In the age of information technology development for many people, mobile devices have become the main means of communication, entertainment and information storage. Modern smartphones are now not inferior in power to computers of the mid / late 2000s, and for many people they have completely replaced PCs, since they allow performing the same capabilities, but in a more simplified version. For example: checking work mail, correspondence with friends and colleagues, entertainment. Also, most users are attracted by the compactness and portability of the device, built-in camera, etc. It is not surprising that cybercriminals are targeting mobile platforms, where an inexperienced user in the field of information security will inevitably migrate.
It is important to remember that financial gain is the main goal of cybercriminals. And to achieve this goal, cybercriminals use a variety of methods by which they profit from the mobile devices of ordinary users. Next, we will analyze what these methods are and what methods of protection against them are.
Ways to steal data
Theft of physical media
Modern devices – laptops, tablets, smartphones – all of them are not very large now and it will not be difficult for an attacker to steal them from near the place where they lie. In films, thefts are committed by teams of professionals, where each has his own task, and the plan to steal the device is calculated to the smallest detail. In real life, most of such thefts are caused primarily by the carelessness and carelessness of the owner, due to which, in some cases, the user himself provides access to his information. Thus, in 2019, 130,000 smartphones and laptops, both personal and corporate, were lost in the UK in bars and restaurants, and approximately 64% of devices did not have any protection against unauthorized access. The devices didn’t even have a PIN. Losses as a result of each loss of a gadget, owned by a corporation or an individual employee significantly exceeds the cost of a new device. You will ask the question: “Why?” It’s all about the information on the device, which can be estimated much more expensive than the device itself. And the higher the position of an employee of the company, the more important and critical information can be on his device and the risks of information theft, respectively, will be higher!
Botnets are the most popular cyber threat for companies!
Botnets are a network of computers that are remotely controlled by attackers. Can be used to distribute ransomware to an employee’s PC, tablet, or smartphone. They may not be detected for a long time by the antivirus installed on the employee’s device, and he may not even guess that his device is part of a botnet. Each device on the network acts as a “bot” and is controlled remotely by a fraudster for various purposes from stealing information to DDoS attacks and sending malware.3
Ransomware for smartphones, laptops, tablets
This type of virus software has become very popular to attack both desktop PCs and laptops, tablets and smartphones. As a rule, such programs block the operation of the device, demanding a ransom from the user, after which the cybercriminals promise to return control over the gadget to him. Attackers target photos, doc or pdf files, call histories, messages, contacts. Some of the most dangerous ransomware viruses are DoubleLock, Trojan.WinLock (for Windows), WannaCry.
- DoubleLockerIs a malicious encryptor that uses the Accessibility Service. It encrypts data in the device’s memory and changes the PIN code to an arbitrary one. There is another virus from the same family that attacks Android OS: Android / Locker.B. Its function is also to block access to the device OS and change the PIN code of the lock screen. This type of malware is disguised as a WhatsApp camera, an antivirus for Android OS and a Flash Player through compromised sites. After you run the app, it prompts you to activate an actually malicious accessibility service, a subtype of Google Play Service. After obtaining the necessary permissions, this malware activates the device’s administrator rights and self-installs as the default launcher. Next, the program changes the device PIN to an arbitrary one.
- Trojan.WinLock is malware that blocks or interferes with the operation of the Windows operating system and requires the transfer of funds to cybercriminals for restoring the PC’s performance and access to personal information. The sources of this type of viruses are sites with malware, spam mailings, social networks. Once in the system, the virus replaces one of the elements participating in the system startup. Further, every time you start your PC, at the stage of loading the OS, you will see a message on the monitor screen with a request to pay a certain amount of money to an electronic wallet or mobile operator account in order to receive an unlock code.
- WannaCry is a ransomware virus that infects Windows PCs. It is distributed through the exchange of files located on the PCs of companies or government agencies. After this virus has penetrated the folder with important files, it changes their original permission to .WNCRY and then requires you to purchase a special key code worth several hundred, or even thousands of dollars. Otherwise, this malware threatens to delete encrypted files from your computer.
The development and improvement of virus software does not lose its relevance today. In order to obtain important information and then use it for illegal purposes, attackers even go to tricks such as installing virus software at the firmware level. This is especially common on cheap Android devices. These viral applications can install any application required by a cybercriminal on a smartphone or PC without requiring user-device interaction. That is, you may not even know that your smartphone or tablet is infected and this will not outwardly affect its work. Among the viral applications, there are some that disguise themselves as legitimate software. For example, there is malware masquerading as the official Google Maps app.
There is nothing perfect in the world and mobile operating systems are no exception. Despite the constant updates of the OS, vulnerabilities in their work are still there. While developers are working on improving the OS or applications, criminals monitor the emergence of new holes in the same applications. With the help of system security vulnerabilities on your smartphone, attackers can do a lot, for example, remotely control your phone or tablet, and subsequently “borrow” access to your confidential data.
Free Wi-Fi or how to get data “out of thin air”
Imagine that on Friday, after work, you get together with your friends and go to a cafe. Later, you decide to go to the cinema or theater. To do this, you need to reserve a seat in the theater or cinema. Sitting in a cafe, you connect to a Wi-Fi access point, where the name of the cafe is indicated and the access point itself, by the way, does not have a secure connection. Modern smartphones and tablets equipped with antivirus usually warn about an unsecured connection, but you ignore it. Further, you buy tickets to the cinema or theater for the whole company, and also go to your page on social networks and post a couple of smiling selfies and photos of the situation around, as many now like to do. After a while, you find that the balance of your payment card is zero, pages in all social networks are blocked for sending spam, and your computer, where important information on work was located, blocked! Terribly scary, right? How could this happen?! The fact is that while you and your friends were sitting in a cafe, young people were sitting not far from you, drinking far from the first cup of tea. Ordinary guys sitting at an open laptop. But in the bag they had special portable equipment that allowed them to intercept all the traffic sent and received by the connected people’s devices. They created an access point and thus received all the information about nearby and unsuspecting people. With the help of this equipment, they can intercept traffic not only in a cafe, but also in a hotel, park, restaurant, airport, train, etc. young people sat not far from you and drank far from the first cup of tea. Ordinary guys sitting at an open laptop. But in the bag they had special portable equipment that allowed them to intercept all the traffic sent and received by the connected people’s devices. They created an access point and thus received all the information about nearby and unsuspecting people. With the help of this equipment, they can intercept traffic not only in a cafe, but also in a hotel, park, restaurant, airport, train, etc. young people sat not far from you and drank far from the first cup of tea. Ordinary guys sitting at an open laptop. But in the bag they had special portable equipment that allowed them to intercept all traffic sent and received by connected people’s devices. They created an access point and thus received all the information about nearby and unsuspecting people. With the help of this equipment, they can intercept traffic not only in a cafe, but also in a hotel, park, restaurant, airport, train, etc. They created an access point and thus received all the information about nearby and unsuspecting people. With the help of this equipment, they can intercept traffic not only in a cafe, but also in a hotel, park, restaurant, airport, train, etc. They created an access point and thus received all the information about nearby and unsuspecting people. With the help of this equipment, they can intercept traffic not only in a cafe, but also in a hotel, park, restaurant, airport, train, etc.6
NFC contactless payment
or another way to steal money “over the air”
NFC technology (close-range communication or near-field communication), actively developed by Google and Apple, today is gaining immense popularity among users of smartphones and tablets, as well as fitness bracelets with NFC technology. Everything new is good, but this does not mean that it is invulnerable. Smartphones with NFC technology can be attached to a bank account or credit card, further attracting attackers. Cybercriminals use a “bump and infect” method that exploits NFC vulnerabilities to steal user funds using NFC. The use of “bump and infect” is also common in places such as shopping malls, supermarkets, airports, cafes, etc.
Bearing in mind the above, all users who use personal mobile devices to work with corporate information need to be prepared for the fact that the company in which they work has requirements for compliance with information security measures and will require the installation of additional programs, even if they deliver some inconvenience.
Information security measures
Requirements for the protection of portable portable devices (smartphones, tablets, laptops):
- Don’t forget your device in a public place. This way you can easily provide scammers with access to your personal information!
- It is forbidden to work with confidential information in public places!
- Any mobile device must have anti-virus protection installed! Antivirus databases must be updated once a day!
- Set unique passwords to protect confidential data! Read more about this in the article “How to protect yourself on the Internet?” (Link).
- If an employee uses a personal device to remotely access company resources, two-factor authentication must be configured . To do this, you must contact the IT department of your company. Two-factor authentication is the use of a username, password and a randomly generated code from an SMS message to enter the company’s website.
- You must use an encrypted (secured), known Wi-Fi connection . It is not safe to use an untested connection!
- Encrypt confidential information. If you store information on a device, you need to encrypt the device as a whole or the area in memory where it is located. To do this, a laptop uses special keys stored on media such as eToken, smart cards. A digital code is used to encrypt information on smartphones or tablets.
- It is recommended to create wireless access points for connecting third-party devices.
- Wi-Fi, NFC functions should only be used to exchange data with devices you trust. The rest of the time they must be disabled.
- To increase the security of your Bluetooth connection, you must disable the “Make visible to other devices” function and do not use the “default” password for communication with other devices.
- Disable the installation of applications from unknown sources on the device that you use to work with corporate information! Install applications only from official sources: Play market, App Store, Windows store.
- Install OS security updates in a timely manner! The same applies to installed applications!
You must always remember the above rules in order to avoid the following consequences: theft of personal data, documents, access passwords, photos, videos, intellectual property and so on, because all this will lead to very disastrous consequences not only for you, but also for your relatives, friends and work colleagues. After gaining physical or remote access to just one laptop, smartphone or tablet of the user, attackers can cause irreparable harm to many.