16 million mobile devices infected by malware

Security threats to mobile and residential devices and attacks on communications networks rose in 2014, threatening personal and corporate privacy and information.

Alcatel-Lucent’s Motive Security Labs estimates 16 million mobile devices worldwide have been infected by malware – used by cybercriminals for corporate and personal espionage, information theft, Denial of Service attacks on businesses and governments, and banking and advertising scams.

The report also found that consumers who avoid shopping online out of fear their credit or debit card information may be stolen are actually exposing themselves to greater risk: a rash of retail cyber-security breaches in 2014 were all the result of malware infections on cash registers or point-of-sale terminals, not online stores. This is largely because stolen cards from online retailers are not as valuable to criminals because they can only be used for online purchases.

Malware infections in mobile devices increased 25% in 2014, compared to a 20% increase in 2013. Android devices have now caught up with Windows laptops, which had been the primary workhorse of cybercrime, with infection rates between Android and Windows devices split 50/50 in 2014.

While less than 1% of infections come from iPhone and Blackberry smartphones, new vulnerabilities emerged last year to show they are not immune to malware threats.

Malware growth continues to be aided by the fact that a vast majority of mobile device owners do not take proper device security precautions. A recent Motive Security Labs survey found that 65% of subscribers instead expect their service provider to protect both their mobile and home devices. Motive’s malware report concluded that infection rates in residential networks also rose significantly in 2014, with malware found in 13.6% of residences, an increase of 5% over the previous year.

Other report highlights include:

  • The mobile infection rate in 2014 is 0.68%. Based on this Alcatel-Lucent estimates that worldwide, about 16 million mobile devices are infected by malware.
  • Mobile malware is increasing in sophistication with more robust command and control protocols
  • Mobile spyware, used to spy on a phone’s owner, is also on the increase. It tracks the phone’s location, monitors ingoing and outgoing calls, text messages, e-mail and tracks web browsing.
  • The overall monthly infection rate in residential fixed broadband networks is just under 14%. This is up substantially from the 9% seen in 2013. This is mostly attributable to an increase in infections by moderate threat level adware.
  • High-level threats such as ‘bots’, ‘rootkits’, and ‘banking trojans’ remain steady at around 5%.

The report also noted in 2014 an increase in DDoS attacks using network infrastructure components such as home routers, DSL modems, cable modems, mobile WiFi hotspots, DNS servers and NTP servers.