subscribe: Daily Newsletter

 

Cybercriminals getting personal

0 comments

When it comes to mobile devices, things are getting more personal, including attacks.
Contact lists, emails and text messages are just the tip of what people keep on their devices. With banking applications, location histories, social media, photographs, enterprise applications and more housed on devices, they are a convenient, one-stop location for cybercriminals to access private information.
Financial gain or to cause harm to an individual or a company are what drive attacks on mobile devices. Typically, these attacks are via mobile malware which has grown exponentially in the past five years. In 2012, there were just over 214 000 new malware samples on Android devices, this figure is estimated at 3 500 000 for 2017. In 2016, Checkpoint found an Android vulnerability affecting 900 million devices which an attacker could easily exploit using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.
“The reality is that we are exposed from all angles,” says Michael Morton, a mobile security specialist at Securicom. “Phishing calls, emails, text messages, malicious apps and even physical robbery put us and the content we keep at risk. Most of us know the potential risks and the associated dangers, but few do anything really meaningful to protect themselves or their devices. For the most part it’s due to naivety.”
He says the more personal the information is on a device, the more personal the attacks on a user can become.
“For a number of years, we have seen people becoming victims of premium SMS scams. You know, the ones where you get charged for services you didn’t sign up for. If you haven’t been a victim yet, probably someone you know has been and the charges can run into the thousands. But, more sinister than this is the tracking of locations and movements; spying on user and log activity and collecting data stored on devices such as banking login details which allow criminals to steal money from their victims. Certain types of mobile malware can actually open back doors into a device that allow attackers to take full control of the device.”
For companies, a compromised device connecting to the network or carrying sensitive business information poses an IT security risk.
“Data loss is top of the list of concerns for businesses, and with all the auditing compliances that are coming into place, mobility management, especially in bring-your-own-device environments, should be a priority,” Morton says.
“Companies need to have the ability to check what apps employees are using, block malicious applications, and ensure that internal and third-party apps meet their corporate security requirements. Without application control capabilities, there is no effective way for companies to manage what apps employees are using or for what.
“The mobility management solution should provide the basics like password protection; remote wipe-clean and lock functionality; device encryption; anti-malware; jailbreak detection,” he says. “Over and above that, the solution should support VPN configuration and management; offer data loss prevention; access control to company networks and printers, and tools for monitoring, managing and reporting on the mobile device environment.”