Cybercriminals have set their sights on mobile devices

We are generating and consuming information on mobile devices at an astounding rate. Unfortunately for companies, attackers have begun targeting mobile and IoT devices more frequently, hoping to steal data or gain access to corporate networks.

This year's Nokia Threat Intelligence Report examines trends and statistics for malware infections in devices connected through mobile and fixed networks. The most recent report reveals that smartphone infections increased 83% in the last 6 months of 2016, with smartphones accounting for 85% of mobile infections. The other 15%?  Windows/PC systems connected to mobile networks using dongles or tethered through mobile devices.

Why Mobile?

Due to the small form factor (and distracting nature) of mobile devices we are less likely to notice a misspelled word or fuzzy logo. Security best practices that we employ on a desktop or laptop such as viewing a full e-mail header to reveal an address or hovering over a URL to confirm the destination are not possible on mobile, making phishing and similar attack vectors even more effective.

Cybercriminals also take advantage of mobile’s reliance on apps and services. By creating malicious applications that masquerade as legitimate ones and malicious behavior within “friendly” apps. These man-in-the-middle attacks can be designed to download malware, access all of the information stored on the device or deliver a future payload.

Emerging Threats

Although the terms may sound amusing, these threats targeting mobile devices are anything but funny.

Vishing / Smishing : Attackers use spoofed numbers so voice calls, voicemails and SMS appear to come from a legitimate company or contact. attacks may urge you to provide your username and password or credit card information.

Bluesnarfing/Bluejacking: These two attacks take advantage of Bluetooth technology to sneak into mobile devices. Bluesnarfing is unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops and laptops. Bluejacking is the sending of unsolicited messages over Bluetooth, often used in guerrilla marketing campaigns. Any device with its Bluetooth connection turned on and set to “discoverable” may be susceptible to these types of attacks.

Managing Risk

The modern workplace has evolved to accommodate employee owned mobile devices that connect to, or access information contained in company networks (BYOD). Although the ability to allow staff to work at anytime from anywhere and on any device provides real business benefits; it also brings significant risks. Recent findings show that 63% of businesses have no policy about the type of company data their employees can store on their mobile devices and 35% reveal no measures are used to manage and secure data accessible on employees’ mobile devices. To ensure company data does not end up in the wrong hands, it’s imperative for companies to put security measures in place and clearly define them in an Acceptable Use or BYOD Policy.

Tips for Securing Mobile Devices:

• Ensure your operating system and apps are always up to date

• Use strong passwords or touch ID features to lock your devices

• Review what information is accessed by apps prior to downloading them

• Only download any apps/programs from trustworthy sources

• Never download apps from text message or e-mail links

• Don’t respond to voicemails or text messages from blocked or unknown numbers

• Avoid logging in to key accounts like e-mail and financial services on public networks

• Don’t respond to unsolicited e-mails, text or phone calls that request personal information

• Avoid clicking on unsolicited or unknown links on mobile devices

• Disable WiFi and Bluetooth when not in use

For many of us mobile devices are a crucial component in our day to day life, despite the security and privacy risks. For companies, this means mobile devices also need to be considered a crucial component of any network they connect to and need to be secured.

Nokia Threat Intelligence Report 2H2016        
ARXAN/Ponemon Institute 2017 Study on Mobile and IoT Application Security