The past years have seen a rise in the number of cyber-crimes, with threat actors continuing to develop new toolsets and techniques, targeting sensitive data stored on cloud infrastructure, employees’ mobile devices, and trusted third-party supplier applications. Let’s take a peek at some of the biggest mobile security threats and trends you need to watch out for in 2020.
Mobile Security: What to Expect in 2020
More IoT Devices, More Targets
The rollout of 5G networks means that the use of connected IoT devices will also increase significantly, making the entire ecosystem vulnerable to multi-vector cyber-attacks. Enterprises must adopt a more holistic approach to IoT security along with new and traditional controls to protect their growing networks.
A Rise in Mobile Malware
During the first half of 2019, malware attacks targeting mobile banking increased a whopping 50% from the previous year. Cybercriminals are following the money and increasingly distributing malware designed to steal payment data, login credentials, and ultimately funds from victims’ bank accounts.
SMiShing (SMS Phishing)
These classic phishing attacks are now going beyond emails. Phishing involving SMS texting or the use of messaging on social media apps and gaming platforms is significantly increasing. Train your employees to ignore links received via SMS, not reveal login credentials or personal information, and be careful who they send money to.
Beware of Data Leakage
The biggest cyber-threat for companies and businesses is data breaching. Address this challenge by implementing Mobile Application Management (MAM) software, a security framework that scans your apps for sneaky behavior while also automatically blocking any issues.
Put simply, the attackers use a mobile device to mine cryptocurrency without the owner’s knowledge. Hijacked phones often experience poor battery life and suffer damage from excessive use. In 2020, IT security vendors should continue to monitor this cyber-threat.
Unsafe or Unsecured Wi-Fi Networks
Connecting to an unsafe network could be a nightmare when it comes to mobile device security. Smartphones, tablets or any other mobile devices are only secure until they start transmitting and receiving data on a network. Security specialists estimate that 4% of the mobile devices connected to an open and potentially unsafe Wi-Fi network have encountered at least an attack. Use VPNs and don’t leave your devices exposed to cybercriminals.
Mobile Malware Trends in 2020
In recent years, security experts have seen a growing variety in the types of mobile attacks that criminals use to target smartphones. SophosLabs 2020 Security Threat Report revealed new mobile malware trends.
Bank Credential-stealing Malware
The use of Android malware that steals banking credentials, with names such as Acecard or GMbot, is on the rise. These apps, specifically designed to steal the credentials used to log into the applications of financial institutions, continue to put pressure on Google. Recently, Android malware has evolved to evade the automated malicious code detection.
These apps appeared in Play Store as finance-related applications, which download second-stage banker payloads in the background. It is very difficult for Google to detect and prevent these threats, as the malicious code is not present in the file until after the user downloads and installs the app.
The malicious payloads monitor actions such as keystrokes when users log into legitimate banking applications.
Fleeceware – A New Type of Scam
In 2019, SophosLabs discovered a new type of scam called fleeceware. App developers take advantage of a business model available within the Play Market ecosystem that allows users to download and use the apps at no charge for a short trial period. When the trial expires, if the user who downloads and installs one of these apps hasn’t both uninstalled the application and informed the developer that they do not wish to continue to use the app, the app developer starts charging the user. If the user fails to cancel the trial before it expires, the developer charges users upwards of $100 for apps with functions as simple as photo filters or barcode scanners.
The apps themselves don’t engage in what is considered traditional malicious activity, thus evading Google’s automated code detection.
SIM Jacking is a simple, but efficient process: the scammer contacts the mobile operator of a particular client and convinces the representatives that the SIM card is hacked, asking to transfer the phone number to another card. After this operation, the cybercriminal gains access to the entire digital life of his victim, including email, social networks, and mobile app accounts.
In the past few years, the requirements for mobile app protection have grown appreciably, as more and more companies are actively using mobile devices to organize their business processes. In order to safely integrate the employee’s mobile devices into the corporate environment, security experts strongly recommend applying powerful and comprehensive corporate security policies to users’ devices.