DOROS HADJIZENONOS, Country Manager of Check Point South Africa, explores why mobile ransomware has become the biggest mobile security threat, and how users can guard against it.
Imitation is a quick way to learn, which is why mobile malware is evolving so rapidly – it frequently imitates attack behaviours and trends that were first trialled and proven to work in the PC world. Mobile ransomware is following this path, with the aim of replicating the success that PC-based ransomware has had in extorting money from individuals and organisations. So it’s no surprise that the number of mobile ransomware variants detected in Q1 2016 grew 45% compared with Q4 2015.
Like its cousins that target PCs, mobile ransomware has become more complex and malicious in the way it works, too. The first mobile ransomware types were ‘screen blockers’, which displayed prominent alerts and made normal interaction with the screen impossible – similar to lock-screen PC ransomware. First seen in 2013, the malware posed as anti-virus software and informed victims their device was infected, demanding they purchased a full version of the software to ‘disinfect’ the device and make it usable again.
In 2014 the first mobile ransomware which encrypts files was detected, again following the success of Windows cryptolocker-style malware. The most recent mobile ransomware type is the Pin locker, which emerged in 2015. One example, called PornDroid, pretends to be a porn player, and tricks the user into granting it Admin privileges. Once it has these, the malware changes users’ Pin codes, locking them out of their devices and displaying a ransom message. We conducted a detailed investigation into how this type of ransomware worked, and we found one variant had infected tens of thousands of devices, with some victims paying $200 to $500 to unlock their data and regain control of the device.
The device divide
While mobile ransomware currently targets Android devices almost exclusively – largely because iOS devices need to be jailbroken in order to download apps from sources other than Apple’s App Store, making them harder to infect – there has been a case in which iOS users were extorted. In 2015, attackers exploited stolen credentials to log into users’ iCloud accounts and remotely locked their devices, and demand ransoms to release them. And in March 2016, the first ransomware targeting Apple Macs, KeRanger, was discovered, so we should expect to see ransomware targeting iOS devices soon.
Check your privilege
Currently, mobile ransomware focuses on locking users out of the device, because the mobile operating systems do not allow malware to access all the device’s areas of memory or storage. However, the privilege escalation exploits referenced earlier point clearly to the next step in ransomware evolution, using techniques to gain ‘root’ privileges on the device which effectively give the criminal complete control of the infected phone or tablet.
Most methods for rooting the device rely on exploiting vulnerabilities either in the OS, the hardware, or individual applications. Unfortunately, these vulnerabilities are widespread: over the past 6 months, over half of Android patches released by Google are for securing devices against privilege escalation exploits – so we can expect to see more ransomware targeting these flaws to gain elevated privileges over the next year.
How can I protect my devices?
The most fundamental principle of mobile device security is never to root or jailbreak your phone – in other words, to avoid deliberate privilege escalations that could then leave you open to malicious ones that may harbour ransomware. A robust security solution should also be applied. Enterprises should select a mobile device management (MDM) solution – but all MDMs are not equal. Some are able to identify when a phone has been deliberately rooted by a user, but not when it has been rooted by malware – and some more advanced malware can disguise itself against such inspection.
A more effective approach is to quarantine and inspect any suspicious apps or attachments in the cloud, before downloading them to the device. This blocks the main vector for privilege escalation, which is from rogue apps.
The mobile threat prevention solution should use a number of components working together to respond to the most common mobile attack vectors. Devices must be continually analyzed to uncover system vulnerabilities and unusual behaviour. Monitoring configuration and behaviour analysis can help identify root access attempts as outlined above. And any downloaded apps must be inspected for the unique binary signatures for known malware; they should also be captured and reverse-engineered for code-flow analysis to expose suspicious behaviour.
And don’t overlook simple steps such as regularly backing-up data on your device so that if the worst does happen, you can recover your files without having to pay.
Help! I’ve already been infected
Unfortunately, there may be little you can do, which is why it’s important to perform regular backups of the data stored on your mobile device. You should certainly avoid paying any ransom, and take your device to a mobile security specialist rather than attempting to decrypt it yourself. But ultimately, when it comes to mobile ransomware, prevention is by far the best protection.
SA consumers buy 3.2m smartphones in Q1
Smartphone sales in South Africa grew by 12.4% year-on-year in the first quarter of 2018, reaching around 3.2 million units for the period.
However, the value of the smartphone segment increased by 22.8% as sales of entry-level devices to low- and mid-income consumers continued to drive the market, according to point of sale data from market research firm, GfK South Africa.
GfK South Africa’s data reveals that telecommunications retail enjoyed a strong start to the year, with revenue growing 22.4% year-on-year. The growing popularity of phablets and higher unit prices (as a result of a weaker rand) helped to drive this increase in revenue, against a backdrop of low or negative growth in many segments of the consumer technology market.
“The mobile device market showed good growth in the quarter, despite rising prices during the period under review,” says Norman Muzhona, Solutions Specialist for Telecommunications at GfK South Africa. “In addition to the exchange rate, the introduction of popular, new mid-tier devices by several leading vendors helped to drive higher retail revenues in the telecoms market.”
Information technology retail revenues for the quarter contracted 4.8% compared to 2017, largely because of decreasing monitor prices and a 38.9% decline in tablet revenues. However, desktop computer revenues grew 39% and mobile computing revenues grew 6.5% year-on-year, thanks to higher prices and increased sales of higher-end products.
Says Berno Mare, Solutions Specialist for IT, Office Equipment and Value Added Services: “Retailers introduced new computing devices priced in the R3000 band during the quarter and enjoyed surprisingly strong demand for these entry-level units.
“Telcos enjoyed robust growth in mobile computing retail sales, thanks to credit deals, subsidised contracts and attractive data offers. However, South African consumers are heavily indebted, which may dampen growth for the rest of the year.”
With consumers rapidly migrating to smartphones, sales of traditional mobile phones continued to decline, down 1.6% year-on-year to around 2 million for the quarter. However, the exchange rate and the introduction of higher-priced brands helped to drive a 8.9% year-on-year revenue increase in mobile phone revenues during the period under review.
This follows the 21% drop in mobile phone unit sales in the first quarter of 2016 compared to the same period in 2015. “Operators continue to lead the transition from feature phones to smartphones as they pursue higher data revenues,” says Muzhona. “The entry-level market for smartphones is fiercely competitive, and the minimum specs of lower cost smartphones is improving all the time.”
GfK South Africa expects the migration from mobile phones to smartphones to accelerate in 2018. However, it remains to be seen if the introduction of 4G-enabled, Voice-over-LTE-ready feature phones will have any impact on the South African mobile phone market.
Sectors of the consumer electronic market that showed strong growth for the first quarter of 2018 include loudspeakers—revenues up 21.6% year-on-year, thanks to demand of Bluetooth-enabled product—and ultrahigh definition (UHD) panel TVs—where revenues grew 33%, thanks to the growing affordability of the technology. UHD unit shipments were up 76%, while the average selling price of the products fell 24%.
Other market highlights for the first quarter of 2018 include:
- Photo category revenues were up 8.1% year-on-year.
- Small domestic appliance revenues grew 8%, following a 10.3% decline in Q1 2016 over Q1 2015. Hot air fryers sold well, as did kettles and toasters.
- Major domestic appliances showed small year-on-year growth over Q1 2016, despite a decline in average selling price in many sub-categories of this market. Cooling products continued to make the highest contribution to growth in this segment.
- Office Equipment revenues declined 18% year-on-year, led downwards by lower printer and cartridge sales volumes.
What kids want online
Kaspersky Lab’s latest report on the online activities of children – based on statistics received from its solutions and modules with child protection features – highlights children’s online activities and the importance of protecting them when online. For example, video content globally, comprised 17% of searches over the last months. Although many videos watched as a result of these searches may be harmless, it is still possible for children to accidentally end up watching videos that contain inappropriate content.
The report shows anonymised statistics from Kaspersky Lab’s flagship consumer solutions for Windows PCs and Macs that have the Parental Control module switched on and from Kaspersky Safe Kids, a standalone service for Windows, Mac, iOS and Android devices.
In South Africa, communication sites (such as social media, messengers, or emails) were the most popular pages visited by computers with parental controls switched on – with users in South Africa visiting these sites in 69% of cases over the previous 12 months. Software, audio, and video accounted for 17% of searches. Websites with this content have become significantly more popular since last year, when it was only the fifth most popular category globally at 6%. The top four is rounded off with electronic commerce (4.2%) and alcohol, tobacco, and websites about narcotics (3.9%), which is a new addition compared to this time last year.
The report presents search results on the ten most-popular languages* for the last 6 months. The data shows that the video & audio category – including requests related to any video content, streaming services, video bloggers, series and movies – are the most regularly ‘googled’ by children (17% of the total requests). The second and third places go to translation (14%) and communication (10%) websites respectively. Interestingly, games websites sit in fourth place, generating only 9% of the total search requests.
We can also see a clear language difference for search requests: for example, video and music websites are typically searched for in English, which can be explained by the fact that the majority of movies, TV series and musical groups have English names. Spanish-speaking kids carry out more requests for translation sites, while communication services are mostly searched for in Russian.
More than any other nationality, Chinese-speaking children look for education services, while French-speaking kids are more interested in sport and games websites. In turn, German-speaking requests dominate in the “shopping” category. The leading number of search requests for porn are in Arabic, and for anime are in Japanese.
“Kids in different countries have different interests and online behaviors, but what links them all is their need to be protected online from potentially harmful content. Children looking for animated content could accidentally open a porn video. Or they could start searching for innocent videos and unintentionally end up on websites containing violent content, both of which could have a long-term impact on their impressionable and vulnerable minds,” says Anna Larkina, Web-content Analysis Expert at Kaspersky Lab.
As well as analysing searches, the report also looks into which websites children visit or attempt to visit that contain potentially harmful content which falls under one of the 14 preset categories** for the last 12 months.
The mobile trend is again highlighted in the figures for computer games, which are now in fifth place locally on the list at 3%. As kids continue to show a preference for mobile games rather than computer games, this category will only continue to decrease in popularity on computers over the coming months and years.
“No matter what they are doing online, it is important for parents not to leave their children’s digital activities unattended, because there’s a big difference between care and obtrusiveness. While it is important to trust your children and educate them about how to behave safely online, even your good advice cannot protect them from something unexpectedly showing up on the screen. That’s why advanced security solutions are key to ensuring children have positive online experiences, rather than harmful ones,” adds Anna Larkina.
The Kaspersky Total Security and Kaspersky Internet Security consumer solutions include a Parental Control module to help adults protect their children against online threats and block sites or apps containing inappropriate content. In turn, the Kaspersky Safe Kids solution allows parents to monitor what their children do, see or search for online across all devices, including mobile devices, and offers useful advice on how to help children behave safely online.