Mobile device threats are on the rise. Kaspersky stated they detected almost 3.5 million pieces of malware on more than 1 million user devices. Mobile Devices are targeted by hackers, given the rapid adoption and increased usage globally. By some estimates, one out of every 36 mobile devices has high-risk apps installed. Mobile app security statistics for businesses to hear: 71% of fraud transactions came from mobile apps and mobile browsers, compared to 29% on the web, up 16% year over year.
From accessing the microphone, camera, and location of a user’s device, to building convincing app clones — there are many strategies hackers employ to gain access to, and exploit, personal information of unsuspecting mobile app users. Mobile Device Security is a mandate for every business as they all have sensitive and confidential information.
Below are some common mobile threats every organization should know to protect against higher risk such as mobile malware or the primary ways an attacker will compromise a mobile device to gain access to organizational information or use it as a stepping stone into the network. We call these attack vectors “Mobile Menaces”.
Let’s look at the various mobile threat and menace:
1. OS Exploit: The most serious and impactful attack. OS exploits target old or vulnerable mobile device operating systems and that will instantly put you at risk, making you an easy target for cybercriminals.. Updated devices are more immune to attack but not completely safe and can still be vulnerable to zeroday attacks.
2. Rogue Profile: This often comes in on the back of another app (like a VPN app) installing various escalated rights and permissions. Data leakage can also happen through hostile enterprise-signed mobile apps. These mobile malware programs use distribution code native to popular mobile operating systems like iOS and Android to move valuable data across corporate networks without raising red flags. To avoid these problems, only give apps the permissions that they absolutely need in order to properly function.
3. Phishing: This attack disguised as something legitimate like an email, sms, or application and often appears to come from a friend, a business you often work with (like a bank), etc. Once you activate the phish, various attacks can be launched. Because mobile devices are always powered-on, they are the front lines of the most phishing attacks. According to CSO, mobile users are more vulnerable because they are often monitoring their email in real-time, opening, and reading emails when they are received.
4. Bad Wi-Fi: A bad Wi-Fi, also called rogue Wi-Fi or rogue access point, looks like a legitimate Wi-Fi but is actually controlled by the attacker. Once a device connects to the bad Wi-Fi, the attacker can monitor and direct traffic at their discretion which often leads to an exploit being delivered to compromise the device. According to V3, in fact, three British politicians who agreed to be part of a free wireless security experiment were easily hacked by technology experts. To be safe, use free Wi-Fi sparingly on your mobile device. And never use it to access confidential or personal services, like banking or credit card information.
5. Man in the Middle: Often abbreviated as MiTM, this attack inserts itself between the mobile device and the intended destination. The attack uses something familiar (like a website or online banking) as it sits in the middle with the user not knowing they are being attacked. Many times, spyware might be co-workers or employers to keep track of their whereabouts and activity. Also known as stalker ware.
6. Malicious App: These are apps that often look like a normal app (like a flashlight app) but behind the scenes are stealing information. These apps are designed in such a way that gain the access to your device, spreading through apps, and sweeping your information along the way.
7. Risky Apps: These apps are not necessarily malicious but have privacy and/or mobile app security issues as a result of how they were developed. They are leaky apps and are a big issue and provide hackers easy access to your data.
Conclusion:
To protect mobile devices and data, the question arises is what can be done to reduce the risk that represents 60% of an organization’s endpoints? If you want to take the Mobile security of your mobile device one step further you can connect to End Point Detection Experts at ECS.