November 13, 2018
Threats in the Mobile Landscape
We live in a mobile-first world, and multiple threats accompany this fact. ThreatMetrix CTO, Andreas Baumhoff, explores mobile malware threats, data from our Digital Identity Network, and the top three challenges in the mobile environment. We have a global network of over 3,000 customers, 10,000 websites, and one billion transactions per month. The growth of connected devices is fundamentally changing the payment and commerce landscape making it critical for businesses to deliver frictionless services with the utmost security. The data we get from the Digital Identity Network, provides a comprehensive view of the geographies, trends, and threats we see on a daily basis. We also get an idea of where attacks originate, helping you protect your business and customers’ information.
There are multiple applications of fraud prevention and authentication across different sectors. We have network participants in e-Commerce, financial Services, and media. We serve businesses such as, Microsoft, Visa, and Netflix. Serving multiple industries expands our Network, and helps create a safer digital world.
The use of mobile devices to browse, share and shop has grown rapidly with commerce growing at 56 percent year to year. Today, there is a lot more processing power in mobile than in the past. For example, the Samsung Galaxy S5, runs up to 2.5 GHz per core. You can think of mobile as an incredibly fast and capable computer, and it is constantly innovating. Security features are often an afterthought in mobile, and cybercriminals capitalize on this opportunity. In fact, 97 percent of mobile malware is on the Android platform. It is largely an Android problem due to the openness of the Android ecosystem. Businesses are attempting to monitor the mobile channel, but it is increasingly difficult with the types of attacks hackers employ.
Mobile Usage and Mobile Fraud are Rapidly Increasing
Currently the most malicious code for mobile devices consists of Trojans that pose as legitimate applications. These apps are uploaded to mobile application marketplaces in the hope that users will install them, often trying to pass themselves off as legitimate apps or games. Attackers have also taken popular, legitimate apps or games and added additional code to them.
Mobile usage is accelerating across the board. Mobile commerce is quite different from e-Commerce, in the sense that the value of an IP address dramatically decreases in the mobile sector. Consumers are constantly moving throughout the day, so it can be more difficult to track whether a transaction is trusted or fraudulent, based on the IP. Traditional protections no longer apply. Most attacks of the mobile sector occur on mobile browsers or Software Development Kits (SDK), not mobile apps. Hackers often inject malware into browsers or intercept communications, in what is known as a Man in The Middle (MItM) attack. Cybercriminal networks are developing new techniques and technologies to exploit the vulnerabilities in the rapidly expanding mobile channel, resulting in a critical need to detect and prevent mobile-based fraud.