Exploitation, Phishing Top Worries for Mobile Users

  /     /     /  
Publicated : 23/11/2024   Category : security


Exploitation, Phishing Top Worries for Mobile Users


Reports find that mobile malware appears on the decline, but the exploitation of vulnerabilities along with phishing has led to a rise in compromises, experts say.



RSA Conference — San Francisco —
Mobile malware appears to be declining as a favored tactic of cybercriminals, but the mobile ecosystem is far from risk-free as phishing and vulnerability exploitation become more significant threats, security experts said this week at the RSA Conference.
In 2019, the worldwide mobile ecosystem continued to expand, growing by 8.9 million new apps, or 18%, while at the same time the number of malicious apps declined, especially on premium app stores, such as Apple and Google, according to the 2019 Mobile App Threat Landscape Report, published by RiskIQ. At the same time, companies saw mobile- and Internet of Things-related compromises grow, with 39% of firms suffering such a security incident, up from 33% in 2018, according to Verizons Mobile Security Index 2020.
The current threat landscape is best exemplified by the vulnerabilities in the WhatsApp chat application last year, says Michael Covington, vice president of product at Wandera, a provider of mobile cloud security. In April and May, nation-state attackers used serious vulnerabilities, including a remote exploit for a vulnerability in the video player on WhatsApp, to
compromise targeted users
.
These are apps that have already gone through the app store vetting process, and they are installed on the device, Convington says. And when a vulnerability comes out, many companies cannot do anything, because they have no visibility into what apps are on their employees devices.
The two trends — less mobile malware, but more mobile-related compromises — highlight that attackers are finding ways to compromise devices that do not rely on convincing a user to download malicious software.
The impact of the attackers tactics is significant. In 2019, two-thirds of companies suffering a breach from mobile malware considered the impact significant, while more than a third also considered the effects of the breach to be lasting, according to Verizons report. The majority of companies suffered downtime or loss of data in a breach, but many also found that other devices were compromised following a mobile breach and they had to deal with reputational damage and regulatory fines.
When most people think of cybersecurity compromises, it’s the loss or exposure of data that springs to mind, Verizon
stated in its report
. But its much more than a company’s sensitive information thats at risk. A mobile security compromise can have a range of other consequences, including downtime, supply chain delays, lost business, damage to reputation, and regulatory fines.
The major mobile app stores have forced attackers to change, with the brand-name stores seeing fewer malicious apps submitted to their vetting process, according to
threat intelligence firm RiskIQs report
. The number of blacklisted mobile apps fell by 20% overall in 2019, while the Google Play store blacklisted fewer than a quarter of the apps it blacklisted in 2018, the company found. Rather than an indication that app stores are easing up on security, RiskIQ argues that the ecosystem is doing a better job of weeding out malware developers from publishing apps to the store.
In addition, malicious apps in apps stores often remain easy to spot, says Jordan Herman, a threat researcher at RiskIQ.
One potential giveaway is excessive permissions, where an app requests permissions that go beyond those required for its stated functionality, he says. Another is a suspicious developer name, especially if it does not match the developer name associated with other apps from the same organization. User reviews and number of downloads, where present, also help to give some level of reassurance that the app is legitimate.
Because of the shift in attackers tactics, companies need to worry about more than just mobile malware. In August, Google revealed that at least five exploit chains for iOS — attacks strung together to gain access to a device — were found on websites in the wild. The attacks could compromise many versions of iPhone and iPads.
[S]imply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant, Ian Beer, a researcher with Googles Project Zero,
stated in an analysis of the attacks
. We estimate that these sites receive thousands of visitors per week.
In many cases, even the legitimate functionality of legitimate apps can pose a risk for their business, says Wanderas Covington.
It is not just malware that defines a malicious app for them, he says. Other behavior is considered risk for many companies. Manufacturing firms dont want apps that can use the camera, for example.
Companies should learn to improve their security before they get breached. In 2019, 43% of companies that had a compromise ended up spending more on security. Only 15% of companies that did not suffer a breach spent more on protection, according to Verizons Mobile Security Index report.
Related Content
Latest Security News from RSAC 2020
Verizon: Attacks on Mobile Devices Rise
Assessing Cybersecurity Risk in Todays Enterprise
Facebook Says Israeli Firm Was Involved in Recent WhatsApp Intrusion 
Financial Firms Face Threats from Employee Mobile Devices
Check out The Edge, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
How to Prevent an AWS Cloud Bucket Data Leak
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Exploitation, Phishing Top Worries for Mobile Users