Advertisment

Future Outlook of Cyber Crime & Security

author-image
PCQ Bureau
New Update


Advertisment



Mobile threats are here to stay, for the same reason that Willy Sutton robbed banks: that's where the money is. While the Java and Android platforms have most of the smartphone malware market to themselves as Symbian's share declines, spam and scam messages that target the user rather than the operating system, using social engineering rather than technical attacks, will continue to be all too successful. Still, mobile malware is an escalating problem on those two platforms. While the security industry is all too aware of the fact that Java is a happy hunting ground for all sorts of malicious activity, most people are unaware of how far it penetrates into their daily lives. According to Oracle, three billion devices are now running it. Of course, mobile devices are only a part of that picture — consider, for example, the recent exploitation of Java vulnerabilities by the Black Hole exploit pack —but a very significant part.

Advertisment

Java suffers (or rather Java users suffer —and who isn't a Java user somewhere along the line, knowingly or otherwise?) from the fragmentation of its implementations across platforms and devices. The problem is not only (or primarily) with exploits, but with inconsistent patching and updating. While major desktop OS and application providers can and do try to improve practice,

Certainly, Google has so far been reluctant to take responsibility for apps distributed through the Android market and do some proactive checking. It's a bit late to exercise the sort of iron control on distribution channels that Apple tries to implement as regards iOS devices, but Amazon can at least start checking apps and make it clear in its own PR which channels can be considered reasonably trustworthy. (At this moment, none that I'm aware). Of course, this will eat into its profit margins, but it needs to prove it cares about its customers' safety. “We'll remove anything malicious when tens of thousands of you have reported it” isn't really good enough when Apple have already set a much higher standard.

On the desktop, the most interesting malware is likely to be stuff we haven't seen yet or haven't specifically identified by sub-family. In fact, it isn't usually the malware that poses the problem in bits-and-bytes terms, once we're aware of it: it's the effectiveness of the support mechanisms that matters in the longer term (the botnet administration, the professionalism of the support and marketing network, the financial stuff, the accuracy of the targeting, and so on).n

Advertisment