Johannesburg - Cyber experts have urged South Africans to take caution when using their mobile phones, as this is how cybercriminals are now spreading malware, and stealing users’ important information and credentials.
While mobile malware has been a growing threat for years, cybercriminals are increasingly targeting mobile devices due to the increase in usage during the Covid-19 pandemic.
And with more than 30% of the world's workforce now working from home, mobile phones have become an easy target for cybercriminals to harvest important information and credentials.
Clicking on an unknown link or downloading a suspicious application on your mobile phone is all it can take for a cybercriminal to gain access to your device and all its content.
Those using their mobile phones for work have been urged to take extreme caution as important company information could easily be stolen from a device.
A survey carried out by Check Point Research (CPR), the Threat Intelligence arm of Check Point Software, in the past year revealed that almost half (49%) of organisations worldwide are unable to detect an attack or breach on employee-owned devices.
Pankaj Bhula, the regional director for Africa at Check Point Software Technologies, has urged users to take caution when using their mobile phones.
“Mobile malware has been a growing threat for years,” Bhula told the Saturday Star. “Our devices contain a lot of sensitive information that hackers love, from financial information to location data, passwords, and confidential images.
“Cybercriminals also know that mobile devices are the primary way many of us access the internet, and because we’re on our phones so often the probability of us clicking on a malicious link or downloading a suspicious app is higher.
“Not only that, but mobile devices themselves are also inherently vulnerable. In Achilles, a piece of Check Point research, we noted that over 400 vulnerable pieces of code were found in a Qualcomm DSP chip. With Qualcomm providing chips for over 40% of the mobile phone market, that’s a big threat.
“Knowing the central role mobile devices play in our lives – and their vulnerabilities – cybercriminals are taking advantage. Today, any cyberattack that can be carried out on a traditional endpoint– credential theft, ransomware, data exfiltration – can also be performed on a mobile device.”
Bhula says remote working has made mobile devices even more attractive for cybercriminals.
“Employees are commonly working from mobile devices and using collaboration apps, meaning that these devices have access to sensitive company and customer data, and direct connectivity to the enterprise network, which is what cybercriminals are after.”
All mobile devices, iOS, and Android are vulnerable to cybercrime, according to Bhula.
“Gaining access to a device can be as easy as getting someone to download an infected app, or even connect to public wi-fi. Mobile malware developers are becoming increasingly successful at sneaking malware into app stores and infecting devices.”
There are numerous ways for cybercriminals to get access to an individual’s mobile device, said Bhula.
“These include sneaking malware into app stores, SMS phishing, exploiting public wi-fi to initiate a man-in-the-middle attack, and taking advantage of vulnerabilities in the operating system. Vulnerabilities are also not exclusive to operating systems. They can exist in social media applications, or even the device hardware itself.
“In September 2020, Check Point discovered a critical vulnerability in Instagram that could have been used by cybercriminals to perform remote code execution on a victim’s phone.”
Once a cybercriminal has access to a mobile device, they can unleash malicious software from ransomware to spyware, adware, and banking trojans, said Bhula.
“Spyware can monitor your activity and grab sensitive information like usernames and passwords, while banking trojans can intercept text messages that include financial information. And when the vulnerability is hardware-based (such as with the Qualcomm chip), damage can include leaked data and forced factory resets that delete the device’s entire contents forever.
“With devices used for work, attackers will be looking to steal credentials that get them access to the corporate network, which puts the enterprise and its data at risk.”
Bhula says avoiding risky user behaviour on your mobile device puts you at less risk of falling victim to cybercrime.
“Mobile devices add a lot of convenience and productivity to our work lives, so we don’t want to stop using them for work. But what we do want to do is make sure we’re as aware of and protected against the threats as possible.
“Most mobile attacks happen because of risky user behaviour, which we can prevent by doing things like only using trusted and corporate reviewed and approved apps. Stay away from third-party app stores and suspicious-looking apps and websites.
“Never connect to public wi-fi. Users may see the name of a legitimate company or brand and connect to it without thinking. While some of these hotspot names are misspelt (e.g. Starbuckz), many look legitimate. Know how to recognise SMS phishing. Your bank or HR department, for instance, will never ask you for sensitive information via a text message.”
Bhula also urged mobile users to always update their operating systems on their mobile devices.
“It’s important to always update the operating system: Mobile devices should always be updated to the latest OS to protect against exploitation of vulnerabilities. Only install apps from official app stores: Unlike Google and Apple, third party app stores don’t make as big an effort to detect and remove malicious apps.
“Always download apps from official app stores to reduce the probability of installing mobile malware. Use a screen lock: Mobile devices are regularly stolen. Use an automatic screen lock with a strong password to reduce the impact of a lost or stolen device. Enable remote wipe on all mobile devices: If your device falls into the physical hands of an attacker and they get past the screen lock, remote wiping capabilities mean you can remove sensitive data before the attacker sees it.”
Bhula says it is important for users to be cautious of SMS phishing.
With SMS phishing, users will typically receive a text message that appears to come from a legitimate source, such as a bank or post office.
Users will be encouraged to click on a link and provide personal information. The attacker’s intention is to steal these credentials and perform Account Takeover, which can lead to data loss, fraudulent money transfers, identity theft and more.
“Educating employees on SMS phishing is important,” said Bhula.
“However, in times where remote work is so common – and employees get much more emails and messages than usual – it can be easy for an attack to slip past, so anti-phishing technology must come into play.”