In our last blog post, we explained why mobile devices are particularly popular with hackers and showed exactly how phishing attacks work and how you can best protect yourself against them. But phishing is not the only major threat to mobile devices; ransomware, Trojans and lesser-known types of attack should not be ignored either.
In our blog post, we show you which dangers for mobile devices you should be aware of and how you can protect yourself against them:
The Trojan horse and the blackmailer
So-called Trojans either masquerade as supposedly legitimate software, can be downloaded from other legitimate software or make themselves “invisible” on the system. Well disguised, cyber criminals use them to steal data, spy on users and gain unauthorized access to systems. So-called remote access Trojans (RAT) help hackers to control infected systems remotely via a network connection. Ransomware Trojans are used for a modern form of blackmail, whereby data or files of those affected are encrypted using crypto Trojans. Lockscreen Trojans are used rather rarely and, if so, mainly in the iOS universe to block the user’s access to their device. The aim is always to extort a ransom to unlock the data or the device. The malware is usually distributed via a download link, but the extortionists often disguise it as an email attachment. These attachments can be intercepted via a firewall. In order to be well prepared against such attacks, a ransomware-free backup is immensely important. This allows companies to quickly restore operations after an attack. Container solutions are a kind of safe for cyber criminals, as the sensitive data is stored there in a secure room.
The great unknown – denial of service, brute force and zero-day exploits
Hackers have a well-stocked toolbox: Although brute force and denial of service (DoS) attacks are less relevant for mobile devices, they still pose a threat. This is because mobile devices can be misused unnoticed as part of a DoS botnet to attack servers, even though the data on the mobile device itself is not affected. The brute force method attempts to crack passwords, attack login pages or find a hidden key. As they involve a lot of effort for the attacker(s), they are usually aimed at prominent targets. Although zero-day exploits are not attacks in the conventional sense, they enable attacks via vulnerabilities in programs for iOS and Android devices against which there are no known protective measures. Cyber criminals then use these open gateways to install attack vectors such as Trojans or ransomware. It was only in March of this year that the publicized security vulnerabilities in Microsoft Exchange made headlines.
Due to the large number of possible attack vectors, it is important to constantly raise employees’ awareness of the dangers from cyberspace. On the one hand, a simple and user-friendly container solution gives users the security of not doing anything wrong and security managers the certainty of being protected from unpleasant surprises.