIPPINE organizations should not let their guard down in ensuring the protection of data and information from mobile devices because cybercriminals are setting their sights on this growing trend, according to Symantec Corp.

“With the increasing mobile penetration in the Philippines, organizations need to be vigilant in protecting their confidential information on these devices as cybercriminals are latching on to this growing mobility trend and taking advantage of the ubiquity of smart mobile devices to gain access to sensitive corporate information,” said Ronnie Ng, Symantec senior manager for systems engineering, in a recent briefing on the Internet Security Threat Report (ISTR).

According to the latest ISTR, mobile vulnerabilities increased by 93 percent in 2011. At the same time, the report pointed out there was a rise in threats targeting the Android operating system. With the number of vulnerabilities in the mobile space rising and malware authors not only reinventing existing malware for mobile devices, but creating mobile-specific malware geared to the unique mobile opportunities, 2011 was the first year that mobile malware presented a tangible threat to businesses and consumers.

“Mobile devices are increasingly a target for cybercriminals, making these devices a viable platform for attackers to leverage in targeting sensitive data, especially if they are used to store corporate information,” said the report.

“These threats are designed for activities including data collection, the sending of content, and user tracking,” said the report.

Symantec said size doesn’t matter for cybercriminals are also targeting small organizations such as small to medium enterprises. The report said more than 50 percent of such attacks target organizations with fewer than 2,500 employees, and almost 18 percent target companies with fewer than 250 employees. The report said these organizations may be targeted because they are in the supply chain or partner ecosystem of a larger company and because they are less well-defended.

“Furthermore, 58 percent of attacks target non-execs, employees in roles such as human resources, public relations, and sales. Individuals in these jobs may not have direct access to information, but they can serve as a direct link into the company. They are also easy for attackers to identify online and are used to getting proactive inquiries and attachments from unknown sources,” said the report.

As tablets and smartphones continue to outsell personal computers, Symantec said more sensitive information will be available on mobile devices. The report said the practice of workers bringing their smartphones and tablets into the workplace may lead to an increase in data breaches as lost mobile devices present risks to information if not properly protected. Recent research by Symantec shows that 50 percent of lost phones will not be returned and 96 percent (including those returned) will experience data breach.

The report said targeted attacks are increasing, with the number of daily targeted attacks rising from 77 per day to 82 per day by the end of 2011. Targeted attacks use social engineering and customized malware to gain unauthorized access to sensitive information. These advanced attacks have traditionally focused on public sector and government; however, in 2011, targeted attacks diversified.

While the Philippines is ranked 39th among countries globally on Internet threat activities, organizations here should continue to take proactive initiatives to protect critical information from a variety of security risks today. Top growing trends that organizations in Philippines should watch out for in today’s threat landscape includes advanced targeted attacks, mobile threats, malware attacks and data breaches, said Luichi Robles, senior country manager at Symantec Philippines.

Kenedi Celik, Symantec director of strategic sales for Asia-Pacific and Japan, said, “Cybercriminals have greatly widened their reach beyond large enterprises, with nearly 20 percent of targeted attacks now directed at companies with fewer than 250 employees.

He said smaller companies are now being targeted as a stepping stone to a larger organization because they may be in the partner ecosystem and less well-defended. Targeted attacks are a risk for businesses of all sizes—no one is immune to these attacks. Therefore, having a comprehensive security policy and keeping up with industry-standard best practices would go a long way towards ensuring that organizations in the Philippines stay safe in the connected world.