Utility security teams need to be aware of evolving attacks on mobile platforms
Last year saw a decrease in mobile malware attacks. Unfortunately they have become more sophisticated and threatening. For example, the Pegasus spyware widely available to malicious actors is capable of infecting both IoS and Android systems, collecting all kinds of valuable data like passwords, calls, text messages, the user's location.
Nearly 3.5 million items of mobile malware were detected computer security firm Kapersky in 2021, which is about the same number as in 2019 but 2.2 million fewer than 2020 (see below):
ย
Overall the attacks on mobile have become more sophisticated in terms of both malware functionality and methods of attack, according to Kaspersky.
The main threats involve things such as unsecured public wi-fi, which can easily be hacked. Fake access points (also called Network Spoofing), where a public node that seems to be a regular company like ATT is actually a cyber criminal setup. Phishing attacks are also a threat, although users have become much more aware of them now.
There are a wide variety of threats. Here is some guidance for individuals and company security teams.
How to protect yourself from mobile malware:
-
Only use reputable stores like Google Play
-
Do not use untrusted sources for apps
-
Reboot often, as some malware does not persist
-
Carefully check what permissions are necessary when installing an app.
-
Use the security applications on your device; Comprehensive security applications should be installed on your platform to protect it.
-
Look at the reviews of the app; suspicious apps are likely to only have a small number
With more people using mobile platforms for work, often involving valuable data, the need for mobile security has never been greater.