Never before has enterprise security been so volatile and under threat. Mobile devices generate new mobile risks at breakneck speed, and old threats reappear in innumerable new guises. The year 2018 was marked by an increase in mobile ransomware attacks – particularly on companies – as well as by a dramatic increase in banking trojans, fake apps and droppers. These are the ‘magic bullets’ of cyber crime. 

 

Data extraction via legal apps

According to Kaspersky, 9.9 million smartphone users fell victim to mobile malware in 2018. Mobile malware is a collective term that is used for any app which causes harm to the owner of the respective smartphone. But the definition is hazy; ransomware is not the only thing to take smartphones hostage. Some managers say that enterprise security and cyber risk begin with Facebook and WhatsApp.

Nor are they unjustified in this definition. Approximately two thirds of all apps in the official Google or Apple app stores have the wherewithal for ‘data exfiltration’ – and extract data from the user’s smartphone. Generally by consent, but rarely with any real knowledge of what’s going on. Such consent is based on page after page of Terms of Service or T&Cs, and few users ever read these thoroughly. In an app society which attaches immense importance to using services quickly and easily, all of us are prone to click on ‘I agree’ and consent to reams of conditions we’ve never even read. Quite in passing, we allow apps to access data and services that are completely unnecessary to their functionality. In effect, we ‘pay’ to use the (free) apps by granting them access to our data. Because this is such a wide-spread phenomenon, security experts consider undesirable data extraction to pose one of the greatest security threats to companies.

Legitimate app, legitimate data extraction – and the user consents by clicking on ‘I agree’. Which ultimately makes them personally responsible. This attitude towards apps may be of little consequence for private smartphones. But in a professional environment, any mobile risk that undermines enterprise security can translate into a costly mistake – particularly in light of legal regulations such as the GDPR. Nor does it matter whether the device in question is a BYOD phone or was provided by the employer. If business data is stored on the phone, it has to be secured accordingly.

Line of attack no. 1: apps

Experts differentiate between three essential lines of attack which companies need to cover if they want mobile work to be safe and productive: the device itself; networks that enable access to company resources; and apps. Apps, however, have always been the number one line of attack. These pose the most common and most frequent type of mobile risk. And just because an app is legal doesn’t mean it’s safe. As described above, apps can extract data with the user’s consent. Equally alarming – studies have shown that the majority of official apps have weak points in their codes which make them vulnerable to attack. In this respect, iOS is only marginally better than Android.

Mobile risks from malware

Alongside the two types of risk inherent to legal apps is the threat of genuinely malicious malware. Users who download apps from sources other than official app stores expose their companies to an even higher level of risk. These apps are not subjected to the safety controls implemented by official app stores. Cyber criminals are now seizing this opportunity. Rather than promoting their malware via email, they are increasingly using text messages and messenger apps to incite users to download content from insecure sites.

The good news is that cryptojacking waned considerably in 2018 – not least because criminals can no longer earn much money with cryptocurrencies. The number of mobile apps disseminating adware also decreased. Adware generally uses mobile devices to generate clicks on banner ads. The World Federation of Advertisers estimates that the damage caused to the advertising industry by this type of false clicks on banner ads amounts to US$19 billion each year.

A close examination of recent analyses shows that four main types of malware were prevalent in 2018: droppers, mobile ransomware, banking trojans and fake apps.

Droppers

According to Kaspersky, droppers are the weapon of choice for cyber criminals who specialise in mobile malware. In effect, droppers are nothing more than a medium for transporting and concealing the actual malware. They are rather like Pandora’s box – you never know which type of malware will come out when you open it. Droppers act as a shield to prevent you from noticing or finding the malware. They permanently generate new hashes to deceive detection software, while the actual malware code inside the dropper remains unchanged. In addition, droppers are capable of generating as many files as they like. Criminals who develop viruses exploit this feature to establish their platforms in fake app stores.

Mobile ransomware

Mobile ransomware is not a new phenomenon. Although the total number of ransomware attacks per se has declined, mobile ransomware attacks rose by around one third in 2018 (compared to 2017). It is particularly worthy of notice here that an increasing number of mobile ransomware attacks target companies and businesses. More than one fifth of all such ransomware infections affected companies.

Banking trojans

Banking trojans were the cybercrime rage of 2018 – with a 1500% increase in the number detected. Banking trojans pose as official apps that take care of the user’s financial transactions. In reality, they spy on the user and phish out the credentials used for financial transactions. They’re also capable of automatically installing additional malware on smartphones – including keyloggers and additional spy apps. As such, banking trojans also pose a risk to companies and businesses.

Fake apps

Analysts at McAfee noted an even greater rise in the number of fake apps. Fake apps mimic popular (legitimate) apps, but underneath they’re malware. In 2018, cyber criminals were inspired by the popularity of Fortnite to produce an imitation. Fake apps use the same images, the same music and the same loading screens. As a result, the clones are exceptionally convincing. But far from installing the expected app, victims are in fact downloading an app from an insecure source. Users are then told that the installation of their new beta Fortnite version has failed, and are directed back to the official app store. However, the app – which has indeed installed itself successfully – lies hidden in the background, and is capable not only of installing further apps, but also of extracting data.

 

Container app: increase mobile security with a single cure-all solution

A container app such as SecurePIM enables you and your company to avoid the risks and consequences of malware. SecurePIM encrypts and secures company data on mobile devices. As a result, it becomes impossible for outsiders to access company data when the mobile device is being used for private purposes. This eliminates a host of laborious tasks for the IT department, since company data is only accessible via the app. Additional security measures are no longer required. At the same time, SecurePIM has all the important features you need for mobile work. For example, users can send and receive encrypted emails from their mobile device or access company documents via a secure gateway.