Major Mobile Security Threats That Cause Data Breaches
Sep 21, 2018 | 42Gears Team
Smartphones are making lives easier by being our constant digital companions. They also serve a significant role as an enterprise computer substitute. However, increased usage of smart devices and applications has led to a rapid increase in mobile security threats and data breaches.
Today, enterprises consider mobile malware as one of the top security concerns. Malware and virus threats acquired from mobile use might have seemed unlikely a decade ago. But fast forward to 2018, and incidents of mobile malware have skyrocketed to millions.. The threat level of malware specifically targeting mobile devices, such as Gooligan and Hummingbad, are only the tip of the iceberg. A survey conducted by McAfee Labs states, more than 16 million mobile malware incidents were registered in the third quarter of 2017, nearly doubling in number from the year before.
In any workplace, iOS and Android are considered the most robust and secure operating systems. However, they too face threats from malicious malware that continue to become more serious and deceptive with time. Weak encryption during app development combined with ubiquity of mobile devices used in the workplace due to adoption of BYOD create the perfect conditions for mobile attacks.
The cost of data breaches for enterprises can be very high since information that’s held on business devices can include sensitive information such as customer info, contracts, competitive data, intellectual property details and sometimes financial data. Also, data breaches can leave corporate networks open to other potential threats.
Here are some of the biggest threats that have been identified to affect mobile device security in a business ecosystem:
1. Enterprise-class Malware (Spyware specially targeting enterprises)
Employee-personal devices are usually in close proximity to corporate network access, company’s GPS tracking and other services. This proximity is specifically targeted by hackers that look for ways to infect mobile devices with spyware. An example could be the Pegasus spyware released in 2016, that hacked iPads and iPhones to harvest sensitive data. This was succeeded by iOS zero-day vulnerabilities that were discovered by malware actors to form an attack chain. In 2017, a Pegasus spyware version for Android was launched that secretly gained root access to a device by acting as a normal app download. Since then Apple and Google have bolstered their security measures.
2. Mobile Botnets
Mobile botnets pose a serious threat to mobile security. They provide hackers control over devices without the knowledge of their owners. Viking Horde was the first mobile botnet that targeted Android devices. It created a botnet on rooted as well as non-rooted devices to generate revenue for the attacker by using proxied IP addresses to disguise as ad clicks. In 2016, the Hummingbad mobile botnet infected over 10 Million Android operating systems and generated fraudulent advertising revenue for hackers by tapping on advertisements without the user’s knowledge. Though initially this malware was used for adware purposes, they are increasingly being used to open back doors on infected devices, with the intention of stealing sensitive data. With mobile devices being the most used devices by individuals, botnet owners usually find 24/7 access to several potential zombie bots.
3. Phishing Attacks
Phishing is one of the most common ways of targeting computers and mobile devices to obtain secure information. Hackers use this method to corrupt devices by pushing malware through malicious links that can be transmitted via electronic communications or using the internet. Ad and click frauds are the most common form of phishing attacks. These types of frauds compromise the security of mobile devices and provide hackers access to the internal network of an organization. Hackers use techniques such as getting an employee to click on the link of a malicious app or by sending an SMS phish. Once hackers get control over a device, they can steal an employee’s credentials and gain access to the company’s internal network.
4. Unwanted or Dead Apps
Apps that are no longer supported in the Google PlayStore or Apple Appstore pose a threat to companies. Employees should be encouraged to periodically check the status of mobile apps on their devices in order to update or delete them. Even though both Google and Apple remove a number apps from their stores; usually due to malware, copyright or data leakage issues; it is up to companies to ensure that their employees are using only necessary apps on their corporate devices.
5. IoT Devices
Malware specifically targeting Internet of Things (IoT) is still in its infancy stage. However, that hasn’t stopped malware authors from moving into the IoT arena. What interests hackers is the fact that IoT devices are largely connected and configured by smart phones and other smart devices. Also, there is minimal security effort that is implemented to counter these attacks on IoT devices.
Though companies have to instill user behavior awareness in their employees, they should also continue to work towards reducing risk of mobile threats through encryption and visibility on all devices that access the corporate network.
42Gears UEM solution ensures that strict policy protocols are implemented on business-use devices in order to minimize mobile threats that can cause data breaches. 42Gears BYOD solution specifically caters to employee devices by creating separate work containers in order to monitor access to corporate emails and applications. These containers and can be governed by security policies such as the inability to copy data or download unallowed applications.
Company-owned devices that connect to corporate networks can be managed using 42Gears UEM to ensure safe data transfer. Businesses can schedule regular scans of all installed applications on company devices to ensure they are up-to-date and also remove unwanted applications from the devices. 42Gears UEM also offers Mobile Threat Detection that can list out harmful applications featuring malicious malware or virus so that they can be deleted quickly.
Keep your corporate devices protected against mobile security threats using 42Gears UEM. Sign up for a free trial today.