SOURCE: Cloudmark

February 11, 2008 08:00 ET

Mobile Operators Brace for Global Surge in Mobile Messaging Abuse

Research by Cloudmark Looks at Mobile Threat Trends in Asia, North America and Europe; Results Indicate That Despite Regional Differences, Overall Mobile Abuse Is on the Rise

BARCELONA, SPAIN--(Marketwire - February 11, 2008) - Mobile World Congress 2008 -- Cloudmark Inc., the global leader in carrier-grade messaging security, today announced new research into mobile messaging abuse trends in Asia, North America and Europe that point to a precipitous rise in mobile spam, phishing and virus attacks in 2008.

Cloudmark solutions currently protect more than 300 million inboxes (including 100 million mobile accounts) for more than 100 of the world's largest mobile and fixed line operators, including Sprint/Nextel, Earthlink, Comcast and Swisscom. In the past year, Cloudmark has worked closely with leading mobile operators across the globe to help them address the growing issue of mobile spam and malware. As a result of these discussions and through analysis of operators' mobile traffic data, Cloudmark is able to offer unique insight into the mobile threat trends that operators and consumers are likely to face in the near future.

While the sophistication of mobile threats and delivery protocols differ from region to region, all signs point to a global rise in mobile spam and malware. Factors such as the continued growth of mobile messaging, reductions in message delivery costs, inherent network vulnerabilities and new mobile marketing initiatives are converging to create a perfect storm for mobile messaging abuse.

Asia

North and Southeast Asia are the most "developed" regions in the world in terms of mobile abuse. Mobile spam is commonplace, driven mostly by the low (or even free) cost to send and receive SMS messages. In China, for example, operators charge less than $US 0.001 to send an SMS message from one mobile device to another. Due to attractive message delivery economics, operators are experiencing rising abuse from both on-network and off-network sources.

--  In China, the average subscriber receives 6-10 mobile spam messages
    per day
--  In India, certain operators face spam levels around 30 percent, even
    after protocol-level filtering
--  In Japan, the current spam problem is expected to worsen as operators
    open their networks to e-mail-to-SMS and MMS services
    

According to leading mobile operators in the region, attackers are primarily using the following attack methods:

--  SMS spoofing and faking -- a type of signalling fraud where spammers
    impersonate other mobile phone numbers and networks to send out spam
--  On-network abuse -- attacks using signalling fraud that appears to
    come from valid accounts or are sent by attackers actually using valid
    accounts to send out spam either from unregistered pre-paid SIM cards or
    other subscriptions where the cost is low
    

While mobile spam used to be considered a nuisance -- containing housing advertisements and pornographic messages -- they have morphed into dangerous scams as attackers learn how to monetize mobile spam. Today, new types of mobile spam leverage social engineering techniques to lure users into calling back premium rate numbers, texting premium rate short codes or entering personal information into a phishing site. For example, in Japan, some mobile users were sent messages threatening to expose their participation in a dating club unless they went to a certain phishing Web site to "unsubscribe."

As a result of this new trend in attacks, operators in Asia are facing growing complaints from customers who had previously ignored mobile spam. In addition, operators must contend with costly operational issues resulting from SMS attacks, including a decline in system performance and the impact on SMSC resources. Further, SMS faking and spoofing attacks from off-network sources cost operators hundreds of thousands of dollars each month in inter-carrier roaming and connection charges.

The situation in many parts of Asia has become so severe that government regulators are stepping in to mandate that mobile operators have greater control over mobile spam through such required actions as registration of pre-paid mobile SIMs and implementation of feedback loops that allow consumers to easily report spam using their mobile device.

"Developments in Asia can be viewed as precursors to the types of mobile abuse that will plague operators in the rest of the world," said Jamie de Guerre, chief technology officer at Cloudmark. "Mobile botnets and on-network signalling fraud, where bulk attacks are sent from within the operator's own network, are examples of advanced mobile threats currently seen in Asia that will likely extend to North America and Europe."

North America

In contrast to Asia and Europe, in the United States, e-mail-to-mobile attacks are dominant. All major U.S. mobile operators have enabled the sending of SMS messages through e-mail. Unfortunately, text messaging via the Internet also provides a cost-effective channel for attackers to reach mobile subscribers. While not key targets in the past, e-mails associated with mobile numbers are now showing up on the radar of spammers and phishers.

Cloudmark's work with leading mobile operators in North America has found that e-mail-originated mobile abuse now accounts for almost 25 percent of all messages sent to mobile devices via e-mail. According to Ferris Research, the number of mobile spam messages will continue to grow at a fast clip:

--  In 2007, 1.1 million SMS spam messages were received in the U.S., a 38
    percent increase from 2006
--  In 2008, the number is expected to grow by almost 50 percent to 1.5
    million
    

Spikes in mobile spam traffic can cause significant operational issues for mobile operators, including driving up resource utilization and customer complaints. In addition, because victims of mobile spam in the U.S. are often charged for receiving SMS messages, they are much more likely to complain and ask for credits from their carrier.

Thus far, mobile spam attacks in North America have been fairly primitive, taking the form of unsolicited advertising, stock scams, "Google Pages" spam, etc., as spammers are still trying to figure out how to monetize the mobile medium. However, as mobile operators begin to promote new forms of content, such as mobile advertising and mobile banking, attackers will likely follow suit with more sophisticated scams. In addition, further reductions in the costs associated with sending and receiving mobile SMS will lower barriers to entry for spammers.

Europe

In Europe, mobile operators' "walled garden" strategies have limited the amount of third-party content from reaching mobile users. Whereas this closed network approach, coupled with the relatively high costs to send SMS messages, has limited attacks, it has not prevented them completely. European operators report that the following forms of attacks are on the rise:

--  Off-network signaling fraud from Asian or Eastern European networks
    using faking and spoofing techniques
--  SMS flooding -- denial of service (DDos) attacks in which large
    volumes of SMS spam are sent during short time intervals
--  Predominance of low-volume, high-value attacks involving phishing and
    premium rate phone numbers
    

European operators will likely face the following attack vectors in the future:

--  WAP push attacks where phishers hide phishing URLs from subscribers
    and provide one-click access to a phishing Web site
--  'Vishing,' which combines voice with phishing tactics, is gaining
    momentum as fraudsters look to extract financial information via the
    telephone
--  On-network attacks coming from mobile botnets
    

Many European operators have implemented anti-faking and anti-spoofing solutions that detect attacks coming from foreign networks. However, these measures have not entirely closed the door to spammers. The open nature of GSM networks requires that all partner networks must deploy similar measures to be effective. In addition, advanced techniques such as botnets and on-net attacks, which will inevitably rise as message delivery costs lower, are impervious to these solutions.

Universal Concerns

Mobile operators worldwide are concerned about the impact of growing messaging abuse on subscriber loyalty and overall public perception of an operators' brand, which in turn leads to increased customer churn and higher support costs. Most alarming to many carriers is the damage mobile abuse may cause to future revenue-producing services.

"The growth in mobile messaging abuse is exposing operators to additional and unnecessary costs at a time when they are turning to messaging and mobile advertising to open up new revenue streams," said de Guerre. "For mobile operators, the greatest risk is that subscribers' zero tolerance attitude towards intrusive mobile spam will prompt them to change providers or opt out of mobile advertising and marketing opportunities, leaving much needed new revenue streams fatally crippled from the outset. For this reason, it's simply not an option for mobile operators to adopt a wait-and-see approach when it comes to their mobile messaging security strategy. Instead, operators must be keenly aware of the potential security challenges that lie in their path and take a proactive approach to protecting their subscribers, their brand and the future success of their mobile services."

About Cloudmark Authority for Mobile

Cloudmark Authority for Mobile, a carrier-grade messaging security solution, is designed to combat the most sophisticated mobile threats. Cloudmark Authority goes beyond protocol-level controls that counteract signalling fraud between mobile networks to also catch on-network mobile abuse that has already been accepted by the mobile network. Cloudmark Authority also identifies emerging mobile botnets that have compromised user devices via malware transmitted over Bluetooth or the Internet.

Backed by a unique and powerful combination of Advanced Message Fingerprinting™ and real-time feedback from the Cloudmark Global Threat Network, Cloudmark is able to quickly and effectively identify mobile spam, phishing and virus attacks -- regardless of format or language -- before they are transmitted to the subscriber through e-mail, SMS or MMS.

About Cloudmark

Cloudmark, Inc. delivers the industry's fastest and most accurate anti-spam, anti-phishing and anti-virus solutions for fixed and mobile networks. Founded in 2001 by pioneers in messaging anti-abuse, Cloudmark architected an innovative approach combining Advanced Message Fingerprinting™ with the world's largest real-time threat detection network. Cloudmark solutions protect more than 300 million mailboxes and more than 100 of the world's largest service provider and mobile operator networks with customers, including Swisscom, Sprint/Nextel, Comcast, Earthlink, Tele2, THUS, NTT OCN and Virgin Media. A privately held company headquartered in San Francisco with offices in London, Tokyo and Hong Kong, Cloudmark's comprehensive messaging security portfolio addresses the unique needs of service provider with additional solutions for enterprise and desktop users. For more information about Cloudmark, please visit www.cloudmark.com.