Know the Risks: Mobile Devices under Attack

Mobile devices are a critical part of modern society, playing a role in how people communicate with each other personally and professionally, how they accomplish tasks personally and professionally, and how they remain productive on the go. Remote work is now a bigger part of the picture thanks to COVID-19, and mobile-device security should be a focus for both individuals and enterprises that rely on mobile devices, which are consumer devices at their core, for productivity.

2020 had ramifications in the cybersecurity world at large. Cybercrime surged alongside the surge in remote work and work-from-home solutions, which were thrusted into the limelight by the pandemic and social-distancing requirements and precautions. Employers and employees suddenly needed to adopt new technology solutions to enable collaboration and get work done. As a result, cybercriminals have been on the prowl.

BlackBerry’s 2021 Threat Report examines the major cybersecurity events of the previous year and predicts what issues will continue to affect the current year. According to the report, which evaluates 2020, the pandemic was the most obvious cybersecurity event of the year; it created myriad opportunities for cybercriminals to take advantage of people’s fears and evolving work situations. Threat actors waged more attacks on the healthcare and medical sectors than usual. Attacks also targeted the vaccine value chain, attempting to undermine it.

In the mobile realm, BlackBerry’s report highlights mobile overlay attacks, which malactors have designed to steal payment and access information by appearing to prompt users for information within the context of installed mobile applications that they trust. Mobile overlay attacks leverage data—in this case, app usage data—to determine the best time for an attack, prioritizing times when a user will be most likely to be distracted or in a hurry. Then, these attacks present users with a false app overlay that doesn’t seem too out of place and prompts users to re-enter certain information, such as passwords or credit card information.

In another recent report, the annual Pradeo security report, Pradeo points to spear-phishing on mobile devices as another issue that compounded in 2020 and is worth being aware of in 2021. Phishing campaigns aim to either steal information or trick users into installing something malicious on their devices. Pradeo says mobile apps carry out 88% of spear-phishing on mobile devices, and many people don’t know what to watch out for. In fact, in 2020, the report says 34% of employees clicked on a link they saw as part of a phishing scam, and 19% went further by actually providing passwords or downloading malicious programs.

Pradeo’s data shows other disturbing trends for mobile security, including a rise in ransomware and man-in-the-middle attacks. For instance, the report says ransomwares exist on 1.1% of mobile apps, compared to just 0.01% one year ago. And, globally, Pradeo’s research shows that man-in-the-middle attacks have increased by 236% in the past year. This trend makes sense, considering the huge uptick in remote work situations that require workers to access networks from outside their company’s perimeter. A man-in-the-middle attack takes advantage of this reality by intercepting communication between two parties, often with the goal of stealing data. The use of public Wi-Fi networks increases the risk of man-in-the-middle attacks significantly.

With remote work still a huge part of the pandemic recovery and aftermath, cybersecurity threats for mobile devices will continue at higher-than-historic levels. However, with diligence and awareness, businesses and individuals can safeguard themselves and their devices from most cybercrime. The key for enterprises is to be aware of how employees are using their mobile devices to work remotely and educate them about the evolving risks.

Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #futureofwork #cybersecurity #mobilesecurity #mobiledevices #mobile

Source link