Report: Malware infections spiking on mobile devices

Security threats to mobile devices is spiking as malicious software infections increased 17 percent in the first half of this year, which is nearly double the rate of 2013, according to new Alcatel-Lucent Kindsight Security Lab data.

A report by the organization reveals an estimated 15 million mobile devices are infected with malware, compared to 11.3 million at the end of 2013, and the majority (60 percent) are Android OS devices. The infection rate in the first six months was 0.65 compared to 0.55 at the end of last year.

"Android smartphones are the easiest malware target, but Windows laptops are still the favorite of hard core professional cybercriminals," Kevin McNamee, security architect and director of Alcatel-Lucent's Kindsight Security Labs, said in an announcement. "The quality and sophistication of most Android malware is still behind the more mature Windows PC varieties. Android malware makes no serious effort to conceal itself and relies on unsuspecting people to install an infected app."

The news doesn't bode well for the healthcare segment as mobile devices are gaining greater traction by care providers and patients, and security protection for sensitive and confidential data is already a big concern. A new Forrester report notes that just 59 percent of mHealth device users are using full-disk encryption or file-level encryption on mHealth computing devices used at work. An earlier IDG Connect research report declared the global healthcare industry is not keeping pace with mobile device security and unauthorized device use and data leaks are top worries, beating out potential phishing and targeted attacks.

Healthcare data stored on mHealth devices is a lucrative target for hackers and malware writers. A single health record is worth $20, and a patient dossier goes for $500 on the black hacker market, according to a Forrester analyst cited in a Wall Street Journal report.

According to the Kindsight report, 40 percent of the malware is coming from Windows laptops connected to a phone or connected directly through a mobile USB stick or MIFI hub. Infections on iPhone and BlackBerry devices accounted for less than 1 percent.

Most malware is being acquired through Trojan apps downloaded from third-party app stores or phishing scams, according to Kindsight.

"The best defense against infection is network-based malware detection," McNamee adds. "People frequently don't take appropriate security precautions for their devices, and even when they do a malicious app can easily evade detection by device-based anti-virus. Network based anti-virus embedded on an operator's network cannot be disabled by cybercriminals, is always on and up to date."

For more information:
- read the report (.pdf)
- read the announcement

Related Articles:
Weak mobile device security bodes big risk for hospitals
BYOD trend in healthcare requires providers to shore up security
Mobile app privacy practices scarce, lack transparency