Page 58 - index
P. 58
personal information hacked on your smartphone. A recent CBS CSI Cyber episode is centered
around a cyber-criminal juice-jacking attack at an airport, exposing thousands of unsuspecting
travelers to identity theft.
But, juice-jacking is not limited to connecting to unknown charging locations. Personal and
corporate enterprise systems are just as likely to be both carriers of juice-jacking viruses as well
as victims. The Stuxnet virus that hobbled the Iranian nuclear weapons program in 2010 is a
great example of a targeted cyber-terrorism campaign which worked magnificently.
Cyber Terrorists Target Corporate Enterprises via Infected Mobile Devices
In the past couple of years identity thieves and hackers have become even more sophisticated,
shifting their attention to mobile devices. Malware applications originally developed for
Windows operating systems are rapidly being migrated to attack mobile platforms.
A February 2015 report from McAfee showed a 6x increase in mobile malware over a two year
period and found that 8% of all mobile devices are infected with 387 new threats every minute,
3
or more than 6 every second.” If you believe Cisco estimate of 4.9B mobile devices, then that is
astounding 392M infected devices in the world.
McAfee further reported accelerated mobile infection rates with 17% growth in just the last
4
quarter of 2014. Alcatel-Lucent’s Kindsight Security Labs report agrees with this staggering
increase in mobile malware, stating growth of 20% in 2013 and another 25% in 2014 and
5
growing quickly.
The same report showed a nearly identical percentage growth of infections on fixed networks.
The coincidence is interesting and illustrates how cyber criminals are targeting mobile devices
to ultimately attack networked systems within corporate enterprises.
To further substantiate the concern of USB devices being used to infiltrate enterprises, the
February 2015 McAfee report makes some very disturbing correlations on the recent Sony
Pictures Entertainment master boot record wiping attack by North Korea.
They state that “this vector of attack [Shellshock] will be the entry point into infrastructures from
consumer appliances” (connected devices like USB flash drives and smartphones) to corporate
6
enterprises, and they “expect to see a significant increase in non-Windows malware in 2015.”
Although Android and Windows systems are the most common malware targets - nearly equally
7
distributed at 50/50 - Apple iOS devices also have recently been targeted and infected by cyber
criminals.
The Wirelurker virus infected desktop and laptops by posing as a popular game app that used
USB ports to infect Apple mobile devices when connected to the infected machine. The mobile
3 McAfee Labs Threats Report, February 2015
4 McAfee Labs Threats Report, February 2015
5 Motive Security Labs malware report H2 2014, Alcatel-Lucent, 2014
6 McAfee Labs Threats Report, February 2015
7 Motive Security Labs malware report H2 2014, Alcatel-Lucent, 2014
58 Cyber Warnings E-Magazine – June 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
