Research Conducted on 50% of US Mobile Traffic Finds You are 1.3 Times More Likely To Get Struck By Lightning Than Have Mobile Malware Communicating on Your Device
Atlanta, GA and San Francisco, CA – RSA Conference Booth 1715 – April 22, 2015 – Damballa, a leader in advanced threat detection and containment, will be unveiling research on Wednesday, April 22nd at the RSA Conference, which details the overblown nature of the mobile malware problem. Damballa monitors nearly 50% of US mobile traffic. Based on this Big Data set, the research team set out to determine actual malware infection rates – not just samples found, or vulnerabilities/theoretical attacks. In his talk at RSA, senior scientific researcher Charles Lever will highlight the actual risks to devices, the number of devices seen communicating with known bad domains, and the comparison to historical rates.
Who: Charles Lever, Senior Scientific Researcher, Damballa
What: Characterizing Malicious Traffic in Cellular Carriers, A Retrospective
When: Wednesday, April 22nd at 8:00AM PT
Where: RSA Conference, Moscone West, Room 2001
- Damballa originally did a study in the spring of 2012 to determine the extent of mobile devices contacting malicious mobile domains. At the time, Damballa monitored approximately 33% of US Mobile Data Traffic.
- The same study was repeated in Q4 2014. Damballa now monitors about 49% of US Mobile Data Traffic
- During the initial test period in 2012, researchers saw 17-25M mobile devices per day. During the new test period (Q4 2014), researchers saw 130M-160M devices per day.
- They observed 2,762,453 unique hosts contacted by mobile devices.
- In 2012, monitoring 33% of US Mobile Data Traffic, Damballa saw 3,492 out of a total of 23M mobile devices – 0.015% – contacting a domain on the mobile blacklist (MBL)
- In Q4 2014, monitoring nearly 50% of US Mobile Data Traffic, only 9,688 out of a total of 151M mobile devices contacted mobile black list domains (.0064%)
- The National Weather Services says the odds of being struck by lightning in a lifetime are 0.01%
- Only 1.3% (35,522) of “mobile” hosts were not in the set of hosts contained by historical non-cellular pDNS data. This means there is very significant overlap between wired hosts and mobile hosts, and mobile applications are reusing the same hosting infrastructure as desktop applications.
“This research shows that mobile malware in the Unites States is very much like Ebola – harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection,” said Charles Lever, senior scientific researcher at Damballa. “Ask yourself, ‘How many of you have been infected by mobile malware? How many of you know someone infected by mobile malware?’”
Lever continued, “Mobile operators and platforms have invested significant resources in preventing malicious applications from being installed, especially in North America. For example, iOS developers must submit an application for approval before their app is available on iTunes. And Google has developed “Bouncer,” a system that scans submitted apps for evidence of malware. So for a majority of the population, by simply staying within the authorized app stores for their respective devices, they will drastically reduce the risk of being infected with mobile malware.”
Brian Foster, CTO of Damballa, added, “While it would be naïve to think there is no risk in mobile, the true extent of mobile infections is still not widely understood. By providing an extensive network-level analysis, across millions of devices, Charles and his team are helping the industry better understand the underlying infrastructure of mobile traffic, and the risks that are likely to come in the future. By understanding these risks, organizations will be better able to apply network-based countermeasures to help detect and protect themselves going forward.”