Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

Phishing Threats Move to Mobile Devices

Mobile devices are emerging as a primary gateway for phishing attacks aimed at stealing data.

A mobile user is 18 times more likely to be exposed to a phishing attempt than to malware, according to a new report on techniques and technologies that try to get a user to be an accomplice in their own victimization.

While employees have been taught to be suspicious of links and attachments in email, there is considerably less scrutiny of channels like SMS, Skype, WhatsApp, games, and social media. "As more communications take place over mobile devices, organizations haven't changed their thinking to cover the modes of communications taking place on the devices," says Michael Covington, vice president of product at Wandera, which published the report.

Mobile devices are the technology channel on which personal employee and corporate apps and data come together, and criminal hackers are taking advantage of that to reach enterprise credentials through personal communications.

"You can train an employee to not be a victim, but the mobile attacks are so compelling that education isn't enough," Covington says. "We want to see corporations move into the present, recognize the risk and mitigate the risk."

That risk is considerable. According to Wandera's mobile phishing report, the average iOS user has 14 different accounts on their work phone, typically including services such as Amazon, Paypal, and Airbnb. On Android, the number jumps to 20 unique apps. And both messaging and social media apps increased in popularity as an attack vector by more than 100% in 2017, with no sign of that growth slowing in 2018.

While email remains the most common target of phishing attackers, the effectiveness has been dramatically reduced by improving defense systems and years of employee training, the report notes. Fewer than one in five successful attacks originate with email phishing campaigns on desktop and mobile devices. That's not to say that phishing as a tactic is going away.

According to the Verizon 2018 Data Breach Investigations Report, 90% of cyberattacks begin with phishing. There's a good reason for that, Covington says, especially in the mobile domain. "To be perfectly honest, these mobile devices are pretty hardened," he says. "They do have problems, we have seen them exploited, but if you look at something like the current iOS it's pretty hardened. Phishing allows an attacker to bypass all of those protections."

There are companies that see statistics such as those around phishing through apps and decide that the solution is to lock down apps. But that's not an effective solution to the problem, according to Wandera.

"Phishing attacks have been observed in practically every single form of communication on mobile devices, including Skype, QQ, WeChat, Viber and Kik. Clearly this is a problem at scale that cannot be solved through blocking certain apps, or through app- centric controls," the report said. "Phishing attacks have been observed in practically every single form of communication on mobile devices, including Skype, QQ, WeChat, Viber and Kik. Clearly this is a problem at scale that cannot be solved through blocking certain apps, or through app-centric controls."

Mobile phishing attacks have become more sophisticated and effective as the stakes have increased. As Mike Murray, vice president of security intelligence at Lookout said in an InteropITX session, "Mobile has become not just a target, but the primary target in the enterprise."

"Mobile has a gap and often it's the user sitting on the other side of the interface," says Covington. That danger of that gap is amplified by the behavior of the companies where they work. Covington explains, "Most organizations want to stop phishing and protect data with GDPR coming online. Neither is being addressed with mobile."

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why AI Will Create Far More Jobs Than It Replaces
John DiLullo, CEO, Lastline,  5/14/2019
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12216
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
CVE-2019-12217
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.
CVE-2019-12218
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
CVE-2019-12219
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.
CVE-2019-12220
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.