Nokia Threat Intelligence Lab focuses on the behavior of malware network communications to develop detection rules that identify malware infections based on command-and-control communication and other network behavior. They have compiled a comprehensive 22 page report which highlights how threats have evolved as IoT have become part of our life, Mobile phones get more powerful and Cryptocurrency gave birth to new threats. Nokia Threat Labs used the following information to calculate and formulate the Threat Intelligence Analysis :
- Malware command-and-control (C2) communications
- Backdoor connections / Shells
- Attempts to infect others ( Exploits etc)
- Excessive email (Spam / Scamming )
- (Distributed) Denial of Service (DoS) and hacking activity
- Four main activities support Threat Lab signature development and verification process:
- Monitor information sources from major security vendors and maintain a database of currently active threats
- Collect malware samples (>200,000/day), classify, and correlate them against the threat database
- Execute samples matching the top threats in a sandbox environment and compare against our current signature set
- Conduct a detailed analysis of the malware’s behavior and build a new signature, if a sample fails to trigger a signature
Cyber Threat Summary
Before I move to Android and explain what all happened with Google OS, let me list down main findings of the threat report of the year as this is just the start and malware and attack vectors will only get complex as new technology evolves.
Android: Attackers Favorite
Among smartphones, Android devices are the most actively targeted by malware. A breakdown of infections by device type in 2017 indicates Android devices were responsible for 47.15%, Windows/PCs for 35.82%, with 16.17% on IoT devices and only 0.85% on iPhones.
Malware Growth for Android in 2018
In 2018 Android based devices are once more the main target in mobile networks
We now have close to 20 million Android malware samples. This is an increase of 31% since last year.
The biggest of which was the Judy malware campaign which targeted up to 36.5million Android devices with malware spread via the Google Play Store. In 2018 Android based devices are once more the main target in mobile networks. the majority of malware is now distributed as trojanized applications.
Top 20 Android Malware Threats
Download Nokia Threat Intelligence Report 2019
You can download the report from here by filling out their form and get the report on Email , or just read it from here.
In 2018 the average percentage of devices infected each month was 0.31%. The peak month was June with 0.46% due to an increase in activity of Android.Adware.Adultswine, malware that displays ads from the web that are highly inappropriate and pornographic, attempts to trick users into installing fake “security apps” that also serve ads and entices users to register for premium services with hidden expenses. It is very persistent and difficult to uninstall.
Nokia report also stressed the emergence of new IoT botnet variants in 2018. In particular – Fbot, which is a Satori related botnet that has two major distinguishing features. It spreads by scanning for devices that have the default Android Debug Bridge (ADB) port open. Very few Androids phones have this port open, but apparently some smart TVs and other Android based IoT devices have been deployed accidentally with this debug port open.