Many customers, IT managers and CIOs still do not recognize mobile malware as an imminent threat. According to a study from Duo Security, one-third of mobile Android users do not use any lock screen passcode on their device, and most do not take any security measures. Additionally, IT managers and CIOs deploy new apps to their customers and employees without building any security measures into them to allow the identification and mitigation of threats.
However, mobile malware has evolved throughout the past several years and now poses elaborate threats. Business Insider noted that it’s now equal in distribution and risk level to PC malware.
Cybercriminals utilize mobile malware to attack services customers use to steal their account credentials. This is achieved using malware that either attacks the mobile apps directly to steal information or by overlaying the legitimate mobile app with a fake login screen.
Another vector for attacking customers using mobile malware is by stealing a one-time password (OTP) or one-time codes sent to the customer’s mobile devices as part of two-factor authentication. This is achieved by gaining access to text message content using mobile malware and covertly forwarding it to the cybercriminal, who then uses it to log into the customer’s account and complete a takeover.
Mobile devices also provide a great hiding place for fraudsters. As mobile phones are generally very similar to each other as compared to PCs, fraudsters are using the added anonymity this creates to perform account takeover from mobile devices.
While all the aforementioned attack vectors against customers are also valid for stealing employees’ personal information, mobile malware poses a much wider attack threat to enterprises.
Mobile malware can be used to steal much more than employees’ credentials and access the organization’s network. By accessing and stealing the employee’s mobile contacts, emails, calendar information, messages and even location, the mobile malware enables the development of elaborate social engineering attacks against other, more senior employees in the organization. This, in turn, allows the attacker to escalate access gained to the organization’s intellectual property (IP) and resources.
Smartphones include high-sensitivity microphones and high-resolution cameras, and savvy attackers can turn them into advanced spying devices, Gizmodo noted. Mobile malware that provides remote control of a device’s microphone, for example, could lead to recording phone conversations and meetings that discuss sensitive IP, financial or sales information.
Similarly, remote control of the device’s camera gives attackers access to images of meetings, facilities, computer screens, content or even live video streams of sensitive meetings.
Finally, mobile malware has been turned against each one of us as an individual. Individuals may suffer from mobile malware by simple means, such as the malware sending a premium-service SMS or making premium-service phone calls. These hidden malware actions result in inflated mobile bills for an unsuspecting user.
In other cases, individuals suffer much graver consequences. Mobile malware has been wired to take over devices and lock them, demanding a ransom from the device user to regain access to their own device.
Information stolen from personal devices is also used to extort individuals. Attackers threaten to divulge sensitive information or intimate pictures and then demand a ransom to stop the publication of the information.
Fighting Mobile Malware
Mobile threat management (MTM) solutions allow enterprises to detect mobile malware and take remediation actions on affected devices. Enterprise admins can view details of the malware through automatic alerts. Remediation actions could include blocking or selectively wiping a device, or changing policies to create a more restrictive security posture.
MTM integrated with a best-of-breed enterprise mobility management (EMM) suite can manage the entire life cycle of a mobile device, its apps and the data stored on it in order to protect an enterprise’s IP.