Mobile App Threats Continue to Grow

  /     /     /  
Publicated : 22/11/2024   Category : security


Mobile App Threats Continue to Grow


Criminals looking to profit from corporate resources and information keep going after mobile devices, two new reports confirm.



Security threats aimed at mobile devices are evolving and shifting – and show no sign of going away. Those are the key results found in a pair of just-released reports on mobile security.
More specifically, the reports look at the security of third-party mobile applications and the effectiveness of carrier-based protection. The picture that emerges is one of risk that varies across industries but is never truly low, as well as the importance of trying to stop the actions of malicious apps as high in the network chain as possible.
In its study of
third-party app risk
, BitSight researchers found that vulnerable apps are common across all industries, with the vulnerabilities including data leakage, privilege abuse, unencrypted personally identifiable information, and credential theft. The differences are in the proportion of vulnerabilities that make up the total picture of each industry.
For example, BitSights research shows that finance had the highest rate (34%) of broken SSL configurations, while 32% of business services and education apps failed at encrypting user data. But in no industry is there a single, simple vulnerability. As Immunity researcher
Lurene Grenier said
at the recent Talos Threat Summit, There are probably 10 full iPhone [exploit] chains at any given time. And thats the most secure calling platform.
 
Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Click for 
more information
In a speech at Interop ITX in May, Mike Murray, vice president of security intelligence at Lookout, pointed out why criminals are so
interested in mobile malware
. The phone is no longer a phone. Its an electronic device that has access to every part of our digital lives, he said. Unfortunately, we still think of it and protect it like its a Motorola flip-phone.  
A second report,
Telco Security Trends, Q2 2018
, conducted by Allot, looks at malware traffic from four communications service providers (CSPs) across Europe and Israel. It found that the CSPs were stopping an average of two pieces of malware per device per day.
From November 2017 through February 2018, cryptomining malware made up the largest single threat, Allot reports, with various adware attacks and phishing messages the next most popular types.
Adware forms an interesting block of threats because its victims are often legitimate advertisers as well as consumers. Pixalate recently found new
mobile app laundering malware
that spoofs ad activity so that advertisers believe they are paying for ads that are shown — but no consumer ever does. The consumer impact is on the performance of their devices, which might see a CPU spike while rendering images and content that is never actually displayed.
Allots report also looks at IoT devices connecting to the CSP networks, confirming a growing issue with these headless devices and
the threats they face
from malware. The research reinforces a point Murray made in May when he told Dark Reading, Capabilities are changing cyber warfare, and everyone is in the game.
Both reports findings show that a critical threat through mobile devices stems from organizations that fail to sufficiently protect their unique capabilities and technologies. Michael Covington, vice president of product at Wandera, put it succinctly in
a Dark Reading interview
when he said, As more communications take place over mobile devices, organizations havent changed their thinking to cover the modes of communications taking place on the devices. We want to see corporations move into the present, recognize the risk, and mitigate the risk.
Related Content:
7 Variants (So Far) of Mirai
North Korean Defectors Targeted with Malicious Apps on Google Play
APT Attacks on Mobile Rapidly Emerging
Pairing Policy & Technology: BYOD That Works for Your Enterprise
New Android Cryptojacker Can Brick Phones

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Mobile App Threats Continue to Grow