Businesses need to make sure all the smartphones under their control have at least a minimal form of encryption and can be remotely wiped or secured if the gadget is lost, security firm McAfee has warned.
The comments come as a new report from the company reveals there were 20 million new malware threats identified during 2010, and some of the most dangerous ones actively targeted mobile devices.
The report also comes days after the British government revealed that the Zeus Trojan, which is now known to have targeted mobile phones, had infiltrated some of its computer networks.
McAfee chief technology officer for Asia Pacific, Michael Sentonas, says businesses need to start securing their mobile phones as more malware is now being identified that specifically targets mobile operating systems – particularly on the Symbian platform.
“You need to look at the risk profile of your devices. First of all, identify what you are doing on that device? What are you actually using it for?”
“Then you can make a decision about adding security. The first thing I would recommend is that people look at securing the actual data on their device… but that doesn’t mean you have to have a next-generation security product on there.”
The McAfee Threats Report for the fourth quarter of 2010 found that 20 million new pieces of malware were found during the year, up by 46% from 2009 – this means 55% of all the malware McAfee has ever found was created in 2010.
But the threats to mobile devices are the real standout. McAfee says it has identified “growth in the number of threats” to mobile devices. These included the Zitmo and Geinimi threats, directed at the Symbian and Android operating systems.
McAfee also said it identified a reworking of an old Zeus botnet that was created to steal financial details.
“The creators of the Zeus botnet repurposed an old version of a commercial spyware package. Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.”
Sentonas says the botnet was written to steal mobile financial transaction numbers, and was “pretty much rehashed spyware technology”.
“But this is a scenario that made people stock and look at what was happening. It’s going to get to a situation where people decide they need to add protection to their phones because we’re seeing so much action in this space.”
McAfee said there were a number of new botnet platforms that arrived in the fourth quarter, and also pointed out that while malware is on the rise, the amount of spam being sent across the internet has actually flattened out.
Sentonas says the growth of mobile devices, particularly tablets and smartphones, means more threats will be tailored towards them – and that means businesses need to be prepared. He says if employees are using smartphones for work, the business needs to make sure those devices are protected.
“You need to make sure that you are using the inherent features of the device. Most smartphones come now with some sort of password identification, and you should configure that and make it strong. Few people actually leverage these features.”
“You also need to make sure that if the device is lost, the data that sits on that device is secure. That’s more important than anything else and is typically overlooked because it’s been so difficult.”
There are apps now for the iPhone and Android platforms that allow users to lock, locate and even wipe their smartphones if they are lost.
Sentonas says this is an issue all businesses need to be addressing, especially as the number of malware programs continues to grow.
“This year was massive for us, and we’re seeing an average of 55,000 new threats every day. It puts significant strain on the security model people are using, on whatever device they are using.”