Skyrocketing Android ransomware has quadrupled over past year, says new report

Image: iStockphoto/Alex_Schmidt

It’s been a tough week for Android security. First, one of the biggest mobile trojans ever was found to be running on 1.2 million Android devices, and now the number of Android ransomware cases are growing tremendously.

A new Kaspersky Lab study claims that incidents of ransomware on Android devices have “skyrocketed” over the past year, with the total number of incidents quadrupling from March 2015 to March 2016.

Ransomware, a type of malware that imposes restrictions on a target device until a sum of money is paid as a ransom to remove, is largely touted as an issue primarily affecting PC users. But, if the study’s results are accurate, it could point to a growing trend of ransomware among mobile users as well.

SEE: 1.2 million infected: Android malware ‘Hummer’ could be biggest trojan ever (TechRepublic)

According to Kaspersky, which provides security solutions and anti-virus tools, the company protected 35,413 users from mobile ransomware from April 2014 to March 2015. By March 2016, however, that number had increased to 136,532 users. Ransomware as a total proportion of malware attacks also increased in the same time period from 2.04% to 4.63%.

In terms of which countries experienced the most ransomware as portion of their overall malware incidents, the top 10 were:

  1. Germany – 22.90%
  2. Canada – 19.61%
  3. United Kingdom – 16.13%
  4. United States – 15.64%
  5. Kazakhstan – 14.42%
  6. Italy – 12.54%
  7. Netherlands – 12.30%
  8. Spain – 5.27%
  9. Russian Federation – 4.91%
  10. Ukraine – 4.63%

More about IT Security

Survey: Declaring cyberwar on cybersecurity threats

Cybersecurity is a key issue, with digital forensics teams arming organizations against the threat of data breaches and network security. Take our survey and get a free copy of the research report.

Why these countries were targeted the most is hard to say, but the report did mention that “mobile and e-payment infrastructure is much more developed and has deeper penetration than in countries that are at the bottom of the list or not on it at all.” So, they’re likely going after the users who can most easily transfer money for ransom, often with a few taps or clicks.

Kaspersky noted that the growth trend still pales in comparison to that experienced in the PC market, but they said it’s enough to “confirm a worrying trend.” The top two threats were ransomware known as Fusob (56.25%) and Small (37.23%).

So, why is ransomware exploding? First, it’s because users are more willing to pay. “It seems that in recent years regular users and companies have reached the point where the information stored on their PC is valuable enough to consider paying a ransom on demand,” the report said.

Other factors that play into the rise of ransomware are the growth of cryptocurrencies and the difficulty for law enforcement to respond to attacks. For more information on the finding, read the full report here.

The 3 big takeaways for TechRepublic readers

  1. A Kaspersky Lab study claims that mobile ransomware on Android devices has grown by almost 400% over the past year, leading to a “worrying trend.”
  2. Germany, Canada, and the UK experienced the most ransomware as a portion of their malware attacks, likely due to stronger mobile and e-payment infrastructure.
  3. Ransomware is growing overall because users are more likely to pay the ransom, and because it is harder to track.

Also see

Inside the global terror watchlist that secretly shadows millions


Thomson Reuters building in Times Square, New York. (Image: file photo)

There is a private intelligence database, packed full of personal details of millions of “heightened-risk” individuals, which is secretly having a devastating effect on those who are on it. Most have no idea they’re under the watchful gaze of some of the world’s largest and most powerful organizations, governments, and intelligence agencies.

But for its worth and value, it wasn’t nearly kept secure enough.

A copy of the database, dating back to mid-2014, was found on an unsecured server hosted by a London-based compliance company, which specializes in “know your customer” profiling and anti-money laundering services.

Chris Vickery, a security researcher at MacKeeper, who found the database, told me that it was stored on a server configured for public access.

This influential yet entirely unregulated database called World-Check lists over 2.2 million corporations, charities, and individuals — some notable, like politicians and senior government officials — which might be connected to illegal activities, like sanctions, violations or financial mismanagement.

Some have been pinned under the database’s “terrorism” category, or are thought to be connected to financing violence.

This data could affect a person’s ability to be lent money by a bank, their employment opportunities, and even influence the people who do business with them — simply based on a designation.

Word of the database first widely emerged earlier this year when Vice News disclosed the existence of the project. It said the database was “secretly wielding power over the lives of millions” who are said to have “hidden risk,” such as those who are violating sanctions or have laundered money or a connection to criminals — which has been linked to account closures and bank blacklisting. As the news site pointed out, simply being a high-profile individual can label someone at risk of bribery.

The report said the database now has over 2.7 million entries — including over 93,000 records relating to those associated with terrorism.

No wonder it’s popular with law enforcement agencies and government departments, which subscribe to the database in an effort to uncover potentially improper conduct. Most of the world’s largest banks and law firms, and over 300 government and intelligence agencies are subscribers, according to a 2015 sales document from its owner, information and finance giant Thomson Reuters, which in 2011 bought the company for $530 million .

Because of the sensitivity of the data, access is limited to a few thousand customers, which have been carefully vetted and are bound by secrecy and non-disclosure agreements.

Vickery reported the leak to Thomson Reuters, but he still went public in an effort to spark a debate on whether these profiling databases are being run appropriately.

“If governments and banks are going to alter lives based upon information in a database like this, then there needs to be some sort of oversight,” he said in an email.

The problem is, there isn’t.

Vickery shared access to the database with ZDNet.

Each profile lists a person’s potential risks such as “narcotics” or “terrorism,” “organized crime,” or “politically exposed person.” Given the list’s potential power to alter a person’s opportunities, many would not approve of their name being on it.

Take one example. Maajid Nawaz ran for the British parliament as a Liberal Democrat in the last election, as profiled by Vice. He is a former member of the radical Islamic group Hizb ut-Tahrir, which calls for its own Islamic state. He was detained in Egypt for five years, but is best known for his publicized and well-documented transition away from radical views. He later set up a think-tank dedicated to challenging the extremist narrative, and advised former prime ministers from Tony Blair onwards on Islamic extremism. And yet, after looking up his profile on the World-Check database, created in 2002, it’s still maintained with a “terrorism” tag and updated as recently as August 2013, despite “no further information recorded,” let alone any connection to extremists or terrorists.

(Screenshot: ZDNet)

He called the database “archaic,” and said that the inclusion of his name has had a “material impact” on his life.

It’s not just individuals who are designated as affiliates with terrorism, despite equally publicly available data to suggest the contrary.

A BBC investigation last year showed the process behind banking giant HSBC’s bid to shut down accounts associated with several prominent British Muslims. A mosque in North London was given a “terrorism” label, despite new management that was installed more than a decade ago.

Other names in the database include diplomats and ambassadors, and senior ranking officials associated with global financial institutes, such as the World Bank, as was previously reported.

Based on how profiles are built, potentially anyone with an internet footprint could be included.

Much of the data comes from law enforcement sources, political information, articles, blog posts, and social media, among other sources. From the records we looked at, the data would often contain names, locations, and dates of birth and details of education. but also in some cases social security numbers, and citizenship and passport numbers were included.

The profiles themselves often have little or no justification for the entry. From our searches, we found high ranking global government officials who were named in the files yet there was no visible or clear justification for why they were there. In most cases there were just a handful of external links to publicly available documents, like speeches, election results or pages linking to official government websites for justification of their presence.

Many of the “reports” list a person’s risk as “to be determined,” suggesting there were no improprieties, illegal activities, or even an apparent reason for a profile, except for their status as a public figure.

The database we examined is two years old, and the records may have changed since, however.

A spokesperson for Thomson Reuters didn’t specifically respond to a question in relation to how profiles are built, vetted, or designated, but pointed me to the World Check privacy policy, which reiterates its effort to get data based on information in the public domain.

This entire market of “know your customer” and profiling remains unregulated and ungoverned — despite being used by some of the most powerful countries and organizations today. This industry is growing at a rapid rate — some say by over $30 billion by the start of the next decade. Even though the service has to stand up to strict European and UK data protection rules, a lack of public scrutiny and accountability makes that task almost impossible.

Those who are named in the database have little or no recourse to have their data fixed, corrected, or removed.

In Nawaz’s case, Thomson Reuters reportedly removed his profile earlier this year. But given that the contents of the database are shrouded in secrecy, not everyone will have the same luck, let alone know they’re on a database in the first place.

How to set up Authy on multiple devices for more convenient two-factor authentication

Image: Jack Wallen

Two-factor authentication is a must—if you’re not using it, you should immediately. If you’re already using two-factor authentication, you’re probably working with one of the few outstanding tools that make this extra layer of security possible.

One such tool is Authy, which generates 2-step verification tokens on your device for the likes of Google, Amazon, SSH, Facebook, Dropbox, and more. In other words, it’ll do the same thing as Google Authenticator, but Authy has a trick up its sleeve Authenticator can’t match.

With Authy, you can add a second device to your account. That’s right, with an Authy account, you have multiple devices to hand out those verification tokens. This can come in very handy when you bounce between smartphone and tablet, or personal and company device. When you don’t want to have to carry two devices around, it’s good to know you can add both to Authy. Here’s how.

SEE: MDM for Android devices: What your business needs to know (ZDNet)

First things first

I assume you already have one device set up and registered with Authy, and all of your two-factor-enabled accounts configured and working on the app; we’ll call that your Primary Device. You’ll need to have the phone number for the Primary Device at the ready.

Installing Authy

More about IT Security

Survey: Declaring cyberwar on cybersecurity threats

Cybersecurity is a key issue, with digital forensics teams arming organizations against the threat of data breaches and network security. Take our survey and get a free copy of the research report.

Let’s install Authy on the Secondary Device.

  1. Open Google Play Store on the Secondary Device.
  2. Search for authy.
  3. Locate and tap the entry by Authy Inc.
  4. Tap Install.
  5. Read the permissions listing (if applicable).
  6. Tap Accept.
  7. Allow the installation to complete.

You’ll find the Authy launcher on your home screen, or in your App Drawer, or in both spots. Tap the Authy icon to launch the app.

Connecting the Secondary Device

When you first run Authy, you’ll be prompted to enter a phone number (Figure A). You must enter the phone number of the Primary Device on the Secondary Device.

Figure A

Figure A

Figure A

Image: Jack Wallen

Setting up Authy on a Verizon-branded Droid Turbo.

Once you enter the phone number for the Primary Device, tap OK and go back to your Primary Device and check for an SMS message. Once that message arrives, locate the six-digit PIN from Authy and enter it in the prompt on the Secondary Device and tap OK (Figure B).

Figure B

Figure B

Figure B

Image: Jack Wallen

Entering the verification PIN on the Secondary Device.

At this point, all of your associated accounts will show up along the bottom of the Authy app. Each account will be tagged as NEW and won’t be made available to you until you enter your Authy backups password for the first time (Figure C).

Figure C

Figure C

Figure C

Image: Jack Wallen

Once you enter your backups password, your accounts will be made available.

You are now ready to use Authy on the second device. If you need more than two devices, you can add more…just remember to always use the Primary Device phone number when setting them up.

Team usage

Because you can add as many devices as necessary, this makes it possible to hand out Authy (set up with multiple accounts) to a team of users…all working with two-factor authentication on those precious accounts. Considering how data security is at a prime, you should certainly invest the time in setting up Authy on all the devices necessary to make two-factor authentication happen for you and/or your team.

Also see

Passwords To Be Phased Out By 2025, Say InfoSec Pros

Behavioral biometrics technology and two-factor authentication are on the rise as safer alternatives, according to a study.

A study of 600 security professionals by mobile ID provider TeleSign has revealed that customer account protection is a major worry for businesses, with 72% of those interviewed saying passwords will be phased out by 2025. More and more companies, says the report, are replacing passwords with behavioral biometrics and two-factor authentication (2FA) with 92% of security experts claiming this will enhance account security considerably.

“The vast majority of security professionals no longer trust the password to do its job,” said Ryan Disraeli of TeleSign because 69% of the respondents said they did not think usernames and passwords provided enough security. Account takeovers (ATOs) were a huge concern for 79% even as 86% worried about ID authentication of web and mobile app users with 90% having been hit by online frauds in the last year.

More than half (54%) of the organizations say they will move to behavioral biometrics in 2016 or later whereas 85% said they would implement 2FA within the next 12 months. Eight out of the 10 respondents believe behavioral biometrics will not degrade user experience.

Read the full survey here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

One iPhone In Every Large Company Infected With Malware

Four percent of all mobile devices in big enterprises have malware installed but network threat to mobile phones bigger, says report.

Mobile security firm Skycure says organizations with more than 200 iOS or Android mobile devices are most likely to have at least one piece of equipment infected with malware and that 4% of all mobile devices have malware installed. Based on findings in its third Mobile Threat Intelligence Report, Skycure discovered that in large enterprises, 3% of all iOS devices have malware installed while 5.7% of all Android devices are infected.

The report was formulated from a study between January and March 2016 of both unmanaged mobile devices and those managed by security management.

The research, which also found mobile ransomware on the rise, stated businesses were seen to carry more than three unique varieties of malware with Android phones having a greater range. It also highlighted threats from third-party app stores and said that 19% of enterprise Android phones allowed downloading from these, thus exposing them to malware. Google Play, it said, was the safest store for Android apps.

However, malware is not the biggest threat to enterprise mobile devices. According to the report, only 13% of mobile incidents were from malware, while fully 70% of incidents were network-based. 

See more details here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights