Cloudmark® Research Shows Inadequate Messaging Protection and Increased ROI for Attackers Resulting in an Influx of Mobile Threats
Mobile Spam Attacks on the Rise as Unlimited Messaging Plans and Increased Adoption of Mobile Applications Create an Attractive Market for Spammers
San Francisco and Las Vegas—April 1, 2009—CTIA Wireless 2009—Cloudmark, Inc., the global leader in carrier-grade messaging security, today announced new data on mobile spam, which indicates that financial gain for mobile spammers has increased exponentially in the past two years due to the introduction of unlimited messaging plans, the proliferation of open networks, smarter devices and the rise of mobile applications. Cloudmark's findings underscore the critical importance of effective mobile messaging protection for mobile operators and their customers.
Mobile messaging and mobile transaction activity is skyrocketing in North America. A recent Nielsen Mobile report states that the typical U.S. mobile subscriber now sends and receives more SMS text messages than telephone calls. In fact, during the second quarter of 2008, the report unveiled a 450 percent increase over the number of text messages circulated monthly during the same period in 2006. At the same time, according to Berg Insight, the number of active users of mobile banking and related financial services worldwide is forecasted to increase from 20 million in 2008 to 913 million in 2014. The increase in SMS traffic, combined with the rapid adoption of mobile applications such as mobile banking, is driving a significant spike in attacks on mobile networks.
Consequently, spammers are catching onto this rising trend in mobile messaging use and realizing that mobile networks, often with inadequate protection for mobile spam and fraud, are prime targets. Further, unlike with email, where users are educated about spam and malware, mobile users have an inherent trust in their devices, making them more susceptible to attacks. Today, users of text and multimedia messaging are receiving rising numbers of unsolicited messages on their mobile devices. Initially, this may seem nothing more than an annoyance, but this practice is often the prelude to fraudulent activity as spammers become more adept at infiltrating the network. In many ways, the North American mobile messaging market is experiencing an evolution similar to what the Asian market experienced earlier this decade. Today, Asian mobile operators and consumers are feeling the impact—according to a number of published reports, mobile phone users in China received more than 300 billion spam in 2008 alone.
According to Cloudmark Research, new factors driving the increase in mobile spam include:
- Increasing ROI for mobile spammers – unlimited messaging plans make sending messages through mobile networks cost effective for everyone, including spammers. Cloudmark's research finds that over the past two years, the cost of sending an SMS message in the U.S. dropped by 99 percent, resulting in attractive margins for spammers. In fact, Cloudmark's research indicates that spammers are now seeing an eight-fold return on spam messages sent. More sophisticated phishing attacks, in which spammers attempt to aquire sensitive personal and financial information from recipients, are likely to be an even more lucrative play for spammers and deliver even higher ROI. The financial incentive is now compelling enough to drive spammers to increase the frequency and volume of their attacks.
- The convergence of open networks and smart phone adoption – the increased use of smart phones beyond the business user to the general population is driving widespread adoption of mobile banking, social networking and rich-Internet applications. However, the growing adoption also opens the door to malicious attacks. Currently, more than 95 percent of all email messages received by a major fixed-line operator are spam. With the convergence of Internet to mobile, the percentage of SMS messages that are spam is also expected to grow as attackers gain easier access to the mobile environment. In addition, spammers are now leveraging content from existing email and social networking scams to successfully launch similar attacks via new channels, including mobile. One example is the "Crush Spam" attack. This prolific email message sent to mobile users prompted them to share personal information in order to find out who has a crush on them. The fine print of the message opts subscribers in for up to $60 per month in charges. The scam was repeated for months and resulted in millions of dollars in care costs and refunds for U.S. operators. Cloudmark observed the Crush Spam attack in email, SMS and social networks.
- Lack of protection for new, sophisticated and open networks – despite rising awareness of the potential for abuse, the mobile medium is still only loosely protected, making it an open target for attacks. According to a recent Cloudmark survey, 100 percent of the top 12 mobile operators in Europe anticipate that mobile spam volumes will rise; however, 83 percent do not have a filtering system in place to protect customers. Until mobile operators secure their networks, spammers will be able to capitalize on this security gap and have a virtual open door for perpetrating their attacks.
"The convergence of unlimited messaging plans, enhanced capabilities on mobile devices and the lack of messaging security at many carriers create a perfect opportunity for mobile spammers," said Jamie de Guerre, chief technology officer at Cloudmark. "Mobile operators aim to provide rich content, applications and services making it imperative that they implement messaging security solutions like Cloudmark Authority® for the protection of their subscriber base."
About Cloudmark Authority for Mobile
Cloudmark Authority® for Mobile, a carrier-grade messaging security solution, is designed to combat the most sophisticated mobile threats. Cloudmark Authority goes beyond protocol-level controls that counteract signaling fraud between mobile networks to also catch on-network mobile abuse that has already been accepted by the mobile network. Cloudmark Authority also identifies emerging mobile botnets that have compromised user devices via malware transmitted over Bluetooth or the Internet. Specifically designed for large-scale carrier implementations, furthermore, Cloudmark Authority scans mobile messages at more than 20 times the rate of competing solutions. Backed by a unique and powerful combination of Advanced Message Fingerprinting™ technology and real-time feedback from the Cloudmark Global Threat Network™ system, Cloudmark is able to quickly and effectively identify mobile spam, phishing and virus attacks—regardless of format or language—before they are transmitted to the subscriber through email, SMS or MMS.
About Cloudmark
Cloudmark builds messaging security software that protects communications service provider networks and their subscribers against the widest range of messaging threats. Only Cloudmark Security Platform™ delivers instant security and control across diverse messaging environments, enabling communications service providers to create a safe user experience, protect revenue and safeguard their brand, while streamlining infrastructure and reducing operational costs. Cloudmark's patented solutions protect more than 120 tier-one customers worldwide, including AT&T, Verizon, Swisscom, Comcast, Cox and NTT.