There’s no doubt about it – we are a mobile nation. According to Ofcom, a whopping 78% of all UK adults now own a smartphone and on average, people check them once every 12 minutes during their waking hours. And these statistics should come as no surprise – we now rely on our phones to provide us with up-to-date information instantly, right at our fingertips, on almost any topic imaginable. So, when our phones start slowing down, frustration and anxiety arises. But how many people actually understand why this is happening?
Currently, many consumers believe that this slow-down is due to technology latency that is built into their devices – some companies such as Apple have previously admitted that they deliberately slow down older models of iPhones without notifying their customers. However, this is not the only cause of slow-downs. In fact, consumers may instead be being subjected to malware attempting to siphon off their personal data every time they browse the internet, causing their phone speeds to slow down as they deal with these malicious requests.
The next wave of malware distribution
Malware distribution has now started spreading through online adverts that appear on most major reputable websites. Most people are aware of the threat posed by spam emails and messages from people they don’t know, or from suspicious-looking pop-ups that can sometimes appear when we use the internet. They are therefore familiar with how to identify and avoid these malicious attempts from hackers. However, malware producers are always discovering new ways to infect their victims. One new method is through infecting advertising networks – referred to as ‘malvertising’.
This is a threat that has been growing steadily over the last couple of years. In fact, in December of last year, a cyber-criminal group known as ScamClub managed to hijack over 300 million web sites through an enormous malvertising campaign. Malicious ads were created, intended to look like genuine promotions of legitimate businesses, but instead redirected to scam websites which collected personal and financial data from the victims. Mobile phone devices have been a particular target for these types of malvertising scams, as mobile sites tend to have more ads on them and therefore have a better chance of drawing in unsuspecting consumers.
How does it work?
With very little oversight, and websites typically relying on third party vendors to screen and display the ads, the online advertising space is ripe for exploitation. It can be extremely difficult for the average consumer to identify a malicious advert, because they often appear via legitimate and reputable advertising networks. Due to the sheer volume of adverts that are submitted to various advertising networks throughout the world, it can be difficult for the networks to perform a thorough analysis of these ads.
Generally, cyber hackers will insert unwanted or malicious codes into an ad and will then pay advertising networks to display them. This then exposes every user visiting those sites to the potential risk of infection – and as the malware contained within the ads request and attempt to steal your confidential information, this ends up significantly slowing down your mobile device.
More common than you think
Part of the problem is that mobile users simply don’t realise how common these scams are, and therefore aren’t educated on how to identify and avoid them. Even once they become infected, they may not be able to spot the warning signs of a virus and take steps to eliminate it. Most people would be shocked to know that more than 50% of the traffic which is consumed by a web browser consists of content they did not even know they had requested. Naturally, this has the effect of significantly slowing down their browsing experience – in fact, by eliminating these unnecessary and possibly even malicious requests, pages can load an average of 2 times faster than before and even improve the battery life of your device.
How to combat it
It’s already clear that we cannot rely on advertising networks and host websites to prevent malware from being distributed through online ads. The only real way for mobile users to prevent these attacks is to stop them from activating in the first place. Luckily, technology exists to block the activation of malvertising by disrupting their bidirectional communication back to their command centres. Without activation, no confidential data leaves the device and no malware is installed on your mobile.
Cyber threats will always exist which is why the focus must be on prevention. New and more ingenious ways of accessing mobile devices – such as through legitimate-looking adverts will always be found. However, with proper protection you can ensure that malware will not be activated, your data will remain secure and your mobile device won’t slow down.
Dr. Darren Williams, Founder and CEO at BlackFog
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.