Why you phone could be the enemy within

The number of malware attacks have increased over the years with attackers employing sophisticated malware.

Digital thieves are now targeting your mobile phone. They are stealing crucial information from you and sell them on the dark web for profits. All this happen without your knowledge. Mobile devices over the years have formed an integral part of our lives. They are integrated into both our business and personal lives. While these gadgets have continuously made lives easier and better, security-related issues associated with the devices are increasing rapidly. One of the simplest reasons that draws threat actors to mobile devices is ease of access. Most mobile users do not protect their mobile device or upgrade their operating system to apply security patches. This therefore means that most attackers do not struggle to gain access to devices.

It is estimated that there are 2.1 billion smartphone users in the world with a quarter of these owning more than two phones something that presents a wide target for attackers.  “With increased usage, applications and the BYOD (Bring Your Own Device) policies in work places, smartphones, now serve as easy target for people out to steal data or cause disruption into companies security systems,” says Jeremy Kaye Head of Mobile Security Check Point Software Technologies.

Kaye adds that the current mobile threat landscape has evolved into a much more aggressive beast. “We are now experiencing Gen V cyber-attacks characterized as large-scale and fast moving across multiple industries. These sophisticated attacks on mobile, cloud and various enterprise networks, easily bypass conventional defenses being used by most organizations today as they rely on older generations of security.”

Jeremy Kaye Head of Mobile Security Check Point Software Technologies.

According to Kaye, malicious mobile apps contain malware that can collect, store, and send the sensitive information from the device to third parties without the user’s knowledge. They can also download and transmit malware to other connected devices or networks. Smartphones also double as a recording devices. With that attackers can bug corporate board meetings just with the click of a button. Phones with built-in cameras can also be used remotely and re-purposed as a corporate espionage device. If a business executive or employee does banking transactions through a mobile app and their smartphone has been compromised, the account could be hijacked. If an employee’s phone is hacked, the hacker could steal company passwords and remote access logins.

A study by Checkpoint Software technologies titled August Most Wanted Malware, while major malware like Ransomware, crypto miner, and banking Trojans have had, and continue to have, a big impact, mobile attacks on Kenyan companies are growing in prevalence. When comparing the impact of these attacks to the global market a research by Kenya averaged 25 – 35 per cent higher between January and August 2018. According to Trend Micro, an internet security solutions company, mobile ransomware surged by 415 percent in 2017, while 30,000 more fake apps appeared in Google Play than in 2016. At the same time, vulnerabilities in iOS and Android have also doubled.

He most common ways malwares get into smartphones is through mobile apps. Hackers chose popular applications that are likely to be downloaded by users they repackage or infect them and once downloaded users phones are infected. The other way is what is known as Malvertising. Through this way, attackers insert malware into legitimate online ad networks to target the end users.  Such ads appear normal and appear on a wide range of apps and web pages and once the user clicks on them, their devices are infected with the malware. While a free Wi-Fi in a public spot can serve as a lifesaver, attackers are also using them to hack into phones. But, it could also put users into risk. One of the dangers is that the data are often open and unencrypted and unsecured hence leaving user’s phone susceptible to a man-in-the-middle (MITM) attack. This is when a cybercriminal exploits security flaws in the network to intercept data.

“The need for local businesses to partner with security specialists that can help them remain one step ahead of the game is essential,” says Kaye. He adds that Check Point has a team of over 40 members across Africa, and is committed to ensuring that organizations have access to security solutions like Check Point Infinity which enables enterprises to prevent Gen V cyber attacks across mobile, cloud and various other enterprise networks.

For organizations and business protecting themselves against attacks that originate from employees phones is not easy. Mobile devices often crisscross networks, and at that operate on both sides of a firewall where there are minimal management options, limited visibility of activity and no privileged accounts.

Related posts

Amazon Accelerates AI-Powered Automation, Sparking Workforce Concerns

M-KOPA hits 3m customer milestone in drive to tap ‘unbanked’ masses

Onafriq, Visa Partner to Launch Visa Pay in the DRC