You guessed it: smartphones are the new target. Here are some tips to help organizations recognize and plug up attack surfaces.

The pervasive use of mobile devices today has made mobile security a key concern.

With the push for remote-working accelerated by the pandemic, employees are increasingly accessing corporate data from their mobile devices, making organizations’ data more vulnerable to breaches.

According to Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies, researchers at Check Point have been observing an enormous rise in the number of attacks and data breaches that are coming in through the mobile. With that, he offers some of the key findings and associated advice for countering the risks:

Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies
  1. Fake pandemic/vaccine-related mobile applications
    Since the very beginning of the COVID-19 pandemic, we have seen an uptick in the number of fake applications being created around the fear and anxiety over the global health crisis.

    Some of the mobile malware include Mobile Remote Access Trojans (MRATs), Banker Trojans, and Premium Dialers that spread through apps that claim to offer coronavirus-related information and help. Check Point researchers discovered 16 different malicious apps, all masquerading as legitimate coronavirus-related apps. These apps contain a range of malware focused on stealing users’ sensitive information or generating fraudulent revenues from premium-rate services. It is important to note that none of the malicious apps were available through an official app store.

    Organizations are urged to reiterate this danger regularly to their mobile workforce. Since most of us access corporate emails and other company assets from our mobile devices, an info-stealer installed on the device that steals credentials could be the starting point of an attack on the corporate network. Organizations need to take steps to ensure that employees do not download any app that does not come from a legitimate source.
  2. Mobile devices tainted from Day One
    It is not just what you click on or download—mobile phones cyber risks can be built in and hidden in the device itself just waiting for someone to exploit it. Already over 400 vulnerabilities have been found in one of the biggest Digital Signal Processor (DSP) chip manufacturers: Qualcomm Technologies that are used in over 40% of the mobile phones on the market, including Google, LG, Xiaomi, OnePlus, and more. 

    The vulnerabilities within the DSP chip can turn the phone into a perfect spying tool, without the need for any user interaction. Information that can be leaked from the phone include photos, videos, call recordings, real-time microphone data, GPS and location data.

    Attackers may be able to render the mobile device constantly unresponsive, and the malware can completely hide its activities and become unremovable.
  3. Ransomware goes mobile
    Computer-based ransomware attacks have caused tremendous damage to organizations and private assets around the world. The truth is, ransomware has been evolving fast and taking over the mobile world too.

    One such example is the Black Rose Lucy malware. Originally discovered in September 2018 by Check Point, Lucy is a Malware-as-a-Service (MaaS) botnet and dropper for Android devices. Earlier this year, the firm found an evolved Lucy containing new ransomware capabilities can take control of victims’ mobile devices, making various changes and installing new malicious applications. They were distributed mainly through social media linked and instant messaging applications.

    Further, ransomware itself has already evolved into double extortion attacks. Organizations could pay the attacker’s ransom demand in hopes that the promised decryption keys are delivered, but who can ever trust cybercriminals to keep their word?
  4. Corporate Mobile Device Management (MDM) malware distribution

    Using corporate MDM to distribute malware is a phenomenon that was first seen in the wild. Check Point recently discovered a new Cerberus variant in action, targeting a multinational conglomerate.

    What was shocking about this variant was that the malware was distributed through the company’s MDM server, and it compromised over 75% of the company’s devices.

    Due to the extent of this malware’s capabilities, the company decided to ‘factory-reset’ all devices, deleting all content from hundreds of employees’ devices. This shows the importance of understanding the difference between managing and securing mobile devices.

    While MDM offers an easy way to manage mobile devices, security cannot be automatically guaranteed, and sometimes the core feature might also be its core weakness. 

The danger is real, and the potential damage is great. The above threats and recommendations underscore how important it is for organizations to be alert to mobile risks and have visibility into these threat spaces.