94% of all mobile malware the F-Secure Response Labs analyzed in Q4 targets Google’s Android platform.
You can get the whole report here.
Here’s what the growth of mobile mobile malware looks like over 2012.
As Android threats have grown, Symbian malware has nearly disappeared. Why? Symbian which used to be the world’s most popular mobile OS is disappearing. Nokia phones are increasingly moving to Windows Phone, which — as you may have noticed — is attracting no threats. The world’s second most popular mobile platform Apple’s iOS for iPhones and iPads also had no threats found in 2012.
Why the difference? It comes down to platform openness and App store security.
How can you protect your phone from these threats?
1. Stick to the official app stores.
Apple and Microsoft have strict guidelines for their app stores and Google’s Play store is increasingly adopting restrictions that prevent bad apps from ever showing up. If you only get apps in the official stores, your chances of getting a bad app are almost zero.
2. Check out reviews.
Malicious apps are often weeded out by active users who rate and review software. If an app doesn’t have positive feedback and a lot of it, you probably don’t want to be the one who tests it out.
3. Keep your phone’s software updated.
Your smartphone is a mini PC with the same software issues that your PC has including software that continually needs to be updated. This may require some help from your carrier depending on your phone — but the basic rule is: The more current, the better.
The main thing to keep in mind is that while your family and friends may want to pry on your phone to see what you’re up to, the most likely reason a criminal will be targeting you is pretty obvious.
You guessed it: FOR THE MONEY.
Every time you go online, your personal privacy is at risk – it’s as simple as that. Whether you’re creating an account on a website, shopping, or just browsing, information like your email, IP address and browsing history are potential targets for interested parties. All too often, that information is sold on or sometimes even stolen without you even knowing it. And the threats to our online privacy and security are evolving. Fast. As F-Secure’s Online Protection Service Lead, Christine Bejerasco’s job is to make life online safer and more secure. “We’re basically online defenders. And when your job is to create solutions that help protect people, the criminals and attackers you’re protecting them against always step up their game. So it’s like an arms race. They come up with new ways of attacking users and our job is to outsmart them and defend our users,” Christine says. Sounds pretty dramatic, right? Well that’s because it is. While it used to be that the biggest threat to your online privacy was spam and viruses, the risks of today and tomorrow are potentially way more serious. “Right now we’re in the middle of different waves of ransomware. That’s basically malware that turns people’s files into formats they can’t use. We’ve already seen cases of companies and individual people having their systems and files hijacked for ransom. It’s serious stuff and in many cases very sad. If your online assets aren’t protected right now you should kind of feel like you’re going to bed at night with your front door not only unlocked but wide open.” Christine and her team of 11 online security superheroes (eight full-time members and three super-talented interns) are on the case in Helsinki. Here’s more on Christine and her work in her own words: Where are you from? The Philippines Where do you live and work? I live in Espoo and work at F-Secure in Ruoholahti, Helsinki. Describe your job in 160 characters or less? Online guardian who strives to give F-Secure users a worry-free online experience. One word that best describes your work? Engaging How long is a typical work day for you? There is no typical workday. It ranges from 6 – 13 hours, depending on what’s happening. What sparked your interest in online security? At the start it was just a job. As a computer science graduate, I was just looking for a job where I could do something related to my field. And then when I joined a software security company in the Philippines, I was introduced to this world of online threats and it’s really hard to leave all the excitement behind. So I’ve stayed in the industry ever since. Craziest story you’ve ever heard about online protection breach? Ashley Madison. Some people thought it was just a funny story, but it had pretty serious consequences for some of the people on that list. Does it frustrate you that so many people don’t care about protecting their online privacy? Yeah, it definitely does. But you grow to understand that people don’t value things until they lose it. It’s like insurance. You don’t think about it until something bad happens and then you care. What’s your greatest work achievement? Shaping the online protection service in the Labs from its starting stages to where we are today. What’s your idea of happiness? Road trips and a bottle of really good beer. Which (non-work-related) talent would you most like to have? Hmmm… tough. Maybe, stock-market prediction skills? What are your favorite apps? Things Stumbleupon What blogs do you like? Security blogs (F-Secure Security blog of course and others – too many to list.) Self-Help Blogs (Zen Habits, Marc and Angel, etc.) Who do you admire most? I admire quite a few people for different reasons. Warren Buffett for his intensity, simplicity and generosity. Mikko Hyppönen for his idealism and undying dedication to the online security fight. And Mother Theresa for embodying the true meaning of how being alive is like being in school for your soul. Do you ever, ever go online without protection? Not with systems associated to me personally, or with someone else. But of course, when we are analyzing online threats, then yes. See how to take control of your online privacy – watch the film and hear more from Christine. See how Freedome VPN will keep you protected and get it now.
There hasn't been app that has exploded this quickly in a long time -- possibly ever. An "augmented reality" game that combines geocaching with a kids' favorite from the 90s- 00s, Pokémon Go is already nearing 10 million downloads. And you can hardly go on social media without finding someone either bragging about snaring a rare Bulbasaur or begging for an explanation of the phenomenon. On Monday several stories broke about privacy concerns about the game so we ran them by our Security Advisor Sean Sullivan who had some good news for us: The stories are mostly overblown. Let's go through them. You heard about the robbery of Pokémon players drawn by robbers to PokéStops? "The robbery stuff is hyped nonsense, allegedly happens once, and the press can't resist telling the story," Sean told us. If you're really worried, practice the same tactics you use when trick-or-treating -- including sticking to well-traveled areas and playing with friends. How about Niantic, the app's maker collecting "your email address, IP address, the web page you were using before logging into Pokémon Go, your username, and your location." Sounds bad right? Maybe. But it's "typical of most apps," Sean says. Still, as always, you should check you privacy settings. What about the news that the app gives Nitantic full access to your entire Google account, which you have to use to create an account for the game!? Turns out that the maker was never able to read your Gmail and the permissiveness has more to do with Google's settings than Nitantic's. However, to play, you may still want to create a separate Google account that isn't connected to your Gmail as F-Secure Labs explains below. https://twitter.com/FSLabs/status/752766796227284993 Yes, criminals are taking advantage of the app's popularity and Android's laxer security standards -- at least compared to the iOS App Store -- to spread infected fake "backdoored" versions of the app. But that's true of many, many popular Android apps, which is you should always stick to the official app stores and check reviews before downloading. Sean is a known fan of Nintendo, which owns the Pokémon brand, so he may be a bit biased. But all he has is good news for you, for now. Given the success of the app, you're bound to hear many stories that stoke suspicion both of the app and the players. You're also likely to see many imitators who will take advantage of how the app has exposed adult's urges to play games on their phone that actually bring them into public. And, of course, there will be efforts to monetize this sensation. Players can already buy virtual items to speed their progress, but augmented reality presents unique advertising opportunities. "The game’s real-world nature also gives Niantic another intriguing moneymaking possibility, by charging fast-food restaurants, coffee shops and other retail establishments to become sponsored locations where people are motivated to go to pick up virtual loot," the New York Times reports. These partnerships may spark new concerns about sharing players' location data with ad partners. But for now, people seem very willing to go out into the world and make themselves known as Pokémon Go players. While the success of Pokémon Go may be extraordinary, the privacy and security concerns are typical of any well-known app. [Image by Noah Cloud | Flickr]
Reports that as many as 40 million iCloud accounts have been compromised by Russian attackers have not been confirmed by Apple. But they haven't been denied either. "For now, let's assume there hasn't been a massive iCloud data breach," writes Steve Ragan at CISO. So... what do the reported attacks look like? "It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim's device into lost mode," Ragan writes. "At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it." Then they demand the ransom -- usually $30 to $50 or all the data will be deleted. What can you do to avoid such an attack? Get your security basics right. "So make sure that you have a unique, hard-to-crack, hard-to-guess password protecting your Apple ID account," Graham Culey writes. "And, if you haven't already done so, I strongly recommend enabling two-step verification on your Apple ID account to make it harder for hackers to break in." It's about a four-minute process. So do it. Now. You start by logging into your Apple ID. And while you're thinking about it, why don't you activate two-factor authentication on any account you can -- especially Google, which calls it "two-step verification" even though it's really "two-factor" since it involves your phone, and Facebook, which calls it "Login Approvals." [Image Gonzalo Baeza | Flickr]