How Mobile Cyberattacks Work and How to Avoid Them

September 12, 2019by Geoff Nairn0
Cyberattacks-blog-image-1280x720.png

The growth of m-commerce and the widespread use of mobile phones on unprotected Wi-FI networks has increased how many cyberattacks we see each year. One report found that in the first half of 2019, cyberattacks on mobile had risen by 50 percent when compared to 2018.

Growth of Mobile

Only a few years ago, e-commerce transactions were done almost exclusively on laptops and desktop computers. However, by the beginning of 2018, the value of transactions done on mobile devices totalled a whopping $1.36 trillion worldwide, almost 59 percent of all online sales.

This trend is set to continue as businesses adopt a mobile-first approach to website design and consumers grow more confident when it comes to carrying out financial transactions on mobile.

Unfortunately, this mega growth in mobile e-commerce has created an attractive new target for cybercriminals who remain in hot pursuit of our personal and financial information.

More malware targets mobiles

Malware designed specifically to target mobile devices was relatively rare until recently. Consequently, mobile users are generally more relaxed about downloading apps and visiting unfamiliar websites on their phone than they would be on their laptop or desktop.

Unfortunately, the amount of malware masquerading as genuine mobile phone software, such as anti-virus scanners or social media apps, is on the increase.

Lokibot, one of the most commonly seen mobile malware, infects Android devices and sits inside the core operating system where it can remain undetected and perform operations with root privileges. This may result in the theft of personal data, disabling of notifications and the interception of communications.

While malware targeting Android devices is much more common, Apple users are certainly not immune. For example, there has recently been a dramatic increase in crypto-mining malware for iOS devices. These rogue programs aim to harness the processing power of infected iPhones to help hackers mine for cryptocurrencies which slows down the device and drains its battery.

Even genuine apps can pose a security threat if they are poorly constructed. In 2017, seventy-six iPhone apps (which had been downloaded 18 million times) were discovered to be vulnerable to man-in-the-middle attacks – an attack which allows hackers to intercept data that is being sent between the mobile phone and the back-end servers.

Of the seventy-six, nineteen apps were classified as “high risk” because they allowed hackers to intercept users’ log-in credentials and/or session authentication tokens.

To minimize the risk of having your phone infected, you should only download apps from your phone’s native app portal, i.e. Apple App Store, Google Play, Blackberry World, etc. All apps within these stores (should) have been through a screening process to weed out the bad ones.

Email attacks dominate

An astonishing 91% of cybercrime starts with an email. With more people now reading email on mobile, this increases the chance of success for email-based attacks, due to a combination of factors:

  • The time that elapses between an email being sent and it being opened is typically less on a mobile device than on a laptop or desktop computer – many people will read an email the instant it arrives on their mobile device. So there is less time for the antivirus companies or phone manufacturers to detect and neutralize a threat – by releasing a patch, for example.
  • People are less vigilant when reading emails via their phone. For example, they are three times more likely to respond to a phishing attack on a mobile device than on a desktop PC.
  • The sender’s address is often hidden on mobile email apps, which makes it more difficult to spot suspicious emails.

Public Wi-Fi

Another way hackers try to exploit our craving for 24/7 internet connectivity is to set up alluring free Wi-Fi networks.

We take it for granted that coffee shops, hotels and airports will provide us with free Wi-Fi. As a result, when looking for a connection in a public place we are presented with many different options. Many people will click on ones with names such as “Free Public WiFi”, particularly since they may not require a password to connect.

Whilst these networks might give us internet access, they may also be “spoofed”. This means they have been set up by a hacker to lure users in and mount a man-in-the-middle attack, which allows them to intercept all traffic that travels between the internet and the connected mobile devices.

Security Measures

What can be done to protect mobile devices from cyberattacks? Here are some tips:

  • Only download apps from the phone manufacturer’s native app store
  • Make sure your operating system updates automatically
  • Avoid using public WiFi unless necessary, i.e. when 4G isn’t available or costs extra because you’re overseas
  • If you do have to use public WiFi make sure it’s a from a trusted source, e.g. the network of the hotel, you are staying in and requires a password
  • Don’t connect to sensitive sites such as online banking by public WiFi unless you really trust the network
  • Don’t plug your phone into unknown devices such as public charging points
  • Install a mobile anti-virus scanner
  • Always connect to your corporate network using a virtual private network

 

Geoff Nairn


Leave a Reply

Your email address will not be published. Required fields are marked *