From android malware to SMS phishing, our customers and partners weigh in on what will be the biggest mobile threats in 2021
As a result of remote working, mobile devices have become essential tools for employees. Not only are they being used for Zoom weekly team calls but are equally being used to access sensitive company files and SaaS applications.
Hackers have been taking advantage of this new trend since March 2020 as businesses rushed to get their staff equipped for long term remote working. Since then, mobile specific attacks have flooded headlines and news updates making companies more aware of the threats facing smartphones and tablets.
It is no surprise then that Analysys Mason have stated that “mobile device security will be the fastest growing cyber security category in 2021”.
We decided to do some research. We asked our customers and partners what they thought would be the biggest mobile threats of 2021.
Here are the interesting results…
In fourth place was android malware with 12% predicting that it would be the most dangerous mobile threat in 2021. Android users who download applications from third party app stores are exposing themselves to malicious malware. The Google Play store has a strict app vetting and security policy in place to prevent malicious software from making its way onto the site.
However, other independent app stores do not conduct the same security checks. This makes it easy for hackers to hide malware behind what appears to be a seemingly innocent app. Therefore, by sideloading an application, you could also be unknowingly downloading anything from spyware and trojans to ransomware and viruses onto your device.
Masquerading malware is not a new concept and judging by Nokia’s 2020 Mobile Threat Intelligence report, likely to grow in 2021.
Coming in at third place at 16% was Man-in-the-Middle attacks (MitM). This type of attack is where a cyber criminal or ‘man-in-the-middle’ intercepts data transmitting between two parties: user and server.
The attack can be passive or active. A passive attack allows the unwanted third party to spy on the communications being sent to the server. This is commonly done by mimicking legitimate Wi-Fi hotspots and redirecting internet traffic. The cyber criminal will then go a step further by decrypting the data. Doing so will allow them to steal credentials and highly sensitive information from the victim’s device.
An active attack usually involves inserting malware onto a device through tactics such as phishing allowing them to alter information. The hacker similarly installs malware onto the browser, capturing any data sent between victim and targeted websites e.g online banking.
Traditionally, MitM attacks occur in close proximity over unsecure WiFi networks like public hotspots. Equally, they can occur over home networks that have poor protection in place.
Recently however, cyber criminals are implementing more sophisticated tactics such as DNS spoofing, HTTPS spoofing, SSL hijacking and even using fake cell phone towers known as ‘stingrays’ to carry out their attacks.
Out of Date OS
In second place at 28% was out of date OS. We’ve all at one point clicked ‘‘remind me later’ when a software notification pops up on our devices. However, while convenient to dismiss, regular software updates are critical for both device performance and security.
On a basic level, they prevent system failures and enable new applications to be integrated. Technology is constantly evolving and regular software updates are necessary to keep the device running smoothly.
On a more serious note, an out of date OS puts a device at high risk of cyber attacks. Hackers are opportunists. They know that an old OS will have software vulnerabilities and, therefore, will be easier to infiltrate.
And finally, the winner…a whopping 44% believe that SMS Phishing would be the biggest threat in 2021. This is not surprising given the huge number of ‘smishing’ incidents people are reporting at the moment. From impersonating banks and financial institutions to online deliveries and postal services, cyber criminals are clever in their approach.
They pay close attention to global topics and news to increase their chances of success. For example, one SMS scam currently circulating claims to be from the NHS in the UK concerning eligibility information about the COVID-19 vaccine.
Fake texts of this nature are expected to triple in 2021 putting both individuals and businesses at risk of data breaches and credential theft.
Top tips for staying safe
SMS Phishing: Just as you would be suspicious of an email you don’t recognise, take the same approach with text messages. Be on high alert if an SMS encourages you to click on an embedded link or if you spot spelling mistakes. As an extra precaution, do some online investigating to check if there are any news reports of similar mobile scams. Finally, follow @unprotected_txt on Twitter – a great new resource for alerts on the latest SMS scams.
Android Malware: When downloading an application, stick to reputable sites like the Google Play Store and never click on a downloadable link from an unknown source.
MitM Attacks: Make sure that your home network is secure, where possible, avoid connecting to public WiFi routers directly, and always check that sites include the ‘S’ in the HTTPS of the URL bar.
Out of Date OS: This one is pretty self explanatory – keep your device up to date. Break out of the habit of dismissing software update notifications. Make it a New Year’s resolution to be proactive by regularly checking your system settings for new OS versions.
Corrata protects smartphones and tablets from all of the above mobile threats. Our security solution prevents phishing links from opening and stops malware downloads from infecting your device. Equally, Corrata blocks all forms of MitM attacks and alerts users if they have an out of date OS. You can learn more about Corrata’s mobile security solution here.