HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

New Mobile Malware Appearing at Rate of 4,900 per Day

The threat from malware, phishing and spear phishing campaigns has been widely reported in recent months. Numerous new strains of dangerous malware have been identified this year and the past few weeks have seen the FBI issue warnings on two malware strains; Sakula and Stegoloader; two particularly worrying pieces of malware that are currently being used by cybercriminals to gain access to healthcare data and financial information.

The scale of the threat is difficult to estimate; however a new study on mobile malware offers an indication of just how serious the problem is. The report from Security firm, G Data, indicates new malware strains are appearing at a rate of nearly 5,000 per day. According to the report, the firm collected over 200 new android malware samples on average every hour in the first quarter of the year.

440,000 new strains of Android malware were discovered in Q1, 2015, representing a 6.4% increase compared to Q4 of 2014: A jump of 21% from corresponding period last year. In Q1 more than double the volume of malware was discovered than in the whole of 2011 and 2012.

New strains are now being identified, on average, every 18 seconds and the problem appears to be getting worse. The researchers predict that by the year end, more than 2 million new mobile malware strains will have been released.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Criminals Looking to Obtain Banking Data and Credit Card numbers

The android malware explosion is a direct response to the increase Smartphones use, according to researchers. 61% of mobile phone users have an Android device, and just over 60% of worldwide users use those devices to access the internet. Approximately 78% of respondents use either their Smartphone or a tablet to access financial information, with many using banking Apps.

More than half of all new malware strains are financially motivated; that is, the malicious software tries to gain access to online bank accounts. In Europe, 41% of new malware targets banking information while in the United States the figure stands at 50%. Malware used to obtain financial information and login credentials includes banking Trojans and SMS Trojans: SVPENG and FAKETOKEN receive a mention in the report, both being used in a number of successful attacks.

Some malware may also have a dual purpose, installing other software on to the host computer once financial information has been obtained. The report only details the primary purpose of the malware. Often malicious software is developed with a dual purpose: To allow access to the computer or network to be gained, and then to offer criminals another way of making monmey; installing ransomware for example.

Over 47% of malware is designed to sabotage organizations, steal company secrets, hold host computers hostage until a ransom is paid, or gain access to computer networks. Malware is often downloaded onto computers and networks by endpoint users. Criminals often target specific employees and send highly convincing emails, asking them to open an attachment or click on a link to a website. Using this technique criminals can all too easily infiltrate a computer network.

One of the problems identified by the report is the lack of understanding of the importance of installing anti-malware or anti-virus software on mobile phones. Many computer users would not dream of using a computer without anti-virus software and firewalls in place, but then do not apply the same thinking to mobile device use. However, with the rate that malware is now being released, mobile security is no longer an option. Failure to install the necessary protections is likely to result in a data breach.

If devices are to be kept secure, they must be subjected to the same controls as desktops and laptops, and have software apps installed that can scan for viruses, malware and other Potentially Unwanted Programs (PUPs). Controls must also be put in place to protect the defives from external attack.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.