CIO Insider

CIOInsider India Magazine

Separator

Check Point Research Documents Major Mobile Threats of 2020

Separator

According to a recent research by Check Point Research (CPR), 97 percent of companies participated in the study had faced mobile threats in 2020 and 46 percent of them saw at least one employee downloading a malicious mobile app that could disrupt networks and data.

CPR's report claims that over the past 12 months companies have witnessed an increase in the number of attacks targeting mobile devices and data breaches from mobile endpoints.

The COVID-19 pandemic which had enforced most companies to follow work-from-home models, where mobile phones become the most sought-after devices to carry out most of the work. This opened up more patches for easy break-in by hackers and criminals, who ramped up their efforts to target those endpoints, betting that the rapid shift to working from home had created new security holes.

For that matter, most of these attacks were disguised as malicious campaigns linked to COVID-19, sophisticated mobile ransomware attacks, and even enterprise Mobile Device Management (MDM) software that were being weaponized to target companies. Below are some of the attacks observed by the report in the course of these past 12 months.

The major vulnerabilities in mobile hardware and common apps documented this year could signal a change in attack tactics, which are usually focused on disguised malicious applications or OS flaws.

Fake COVID apps spreading infections
Concerns about data privacy issues arose when countries released official COVID monitoring apps, raising fears that personal data would be exposed. Following the release of official apps, criminals quickly developed a number of malicious apps posing as legitimate COVID-related apps. Mobile Remote Access Trojans (MRATs), banking trojans, and premium dialling malware were all found in these apps, and they were all designed to steal credentials or money from victims.

Banking trojans blitz
The rise in banking Trojan malware families can also be attributed to the increased use of mobile devices during lockdown and social distancing. Ghimob was introduced by the Guildma threat actor, is proven to be capable of conducting transactions on accounts with financial institutions in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique. Eventbot, discovered in 2020, targeted users in the United States and Europe, while Thiefbot targeted Turkish users. Blackrock, Wroba, TrickMO, and others were added to the list.

Ransomware goes mobile
Though mobile ransomware is still in its early stages, it developed quickly in 2020 as malicious actors used their network ransomware expertise to build mobile variants. The ‘Black Rose Lucy' malware family, for example, was first discovered in September 2018 by Check Point. It's back now, nearly two years later, with new capabilities that allow it to take control of victims' devices and make changes or instal malicious software.

Undermining MDM
A new Cerberus variant targeting a global corporation was recently discovered by Check Point researchers. Alarmingly, the malware was spread via the company's MDM server, infecting more than 75 percent of the company's computers. The most influential aspect of MDM, and arguably the reason for its existence, was also its most significant flaw: a single, unified control for the entire mobile network. If that network is hacked, the entire corporate mobile fleet is compromised.

APT action
Advanced Persistent Threat (APT) activity targeting mobile devices has continued to spread MRATs (Mobile Remote Access Tools) and are attempting to redefine their functionality. In some instances, such as the Iranian Rampant Kitten APT operation, the threat actor used a mix of fake smartphone apps, Windows info-stealers, and Telegram phishing pages to spy on Iranian people using stolen Two-Factor Authentication (2FA) codes. MFA mechanisms were a primary focus of surveillance activity for both espionage and financially driven organizations.

Vulnerabilities Matter
Previously, attackers gained an initial foothold in most cases through malicious applications or OS glitches, however reports of vulnerabilities in mobile hardware and common applications increased in 2020.

More than 400 flaws in a Qualcomm chip were discovered by the Achilles family of vulnerabilities, which affect a large portion of the mobile market. The most famous apps were discovered to put their users at risk of being exploited: Instagram's JPEG decoder was found to have an RCE zero-click flaw. Remote attackers may use Apple's sign in' device vulnerability to bypass authentication and take control of targeted accounts. Additional flaws have been discovered in WhatsApp, Facebook, and other social media platforms.

The major vulnerabilities in mobile hardware and common apps documented this year could signal a change in attack tactics, which are usually focused on disguised malicious applications or OS flaws.

As we become more reliant on our mobile devices to stay linked and control our lives, cybercriminals are increasingly targeting them with sophisticated malware, malicious software, and exploits. Enterprises must implement mobile protection that can protect all devices that are both corporate-issued and personal devices from advanced cyber threats by protecting devices' operating systems, applications, and the networks to which they link. Furthermore, protection must not degrade the user experience by affecting accessibility, data usage, or battery life.

Current Issue
Rapid Acceleration Partners: Opening Doorway To The Future Of Automation