Research presented on Wednesday by automated breach defense solutions provider Damballa at the RSA Conference in San Francisco shows that mobile malware infection rates in the United States are low.
Damballa, which currently monitors nearly half of the mobile data traffic in the United States, conducted a test over a one-month period in the fourth quarter of 2014. The company identified roughly 150 million mobile devices that connected to over 2.7 million unique hosts.
However, researchers determined that only 0.0064 percent of these devices, representing 9,688 devices, connected to a domain on the mobile blacklist (MBL). The security firm has pointed out that there is a bigger chance of being struck by lightning (0.01 percent chance in a lifetime) than having a mobile device infected with malware.
Damballa conducted a similar study in 2012, when the company was monitoring one third of the mobile data traffic in the United States. At the time, roughly 3,500 of the 23 million devices they had identified (0.015 percent) contacted a malicious domain.
Based on passive DNS (pDNS) data collected at recursive DNS level, researchers have also determined that only 1.3 percent of “mobile” hosts were not in the set of hosts contained by historical non-cellular pDNS data. This indicates that there is a significant overlap between mobile hosts and wired hosts — mobile applications are using the same hosting infrastructure as regular applications.
As Damballa senior scientific researcher Charles Lever points out, “mobile Internet is really just the Internet.”
“This research shows that mobile malware in the Unites States is very much like Ebola – harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection,” Lever said. “Ask yourself, ‘How many of you have been infected by mobile malware? How many of you know someone infected by mobile malware?’”
While reports released by many security firms show an increasing number of mobile malware samples, some recent studies show that mobile threats have been overhyped. Google published a report earlier this month saying that malware infections on the Android platform have been cut in half in the past year.
Verizon’s latest Data Breach Investigations Report (DBIR) also revealed that mobile devices are not a preferred attack vector in data breaches.
“Mobile devices have clearly demonstrated their ability to be vulnerable. What we are saying is that we know the threat actors are already using a variety of other methods to break into our systems, and we should prioritize our resources to focus on the methods that they’re using now,” Verizon said.
At the RSA Conference, Damballa also announced the launch of Damballa Failsafe 6.0, the latest version of the company’s advanced threat detection platform.
“Failsafe 6.0 leverages a distributed computing architecture that enables the seamless addition of powerful new detection modules, ease of integration with other security technologies, and more efficient processing power. As a result, enterprises can ‘future-proof’ their threat detection platform to deal with current and emerging threats,” Damballa said.
RSA Conference 2015 Coverage: