2020’s events have precipitated the transition to remote working, strongly increasing workforces’ reliance on mobile devices.
As organizations’ routines and security perimeters crumbled, cybercriminals saw in the chaos an opportunity to seize. In the last 12 months, cyberattacks have flourished all over the world, and targeting mobile devices to reach organizations’ most sensitive data is now more commonplace than ever.
Mobile applications are at the center of mobile usages, and unsurprisingly they have been keeping for years the position of favored vector to compromise smartphones and tablets, counting as the source of 76% of mobile attacks in 2020. However, their tricks are constantly changing to bypass organizations’ security gates, making it complex to detect and neutralize them before they do harm.
CHANCES YOUR SMARTPHONE HOSTS A SPYWARE ARE HIGH
To run its services, a mobile application requires to access some information on the device hosting it, including some about its user. While most apps could properly work by only accessing and using these data locally, 65% of them are actually programmed to send the collected information to a remote location. This silent data exfiltration is often performed to monetize applications, and in this case, details are sold to marketing companies that profile users. The most leaked personal data are location details, contact lists, usages statistics and pictures, audio and video files.
AN OVERVIEW OF SOME ATTACK TECHNIQUES USED ON MOBILE
Man-in-the-Middle / Network Sniffing
Adversaries may attempt to position themselves between two or more networked devices using a man-in-the-middle (MiTM) technique to support follow-on behaviors such as Network Sniffing or Transmitted Data Manipulation.
2FA Interception
Adversaries may target two-factor authentication mechanisms, such as smart cards, to gain access to credentials that can be used to access systems, services, and network resources.
Automated Exfiltration
Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection.
Data Destruction
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Data Encrypted for Impact
Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key.
Data Wipe
Adversaries may wipe or corrupt raw disk data on specific systems or in large numbers in a network to interrupt availability to system and network resources. With direct write access to a disk, adversaries may overwrite portions of disk data.
System Shutdown / Reboot
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.
Read Full Report here
iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Cloud security best practice and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.