3 Takeaways from Check Point’s Mobile Threat Research Report

Check Point is an international cyber security vendor that shares reports and white papers every so often. I took a look at their Mobile Threat Research Report, which alarmingly states:

MOBILE CYBERATTACKS IMPACT EVERY BUSINESS

in big capital letters, then tells us

EVERY ENTERPRISE HAS EXPERIENCED A MOBILE ATTACK. THEY JUST DON’T KNOW IT.

Obviously Check Point has a vested interest in raising the alarm, but I tried to look beyond that to see what useful information was in the report. Here are three things I learned.

1. Most of the malware spotted proved to be auto-dialers on the phones of government employees

It is not clear why government employees would be so prone to installing software which creates premium rate calls and text messages without the owner’s knowledge. Do governments have lax security policies? Do they never query their phone bills? Nevertheless, 43 percent of all the rogue dialing software identified was found on phones that are supposed to be used for government affairs.

2. Telcos are attacked less than other types of industry

Per Check Point’s data, 8 percent of mobile malware attacks were suffered by telcos. This compares to 29 percent for the financial sector, 26 percent for government and 18 percent for tech firms.

3. Three-quarters of all organizations had a jailbroken or rooted device on their network

It is more likely that malware will find a home in a jailbroken iOS device or a rooted Android device. Check Point also observed that the average was 35 jailbroken or rooted devices per organization. However, the value of this latter information was undermined because Check Point did not advise how many other devices were connected, so we have no way of telling if they size of the typical business covered by the research was large or small.

Conclusions

The report preferred to focus on scary headlines and offered little supporting detail. As such, it is difficult to validate the authors’ interpretation of the data they gathered.

The paucity of detail is illustrated by the report’s regional analysis, which divided the world into just three regions: the Americas, EMEA and APAC. I do not expect Nigerian fraudsters to be doing the same things as Dutch fraudsters, and nor would I expect the malware attacks commonly found in India to be the same as those which trouble the Japanese.

More geographical granularity would have helped to establish which issues are truly global, and which were specific to particular places and organizations. For example, the high propensity of auto-dialers amongst government employees might be caused by particular problems with the government of one large country, and this could have skewed the sample.

The report also suffered because there was very little analysis of data between categories. For example, the report would tell us that 44 percent of remote access trojans were found on phones used by employees of the financial sector, but not how many trojans there were compared to other categories of malware.

The report contains some alarming claims, but barely mentions how the evidence was gathered. You may want to use this report for quick attention-grabbing stats. However, if you were challenged to provide evidence or detail then the report will not help you.

The Check Point Mobile Threat Research Report can be obtained by registering for a copy here.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.   Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.   Commsrisk is edited by Eric. Look here for more about Eric's history as editor.