More and more people are using their mobile device for work. This means that attackers are constantly working to find new entry points and vulnerabilities.
How Many New Vulnerabilities are There?
Google’s Andriod operating system averaged 5,768 malware attacks DAILY over a 6 month period according to CYRENS 2013 security report, And today, 99% of new mobile malware is targeted for Android devices, according to the F-Secure Mobile Threat Report. But that doesn’t mean that iOS devices are immune to such attacks. The number of documented vulnerabilities for iPhone and iPad increased by 82% in 2013, according to a Symantec report. With these new vulnerabilities discovered, that means that there are new opportunities for malware to be introduced.
What Does This Mean for Businesses?
For the past few weeks on our HST blog we have been discussing the new BYOD (Bring Your Own Device) trend. For many businesses, particularly SMBs this is an attractive program. Employees can bring the tech they feel most comfortable with and employers don’t have to foot the bill to upgrade new devices. However, with the advent of BYOD, a new opportunity has presented itself for hackers.
Hackers can now work to breach a company’s perimeter by accessing company data from a mobile device. They can also get on a company’s WiFi using an infected device and access data. For many SMBs it can be difficult to keep up with the increasing threats, particularly if you have a small IT department that is often busy supporting employees’ tech needs. To properly implement a BYOD policy, you need to be aware of the risks and find ways to mitigate these risks.
Here are some new threats to be aware of and look out for:
4 New Threats to Your Mobile Device Security
Mobile phishing and ransomeware:
Attackers use mobile apps and text messages to encourage trusting users to click on bogus links. “If they can make you believe a message is from a trusted source, chances are you will click,” says Stu Sjouwerman, cofounder of security training company KnowBe4 LLC in Clearwater, Fla. These links allow malware to download to the mobile device, just like on a desktop computer. Hackers can create messages that look very much like they came from a legitimate source. This includes emails, instant messages, social networking links and text messages.
Ransomeware is also increasing. When a mobile user opens an infected attachment, the malware locks all files on the device. Users are not able to access their files until they pay the ransome price named by the attackers. According to Sjouwerman, one of the most common new infection sources comes from manually downloading software that claims to be for a video player other than from the Google Play App Store.
Using an infected mobile device to infiltrate nearby devices:
From a hacker’s perspective, “Wouldn’t it be nice if we could just walk into the network with a compromised phone and have direct network access to all of those potential vulnerabilities? In many cases you can,” says security expert Georgia Weidman. One easy way for attackers to access a network is through an unsuspecting device. The hacker can be safely away from the scene of the crime, but use another device to get onto the business’ network.
One such attack is the SPF Agent (Smartphone-Pentest-Framework). This attack presents itself through what appears to be an official app, such as a news app. However, the app is also communicating with an SPF console some distance away. The app allows thieves access to the mobile device. Then, the mobile device communicates with a laptop somewhere nearby via the company WiFi network. Now, the attacker is able to access information on the laptop as well and has access to company information and data. This can happen on most any WiFi network if a connected device has vulnerabilities.
Cross-platform banking attacks:
With this type of hybrid attack, thieves work to access a user’s bank account. First, malware is dropped onto the user’s desktop. This malware knows when the user is accessing his or her bank website. The spying occurs in the browser memory, so the attackers are able to access the users credentials before they are encrypted and sent off. After this inital attack, thieves send a message similar to this – “for increased security, download this app.” Then, they ask for the users phone number and email address to send an SMS link to download the app. Once the user clicks the link, the hackers have access to both the phone and the desktop.
People rely on their mobile devices 24/7. Unfortunately, this increase in use has not translated to a increase in mobile device security use or understanding. For many users, it is simply a lack of education. 44 % of adults were unaware that there were security solutions for mobile devices, according to the 2012 Symantec Threat Report. And that number rose to 57% in the report released in 2014.
For many people, it is simply that not too long ago we were using basic phones without the need for security measures. After all, most of us have been using desktop computers for decades, so we are aware of the risk. But smartphones are a relatively new tech device, and so are all their risks. “Looking ahead, experts agree that mobile device malware and scams will only increase as users pack their mobile phones with more rich and sensitive data – and the implications will be even greater for businesses that hire young workers,” says Stacy Collett, a CSO writer.
“An investment in knowledge pays the best interest.”
Knowing the risks and educating your employees can drastically help mitigate the dangers. If employees know what red flags to look for and basic safety measures, this can go a long way. For many companies though, staying up to date and being able to provide this information can be daunting. Many SMB IT departments are already maxed out and don’t have the time to collect and disseminate the necessary information.
This is where IT Managed Service provider companies come in. At HST, we can help you stay on top of all the changes. We can analyze your network and let you know where vulnerabilites exist. Then, we can provide security solutions that keep you up-to-date at all times.
Need Some Help Getting Started?
Struggling to figure out which option is best for your business? Our FREE Mobile Device Policy Consultation ($297 value) helps provide computer and network support. We will help to point you in the right direction for your business.
Call Us Direct: 512-900-9478 or Contact Us HERE.
Live in or near Austin? Want to get some practical cyber security information you can use immediately? Interested in learning more about how to remain secure and welcome your user’s mobile devices onto your network? Register to attend our November TECH & TACOS lunch and learn event.
About Higher State Technology (HST) Since 2004, specialists at Austin-based Higher State Technology (HST) have provided implementation, troubleshooting, hardware, software and managed services solutions for multi-location companies and for solopreneurs. HST helps companies safeguard their IT assets through network protection, backups and disaster recovery, ant-malware and anti-spam protection, and other risk management services. HST offers remote and onsite IT support and management tailored to the needs of each client. For more information, visit www.Higher-State.com.
Check out the blog post that was the inspiration for this one HERE
Author: Meredith Clark; HST Writer