Security - More than 700,000 APPs in the Android Market Place (High Risk)

Android Devices Remain Dangerous to the Enterprise and Small Business. Image complements of visnetwork

There is a concept in business IT to stop being "structured" and "uptight" about allowing wireless devices to be a part of a corporate campus. While a Blackberry Server and Blackberry devices were a standard for a long time, newer devices to compete with this network model have brought critics forward to claim the older Blackberry model is pointless and pre-historic.  Yet the design of Blackberry - and its security - has allowed it permission to be a standard in the enterprise. Pundits of this architecture typically have no response to the security aspect of adopting new wireless devices to a business network.  This concept is also known as Bring Your Own Device (BYOD), and continues to be a hot topic in business. While people want the easy approach of simply buying something at the store and connecting it to a corporate network, the security problems this causes are too vast and dangerous to ignore.
This is reviewed and discussed in this great post at CIO.gov.

A recent Trend-Micro report states that over 700,000 apps are likely to steal your personal information.  This is up from 509,000 last QUARTER.

According to the people at Neowin, they highlight findings of the TrendMicro report:

The majority of these malicious apps are disguised as popular apps, but contain malware that could see victims subscribe to costly services. FAKEBANK is a common and prominent malware that does just this. By spoofing "legitimate apps", it creates shortcuts to mobile banking programs. Johnathan Leopando, of Trend Micro, says infected users may then be at risk of entering their banking details into a malicious app.

Additionally, on July 23, 2013, trade magazine Infoworld printed Report: Android Spyware on the Rise discussing a recent Malware investigation report by Kindsight. The report findings review the most popular recent infections, vectors and behaviors:

The malware threat most commonly seen on Android devices was an adware Trojan program called Uapush.A that sends SMS messages and steals information, Kindsight said. Uapush.A was responsible for around 53 percent of the total number of infections detected on Android devices.
The second-most-common Android threat was a Trojan program called QdPlugin, whose primary purpose is to install and control other adware programs. This malware is distributed as repackaged versions of legitimate games and connects to a control server located in the U.S.
A particularly worrying trend is the increase in the number of spyware threats that appear in the top 20, according to Kindsight. Spyware programs can typically record phone calls and text messages; track the phone's location; monitor email, social media and browsing activity; access photos and contact information, and more.
"Until now mobile spyware has been aimed at the consumer market, with the promise of being able to track your loved one's every move through their phone," said Kevin McNamee, security architect and director of Alcatel-Lucent's Kindsight Security Labs, in a blog post Tuesday. "But locating teenagers and a straying spouse are only one part of the story."
"Mobile spyware in the 'Bring Your Own Device' context poses a threat to enterprises because it can be installed surreptitiously on an employee's phone and used for industrial or corporate espionage," McNamee said.

While this is nothing new to discuss and blog about (see titles below), it remains a significant security concern for the businesses we help at Menlo Technical Consulting.

Malware Infections Soar on Android Devices Over Recent Past   3/20/2012  
Android Mobile Devices are Targets for Malware   12/26/2011  
eWeek periodical says more advanced trends for breaches 2012   12/20/2011  
Why Android is Still a Problem in the Enterprise   10/22/2011
Android – Marketplace Apps 400% Spyware Increase   5/13/2011


Interesting Infographics on the topic:
Kaspersky Labs Infographic 1

Kaspersky Labs Infographic 2

An excellent blog post "The Top 10 countries with the most malicious networks" over at CountryIPBlocks has re-analyzed this list of data with interesting statistics. This original list claims the US is the biggest offender of malicious networks. This list was sorted by order of the countries with the largest NUMBER OF SPAM EMAILS.

1. United States
2. China
3. Russia
4. United Kingdom
5. Germany
6. Japan
7. Brazil
8. Romania
9. Ukraine
10. Turkey

Unfortunately, these results are skewed by not explaining that there is a greater per capita incidence of Intnet connected individuals. The brilliant people at CountryIPBlocks.net discovered that the ratio of NUMBER OF INFECTED NETWORKS to THE AMOUNT OF SPAM is probably the more accurate consideration. That re-adjusted Top 10 list looks like this:

Here are the results based on percentage of infected networks:

1. Brazil 89%
2. Turkey 54%
3. Romania 39%
4. China 32%
5. Russia 11%
6. United Kingdom 11%
7. Japan 10%
8. Ukraine 9%
9. Germany 6%
10. United States 6%

Rules to Protect your Kids and Family (from Eset's Newsletter)

Here is a great general list of eight rules from eset.com - as part of their Cyber Security Awareness month. They have a tremendous news blog at eset.com discussing all kinds of recent Internet and personal privacy issues.
This list is important as a general rules list for families and individuals,  to help protect identity and online scams.

CyberTips: How to protect your kids onlineUse of social media in all age groups almost seems ubiquitous.  Advising children and teens in both the cyber world and the real world is  a difficult issue to navigate. Here are some tips you should consider to keep your children safer on social media sites (and some of them might help you as well): Let your kids know that you trust them, but that you (and they) can’t always trust others online. Be sure they understand that the reason Facebook is free is because Facebook sells their data to others. Remind them to review their Facebook and other social media accounts' privacy settings, at least monthly. Get a Facebook account yourself and ask your children to “friend” you. Get them to change the settings in their smartphone to remove location data from pictures. Be sure they know that pictures taken by friends and posted on social media are out of their control and can be embarrassing, if not worse. Encourage them to keep their whereabouts private (don’t “check in” to a location). Remind them that “online is forever.” What seems cool today can ruin a relationship or a job opportunity in the future.

The only addition that Menlo Technology encourages is to design two different identities for social websites. Each identity should have an incorrect spelling of a last name like Smiith or possibly SmithFB and completely different birthday and year of birth. To not forget these profile changes, using the same incorrect spelling and date of birth will make it easy to use on a regular basis. 
For more news of current topics and news about the Internet, check out our other blog as well at http://menlotechnical.wordpress.com

Employee Purchasing in the Enterprise - survey results

Companies that have grown too quickly and lack IT device purchasing policies, or reduced workforce within in the IT divisions have been prone to allowing employees make their own purchasing decisions, or worse yet (for security reasons) use their own home devices to access corporate servers and email. This directly impacts the Intellectual Property security within that organization.
Recent article "Tablets Gain Ground"by Lauren Brousell in CIO magazine discussed survey results the statistics based around these issues. 

CIO Magazine has recently taken surveys and compiled data from about 260 CIO level respondents for current purchasing and corporate access trends within businesses:
1) 36 percent allow employees to access corporate email on personal devices
2) 23 percent allow access to corporate applications
3) 6 percent  allow workers to buy their own devices (it is not clear if they were requiring their employees to stay within purchasing guidelines.)

The conclusion is employees who purchase their own devices (laptops, mobile phones and tablets) are given limited access to corporate networks, if any. Mostly the employees are given access to the Internet from within the buildings, but also forced to sign employee policy riders that put responsibility and liability on the individuals - that could lead to termination.