Cloudmark Inc announced new research into mobile messaging abuse trends in Asia, North America and Europe that point to a precipitous rise in mobile spam, phishing and virus attacks in 2008.
Cloudmark solutions currently protect more than 300 million inboxes (including 100 million mobile accounts) for more than 100 of the world's largest mobile and fixed line operators, including Sprint/Nextel, Earthlink, Comcast and Swisscom.
In the past year, Cloudmark has worked closely with leading mobile operators across the globe to help them address the growing issue of mobile spam and malware. As a result of these discussions and through analysis of operators' mobile traffic data, Cloudmark is able to offer unique insight into the mobile threat trends operators and consumers are likely to face in the near future.
While the sophistication of mobile threats and delivery protocols differ from region to region, all signs point to a global rise in mobile spam and malware. Factors such as the continued growth of mobile messaging, reductions in message delivery costs, inherent network vulnerabilities and new mobile marketing initiatives are converging to create a perfect storm for mobile messaging abuse.
North and Southeast Asia are the most "developed" regions in the world in terms of mobile abuse. Mobile spam is commonplace, driven mostly by the low (or even free) cost to send and receive SMS messages. In China, for example, operators charge less than $US 0.001 to send an SMS message from one mobile device to another. Due to attractive message delivery economics, operators are experiencing rising abuse from both on-network and off-network sources.
* In China, the average subscriber receives 6-10 mobile spam messages per day
* In India, certain operators face spam levels around 30 percent, even after protocol-level filtering
* In Japan, the current spam problem is expected to worsen aso perators open their networks to email-to-SMS and MMS services
According to leading mobile operators in the region, attackers are primarily using the following attack methods:
* SMS spoofing and faking- a type of signalling fraud where spammers impersonate other mobile phone numbers and networks to send out spam
* On-network abuse --attacks using signalling fraud appear to come from valid accounts or attackers actually using valid accounts to send out spam either from unregistered pre-paid SIM cards or other subscriptions where the cost is low
While mobile spam used to be considered a nuisance--containing housing advertisements and pornographic messages--they have morphed into dangerous scams as attackers learn how to monetise mobile spam.
Today, new types of mobile spam leverage social engineering techniques to lure users into calling back premium rate numbers, texting premium rate short codes or entering personal information into a phishing site. For example, in Japan, some mobile users were sent messages threatening to expose their participation in a dating club unless they went to a certain phishing Web site to "unsubscribe".
As a result of this new trend in attacks, operators in Asia are facing growing complaints from customers who had previously ignored mobile spam. In addition, operators must contend with costly operational issues resulting from SMS attacks, including a decline in system performance and the impact on SMSC resources. Further, SMS faking and spoofing attacks from off-network sources cost operators hundreds of thousands of dollars each month in inter-carrier roaming and connection charges.
The situation in many parts of Asia has become so severe that government regulators are stepping in to mandate that mobile operators have greater control over mobile spam through such required actions as registration of pre-paid mobile SIMs and implementation of feedback loops that allow consumers to easily report spam using their mobile device.
"Developments in Asia can be viewed as precursors to the types of mobile abuse that will plague operators in the rest of the world," said Jamie de Guerre, chief technology officer at Cloudmark. "Mobile botnets and on-network signalling fraud, where bulk attacks are sent from within the operator's own network, are examples of advanced mobile threats currently seen in Asia that will likely extend to North America and Europe."
In contrast to Asia and Europe, in the United States, e-mail-to-mobile attacks are dominant. All major U.S. mobile operators have enabled the sending of SMS messages through e-mail. Unfortunately, text messaging via the Internet also provides a cost-effective channel for attackers to reach mobile subscribers. While not key targets in the past, e-mails associated with mobile numbers are now showing up on the radar of spammers and phishers.Cloudmark's work with leading mobile operators in North America has found that e-mail-originated mobile abuse now accounts for almost 25 percent of all messages sent to mobile devices via email. According to Ferris Research, the number of mobile spam messages will continue to grow at a fast clip:
* In 2007, 1.1 million SMS spam messages were received in the U.S., a 38 percent increase from 2006
* In 2008, the number is expected to grow by almost 50 percent to 1.5 million
Spikes in mobile spam traffic can cause significant operational issues for mobile operators, including driving up resource utilisation and customer complaints. In addition, because victims of mobile spam in the U.S. are often charged for receiving SMS messages, they are much more likely to complain and ask for credits from their carrier.
Thus far, mobile spam attacks in North America have been fairly primitive, taking the form of unsolicited advertising, stock scams, "Google Pages" spam, etc., as spammers are still trying to figure out how to monetise the mobile medium. However, as mobile operators begin to promote new forms of content, such as mobile advertising and mobile banking, attackers will likely follow suit with more sophisticated scams. In addition, further reductions in the costs associated with sending and receiving mobile SMS will lower barriers to entry for spammers.
In Europe, mobile operators' "walled garden" strategies have limited the amount of third-party content from reaching mobile users. Whereas this closed network approach, coupled with the relatively high costs to send SMS messages, has limited attacks, it has not prevented them completely.
European operators report that the following forms of attacks are on the
* Off-network signaling fraud from Asian or Eastern European networks using faking and spoofing techniques
* SMS flooding--denial of service (DDos) attacks in which large volumes of SMS spam is sent during short time intervals
* Predominance of low volume, high value attacks involving phishing and premium rate phone numbers
European operators will likely face the following attack vectors in the future:
* WAP push attacks where phishers hide phishing URLs from subscribers and provide one-click access to a phishing Web site
* 'Vishing', which combines voice with phishing tactics, is gaining momentum as fraudsters look to extract financial information via the telephone
* On-network attacks coming from mobile botnets
Many European operators have implemented anti-faking and anti-spoofing solutions that detect attacks coming from foreign networks.
However, these measures have not entirely closed the door to spammers. The open nature of GSM networks requires that all partner networks must deploy similar measures to be effective.
In addition, advanced techniques such as botnets and on-net attacks, which will inevitably rise as message delivery costs lower, are impervious to these solutions.
Mobile operators worldwide are concerned about the impact of growing messaging abuse on subscriber loyalty and overall public perception of an operators' brand, which in turn lead to increased customer churn and higher support costs. Most alarming to many carriers is the damage mobile abuse may cause to future revenue-producing services.
"The growth in mobile messaging abuse is exposing operators to additional and unnecessary costs at a time when they are turning to messaging and mobile advertising to open up new revenue streams," said Jamie de Guerre, chief technology officer at Cloudmark.
"For mobile operators, the greatest risk is that subscribers' zero tolerance attitude towards intrusive mobile spam will prompt them to change providers or opt out of mobile advertising and marketing opportunities, leaving much needed new revenue streams fatally crippled from the outset. For this reason, it's simply not an option for mobile operators to adopt a wait-and-see approach when it comes to their mobile messaging security strategy.
Instead, operators must be keenly aware of the potential security challenges that lie in their path and take a proactive approach to protecting their subscribers, their brand and the future success of their mobile services."