Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Where is the Android DDoS Armageddon?

This January, I won a long-standing bet with my colleague, Pete Silva, about the Android Armageddon. Every year since 2010, industry pundits have been predicting an apocalypse of Android malware that would wreak havoc on the Internet, with DDoS attack bots numbering in the tens of millions. With a billion Android devices now connected to the Internet, there is certainly potential for mischief on a massive scale.

This January, I won a long-standing bet with my colleague, Pete Silva, about the Android Armageddon. Every year since 2010, industry pundits have been predicting an apocalypse of Android malware that would wreak havoc on the Internet, with DDoS attack bots numbering in the tens of millions. With a billion Android devices now connected to the Internet, there is certainly potential for mischief on a massive scale. However, the predictions have perennially missed the mark.

2015 won’t be the year of the Android DDoS Armageddon, either.

The 2014 Android Security Year in Review report from Google trumpets that only a miniscule amount of malware has been found on Android devices, in spite of the fact that these devices aren’t patched nearly as often as Apple’s iOS devices. It states that “[d]uring October 2014, the lowest level of device hygiene was 99.5% and the highest level was 99.65%, so less than 0.5% of devices had a PHA [potentially harmful application] installed (excluding non-malicious Rooting apps).”

For those interested in mobile DDoS, the Google report includes just one tiny mention (in a graph on page 27), indicating that just 0.25% of the malware detected outside the Google Play store had DDoS abilities.

So, according to Google, mobile DDoS isn’t a thing. Of course, because Google owns Android, it is in their interest to present its security in the best possible light.

The most recent Verizon report validates Google’s claims even while damning it with faint praise. First, let it be clear that in spite of Google’s lofty claims in their 40+ page report, there is a ton of Android malware out there. With regard to malware, the 2015 Verizon Data Breach Investigation Report states, “Android wins so hard that most of the suspicious activity logged from iOS devices was just failed Android exploits.”

But, according to the report, the vast majority of that malware is adware. Once this “low-grade” type of malware is removed, only 0.03% of mobile devices per week are getting infected with truly malicious malware.

The infosec industry overall seems to have come to terms with mobile security. BYOD, MDM, and EMM were the hot topics in 2011, but they were nearly absent at RSA 2015 this year. In a recent SecurityWeek piece, 2015 Security Predictions–Have They Held True So Far?, Adam Ely writes:

Advertisement. Scroll to continue reading.

…if you’re paying more than $0 for your MDM, you’re paying too much. Instead, follow Gartner’s best of breed technology recommendations. More organizations are doubling-down on application-level security — adopting a data-centric approach, rather than a device-centric one — to achieve better insight, visibility and security of their data.

That’s not to say there is no security threat at all. We’ve seen malicious mobile malware (such as the bank-related Cridex malware), but those have been agents deployed to assist the real malware running in the user’s PC or man-in-the-browser.

There just haven’t been any notable mobile DDoS attacks. And hey, that’s a good thing. The last thing latency-aware mobile users need is tons of malicious network traffic clogging the core service provider routers.

Getting back to my bet. After the rounds of predictions for 2014, I had bet my colleague that if no mobile DDoS appeared this year, we’d stop talking about it. And it looks like we can.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.