Cyber Criminals Increasingly Focus On Mobile Devices

Uploaded on 2022-04-28 in TECHNOLOGY--Resilience, NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Research carried out in 2021 by Bitglass and Cybersecurity Insiders surveyed hundreds of IT professionals, who focus on cyber security, revealed that almost half (49%) of organisations worldwide are unable to detect an attack or breach on employee-owned devices. 

At a time when workforces around the world are becoming increasingly distributed, there’s a genuine risk that the mobile arena could soon become the new corporate cyber security battleground. 

From mobile spyware that can assume complete control of iOS and Android devices via zero-click exploits, to trojans deployed via malicious apps that can harvest users’ credentials, organisations have never been more at risk from mobile threats. What’s more, any notion that hybrid working and a BYOD (bring your own device) culture were simply part of a temporary response to the COVID-19 pandemic can now also be laid to rest. 
In data published as recently as February 2022, Statista reported that 30% of the world’s workforce now work exclusively from home. 

The same survey indicated that around 60% of companies are now actively facilitating hybrid working, giving their employees the freedom to choose where they log on. But how many of these organisations are fully prepared for the security demands of a truly mobile workforce? 

As outlined Check Point's  2022 Security Report, the number of weekly cyber attacks on corporate networks peaked at an average of 900 attacks per organisation in Q4 2021. Across the entire year, there was a staggering 50% increase in weekly attacks from 2020. 

Far from being a coincidence, it’s more likely that cyber criminals are simply taking advantage of the expanding mobile ecosystem that organisations worldwide now occupy. 

The Emerging Mobile Threat

We’ve seen some concerning developments in the mobile threat landscape throughout the past year. The Report referenced NSO’s Pegasus, notorious for its ability to gain full control of iOS and Android devices via an elaborate zero-click method. NSO Group, the group responsible for the spyware, is currently one of the highest-profile vendors of “access-as-a-service” malware, selling packaged hacking solutions that enable affiliate threat actor groups to target mobile devices without the need for homegrown resources. 

In 2019, Pegasus was used to hack WhatsApp and infect more than 1,400 user devices, from senior government officials to journalists and even human rights activists. More recently, in 2021, it was widely reported that Pegasus had been used to target the mobile devices of more than 50,000 devices around the world, including those of high-level business executives. 

Pegasus is noted for its sophisticated infection and data exfiltration capabilities, and as such we think it’s likely to inspire similar malware threats. 

As mentioned in the report, a Macedonian-based group has already created the Predator spyware in Pegasus’ wake, designed to infect target devices via single-click links sent over WhatsApp. Both Pegasus and Predator are representative of a general shift towards social media and messaging apps as a way to steal credentials and infiltrate corporate networks. 

In August 2021, an Android trojan known as FlyTrap was found to have compromised more than 10,000 Facebook accounts across more than a hundred countries. Not long after, a fraudulent version of WhatsApp designed to deliver the Triada banking trojan made its way onto the Android store, putting thousands of devices at risk. 
Toward the end of the year, in November, a new malware known as MasterFred gained traction by using fake login overlays to steal credit card information from Twitter and Instagram users.  

These emerging mobile malware threats aren’t just designed to impact individuals; they’re designed to extort and steal data from corporate networks at a time when the lines between personal and business-owned devices are becoming increasingly blurred. 

WhatsApp Business launched in 2018 and already has more than 100 million users, all of them using the messaging app to exchange potentially sensitive business information. This emerging mobile threat is real, and this is most likely only the beginning.  

SMS Phishing

Another worrying trend we’ve witnessed is a rise in SMS phishing, or “Smishing” attempts. Using SMS messages as an attack vector may seem rudimentary, but as with email phishing it’s still disconcertingly effective. In the report, it is noted that the FluBot botnet had made a return in 2021 despite being dismantled by authorities earlier in the year. It published convincing security update warnings, parcel delivery alerts and voicemail notifications to users that, if they clicked on the link, would infect their device. 

UltimaSMS also launched in 2021, is a widespread SMS scam that leveraged more than 150 apps on the Google Play Store to sign victims up to a “premium” SMS subscription service without their knowledge, stealing money and additional access privileges as a result. 

With an increasing number of users bringing their smartphones to work or using their smartphones at home to access work-based information, the risk caused by Smishing, or any phishing campaign for that matter, cannot be ignored. 

Banking & Mobile Malware

The banking malware landscape has been a hive of activity for years now, dominated by adaptive, difficult-to-detect malware families that extort business and harvest financial information. Trickbot rose from second place to become the most prevalent banking trojan in 2021, responsible for nearly a third (30%) of all global incidents according to our own research. 

Trickbot is incredibly versatile and uses sophisticated techniques such as anti-analysis to get around the defenses of financial and technology companies, including those that deal in cryptocurrency. 

Qbot and Dridex are two other prominent banking trojans that exhibit botnet-like features, used by ransomware campaigns to drop malware onto infected devices. Dridex was even among the first malware to be distributed via the Log4j vulnerability that put countless businesses at risk toward the end of 2021.  In September 2021, a wave of malicious Android applications that targeted the PIX payment system and its mobile banking apps was uncovered by Check Point Research. 

These applications abused Android’s Accessibility Services (AAS) in order to siphon money from PIX transactions while remaining largely undetected. 

This was yet another incident that probably inspired further similar moves from other threat actors within the mobile banking space, which is not good news for a generation of accountants, c-suite executives and business owners that are now more likely than ever to rely on mobile or remote-access banking.   

How Organisations Can Keep Their Guard Up

From malicious apps and mobile ransomware to SMS phishing and OS exploits, the mobile threat landscape is a complex one for organisations to navigate, particularly with employee-owned devices in the equation. 

How can a company strike a balance between protection and privacy? What can businesses do about devices that are inherently vulnerable? Aren’t MDM (mobile device management) solutions enough to keep company data safe?  

The difficulty with mobile devices is that they’re vulnerable to several attack vectors, including the application, network and OS layers. If an organisation wants to proactively guard against mobile malware instead of simply reacting to infections as they occur, it needs more than the basic level of monitoring afforded by most MDM solutions. 

Check Point’s Harmony Mobile, uses real-time threat intelligence to actively guard against zero-day phishing campaigns, and URL filtering to block access to known malicious websites from any browser. It also enforces conditional access, ensuring that if any device does become infected it will be unable to access corporate applications and data. Harmony Mobile achieves all of this, and more, without disrupting employees or hampering their productivity. 

As our mobile ecosystem continues to expand, the attack surface area available to threat actors will expand right along with it. It’s never been clearer that mobile security is no longer an option for businesses. Instead, they should be looking to broaden their capabilities while taking a more holistic approach to guarding their increasingly distributed endpoints.

Ian Porteous is Regional Director, Security Engineering, UK&I at Check Point Software

You Might Also Read: 

The New Security Demands Of Our Hybrid Working Future:

 

« Identity Access Management Essentials
The Role Of AI In Data Analysis »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

Watch this webinar to explore the Security orchestration, automation, and response (SOAR) paradigm, its relationship with organization IT practices, and its role in your security strategy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

Verve Industrial Protection

Verve Industrial Protection

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

Logz.io

Logz.io

Logz.io is an AI-powered log analysis platform that offers the open source ELK Stack as a enterprise-grade cloud service with machine learning technology.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

TechArch

TechArch

TechArch helps customers to optimize their investments in cybersecurity by providing them independent and vendor-neutral consultation and guidance.

Xilinx

Xilinx

Xilinx is the inventor of the FPGA, programmable SoCs, and now, the ACAP. We are building the Adaptable, Intelligent World.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Lantaca

Lantaca

Lantaca specialize in cloud-based security solutions for modern networks.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

boxxe

boxxe

boxxe create flexible IT infrastructures, collaborative global workspaces and data clarity, all underpinned by world-leading security.

Invictus Growth Partners

Invictus Growth Partners

Invictus Growth Partners is a private equity firm that invests capital into and advises technology companies and helps them scale with our expertise and access to our Guild.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

ServerScan

ServerScan

ServerScan specializes in providing server scanning & compliance services to organizations of all types and sizes.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.