Mobile Malware — The Market for Mobile Exploits Is Heating Up
Remember when Apple claimed that its products were immune to viruses and malware? This was most prevalent for OS X, but certainly bled into the “walled garden” of iOS. Meanwhile, the open Android operating system has been plagued by malware for years, but mostly in cases where users chose to jailbreak their devices.
Now that mobile devices have become such an integrated piece of our lives, the world of mobile malware is catching up. If you haven’t been investing in protecting the mobile devices on your enterprise network, now is the time to start.
Mobile Malware is an Ever-Growing Opportunity for Attackers
One of the main reasons that Apple’s desktop OS was “immune to viruses” was that its market share was minimal compared to Windows. Attackers are highly opportunistic, so it’s no surprise that they’ve typically flocked to Windows rather than trying to develop new OS X malware.
However, Apple’s dominance in the mobile market has put it in the spotlight alongside Android. The opportunity only continues to ripen for attackers, considering these stats about mobile usage and security:
- 97% of business leaders say a portion of their workforce uses mobile devices for their jobs
- 60% of employees access work-related content outside of the office
- Only 50% of apps created by companies are actually tested for security
- 95% of the top paid apps on Android and 87% of top paid apps on iOS have been hacked
- Through 2017, 75% of mobile cyber attacks will run through vulnerable apps
The amount of attention we pay to our mobile devices makes the rise of mobile malware an inevitability. As a business leader, you might like to think that this only applies to individual consumers—but consumers are bringing those devices onto your network and you have to be ready.
Mobile malware might have once been relegated to the darker corners of user bases, but the market for mainstream attack vectors is heating up.
There’s Big Money in Mobile Malware
If you’re still unsure about whether mobile malware deserves your attention, you need only look to the market for these exploits and how it’s growing rapidly.
Zerodium has built a business by buying zero-day exploits and selling them to government agencies worldwide. Examining their business is valuable because they don’t just sell desktop or flash exploits—there are market exploits for any iOS iteration, desktop operating systems, Android iterations, and more. Looking at their pricing for each exploit can give you an idea of where vulnerabilities lie on enterprise and government networks.
In a recent release, Zerodium explained the current pricing for a number of exploits. Examples include $200,000 for Android exploits, $100,000 for flash exploits, and $40,000 for Word and Excel exploits. These may sound like hefty prices for someone who hasn’t looked at the mobile exploit market, but they pale in comparison to the pricing for iOS exploits.
When iOS 9 was initially released, Zerodium held a contest and paid $1 million for the first 3 zero-days submitted—but then dropped the price down to $500,000 per exploit.
Now that iOS 10 has emerged, Zerodium has raised its price per exploit to $1.5 million (and that’s without any contest). The boom in pricing for this mobile malware points to the rise in mobile vulnerabilities and the fact that mobile endpoint security has to improve before it’s too late.
If you want to learn more about taking your endpoint security to the next level, download this free guide, Next Generation Endpoint Protection Buyer’s Guide.