The number of cyber attacks is constantly increasing. In fact, our 2022 half-year report showed a 42% increase in attacks globally compared to the previous year. And according to the World Economic Forum’s 2022 Global Risk Report, 95% of cybersecurity problems are due to human error. This should be a red flag for all businesses, especially as they transition to remote and hybrid work where employees are more likely to use mobile devices. These devices now have access to sensitive corporate data and a direct connection to the corporate network. Combine this with the key ingredient “human error” and you’ll see why mobile is such a prime target for cybercriminals.
Here in India, Check Point Threat Intelligence reports that an average organization in India was attacked 1742 times per week over the last 6 months, compared to 1167 attacks per organization globally, with 4.9% of malware attacks occurring via mobile (1st place worldwide). ,8th %). .
Despite this, many corporate cybersecurity strategies typically only focus on traditional endpoints such as laptops. Do you know if all mobile devices in your organization are safe from malware? Maybe you have Mobile Device Management (MDM) and think that’s enough? Unfortunately, MDM does not offer intrusion detection or scanning for malware. And as the mobile threat landscape continues to evolve, having a robust solution has never been more important. Let’s take a look at the current landscape and what you need to know to stay protected in 2022.
Successful spyware marketplace
The current mobile malware landscape is a minefield in which more and more vulnerabilities are exploited and spyware software is deployed. In our last security report, we found that NSO Group’s infamous spyware, Pegasus, wreaked havoc after it was discovered gaining access to government officials and human rights activists’ mobile devices. Unfortunately, 2022 was no different when it was discovered that Pegasus had compromised the devices of the Finnish Ministry of Foreign Affairs, the Spanish Prime Minister, as well as multiple devices belonging to British officials.
In July, Apple introduced a “lockdown mode” for its devices to protect against Pegasus hacks. While this mode increases the security of the users who will be using it, it also significantly reduces the user experience and limits the functionality of iPhones. While Pegasus is one of the most powerful tools out there right now, the surveillance vendor ecosystem has also become more competitive. For example, towards the end of 2021, Predator, a spyware from commercial surveillance company Cytrox, infected iPhones via single-click links sent via WhatsApp. To date, the reach of these tools, let alone their mechanisms, is still not fully understood by the cyber community, despite extensive research efforts.
Zero-Click Attacks
In terms of techniques, this year we have seen an increase in detected zero-click attacks. As the name suggests, these attacks require no input from the victim before deploying malware. This is because they exploit existing vulnerabilities in apps already installed, allowing attackers to sneak past verification systems and begin their attack unnoticed. This technique is particularly focused on applications that accept and process data, such as instant messaging and email platforms.
We saw this in action in April when a new zero-click iMessage exploit used to install Pegasus on iPhones was discovered running on some early iOS versions. The exploit, called HOMAGE, was used in a campaign against Catalan officials, journalists and activists.
However, it is important to emphasize that this technology poses a threat not only to world leaders, but also to everyday people and organizations. Our phones are hubs for sensitive data, both personal data such as banking information and business data, with many employees now connected to their company’s networks and data via their cellphones, a trend that has multiplied over the course of the pandemic as thousands work from home . Cyber criminals use this silent and persistent practice to gain as much access as possible.
Smishing attacks on the rise
In addition to zero-click attacks, we have also observed a steady rise in the distribution technique known as “smishing” (SMS phishing), in which SMS messages are used as an attack vector for malware distribution. These attempts often mimic trusted brands or personal contacts to trick the victim into clicking a link or sharing personal information in private. This method has proven particularly successful because once a device is compromised, its entire contact list is available, creating an endless cycle of potential victims.
This is how the infamous Flubot was commonly used. Since its creation in December 2020, it has been considered the fastest growing Android botnet ever. The group is known for being particularly innovative and constantly looking for improvements to their variants, resulting in tens of thousands of casualties. In June, for example, an international law enforcement operation involving 11 countries resulted in the infrastructure being shut down and the malware disabled.
Obviously, Flubot’s position couldn’t remain vacant for too long, as soon after, a new Android malware operation dubbed MaliBot appeared in the wild. MaliBot targets online banking and cryptocurrency wallets in Spain and Italy to repeat the success of its predecessor. At the time of writing, MaliBot is already the third most common mobile malware worldwide, despite being so new, with AlienBot taking the top spot.
Security in the App Store?
Many users turn to app stores to protect their devices, but unfortunately there are apps that claim to help deal with security risks but often contain malware themselves. The most secured stores like the Google Play Store and the Apple App Store have thorough vetting processes to screen candidate applications before they are uploaded and are subject to high security standards once allowed on the platforms. According to a recent report, Google blocked 1.2 million suspicious applications and Apple 1.6 million over the course of 2021. However, resourceful cyber criminals keep trying to circumvent these security measures using various tactics, such as manipulating their code to pass the filters, or introducing harmless applications first and adding the malicious elements later.
Therefore, it is not surprising that malicious applications are still hiding in these stores. In fact, these platforms remain the main infection vectors for mobile threats. For example, Check Point researchers recently analyzed suspicious apps on the Google Play Store and found that some of them disguise themselves as genuine antivirus solutions, when in fact, after downloading the apps, an Android stealer called SharkBot was installed, which steals login credentials and banking information. And in February, an Android banking Trojan called Xenomorph was discovered lurking behind a fake productivity app on the Google Play Store. There were over 50,000 downloads.
It must also be pointed out that due to the pandemic that has led to an increase in the use of mobile phones for work purposes over the past two years, the use of mobile phones for work purposes suddenly became the new normal for many users and companies, which meant that mobile targeting also becoming the norm became the new norm for cybercriminals. Unfortunately, the general awareness of mobile phone users regarding cybersecurity attacks is much lower, and although many of them have started using their personal or work-provided mobile phones for work purposes, many still do not see this as a sensitive corporate environment and pay less attention to malicious emails or links they receive.
Unfortunately, the threat landscape is rapidly evolving, and mobile malware poses a significant threat to the security of individuals and businesses, especially as mobile devices are vulnerable to multiple attack vectors, from the application through to the network and operating system layers. To counter this risk, organizations should also implement proactive strategies that can protect employee and corporate data from a potential attack. This has to be a continuous journey as cyber criminals are relentless and constantly adapting and improving their tactics.
For mobile users themselves, we recommend additional security measures, e.g. B. Downloading applications only from certified Google and Apple stores, and even while downloading there – check the recommendations and number of downloads of a specific application to ensure that the application is legitimate. Mobile users should apply the same rules on their mobile phones as they do on their desktop devices, e.g. For example, do not click on links from unknown senders, whether they come via email, text message or messaging applications, and do not download files from untrustworthy sources.
Some organizations may benefit from enlisting the help of tools that strengthen endpoint resiliency and protect remote users. For example, Check Point Harmony uses real-time threat intelligence to actively protect against zero-day phishing campaigns and URL Filtering to block access to known malicious websites from any browser. It also enforces conditional access, ensuring that an infected device cannot access corporate applications and data. Harmony Mobile achieves all of this – and more – without disrupting employees or hampering their productivity.
(The author is Mr. Sundar Balasubramanian, Managing Director at Check Point Software Technologies, India & SAARC and the views expressed in this article are his own.)
