Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

Exploitation, Phishing Top Worries for Mobile Users

Reports find that mobile malware appears on the decline, but the exploitation of vulnerabilities along with phishing has led to a rise in compromises, experts say.

RSA Conference — San Francisco — Mobile malware appears to be declining as a favored tactic of cybercriminals, but the mobile ecosystem is far from risk-free as phishing and vulnerability exploitation become more significant threats, security experts said this week at the RSA Conference.

In 2019, the worldwide mobile ecosystem continued to expand, growing by 8.9 million new apps, or 18%, while at the same time the number of malicious apps declined, especially on premium app stores, such as Apple and Google, according to the "2019 Mobile App Threat Landscape Report," published by RiskIQ. At the same time, companies saw mobile- and Internet of Things-related compromises grow, with 39% of firms suffering such a security incident, up from 33% in 2018, according to Verizon's "Mobile Security Index 2020."

The current threat landscape is best exemplified by the vulnerabilities in the WhatsApp chat application last year, says Michael Covington, vice president of product at Wandera, a provider of mobile cloud security. In April and May, nation-state attackers used serious vulnerabilities, including a remote exploit for a vulnerability in the video player on WhatsApp, to compromise targeted users.

"These are apps that have already gone through the app store vetting process, and they are installed on the device," Convington says. "And when a vulnerability comes out, many companies cannot do anything, because they have no visibility into what apps are on their employees' devices."

The two trends — less mobile malware, but more mobile-related compromises — highlight that attackers are finding ways to compromise devices that do not rely on convincing a user to download malicious software.

The impact of the attackers' tactics is significant. In 2019, two-thirds of companies suffering a breach from mobile malware considered the impact significant, while more than a third also considered the effects of the breach to be lasting, according to Verizon's report. The majority of companies suffered downtime or loss of data in a breach, but many also found that other devices were compromised following a mobile breach and they had to deal with reputational damage and regulatory fines.

"When most people think of cybersecurity compromises, it’s the loss or exposure of data that springs to mind," Verizon stated in its report. "But it's much more than a company’s sensitive information that's at risk. A mobile security compromise can have a range of other consequences, including downtime, supply chain delays, lost business, damage to reputation, and regulatory fines.

The major mobile app stores have forced attackers to change, with the brand-name stores seeing fewer malicious apps submitted to their vetting process, according to threat intelligence firm RiskIQ's report. The number of blacklisted mobile apps fell by 20% overall in 2019, while the Google Play store blacklisted fewer than a quarter of the apps it blacklisted in 2018, the company found. Rather than an indication that app stores are easing up on security, RiskIQ argues that the ecosystem is doing a better job of weeding out malware developers from publishing apps to the store.

In addition, malicious apps in apps stores often remain easy to spot, says Jordan Herman, a threat researcher at RiskIQ.

"One potential giveaway is excessive permissions, where an app requests permissions that go beyond those required for its stated functionality," he says. "Another is a suspicious developer name, especially if it does not match the developer name associated with other apps from the same organization. User reviews and number of downloads, where present, also help to give some level of reassurance that the app is legitimate."

Because of the shift in attackers' tactics, companies need to worry about more than just mobile malware. In August, Google revealed that at least five exploit chains for iOS — attacks strung together to gain access to a device — were found on websites in the wild. The attacks could compromise many versions of iPhone and iPads.

"[S]imply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant," Ian Beer, a researcher with Google's Project Zero, stated in an analysis of the attacks. "We estimate that these sites receive thousands of visitors per week."

In many cases, even the legitimate functionality of legitimate apps can pose a risk for their business, says Wandera's Covington.

"It is not just malware that defines a malicious app for them," he says. "Other behavior is considered risk for many companies. Manufacturing firms don't want apps that can use the camera, for example."

Companies should learn to improve their security before they get breached. In 2019, 43% of companies that had a compromise ended up spending more on security. Only 15% of companies that did not suffer a breach spent more on protection, according to Verizon's "Mobile Security Index" report.

Related Content

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How to Prevent an AWS Cloud Bucket Data Leak."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JamesInky
50%
50%
JamesInky,
User Rank: Apprentice
3/5/2020 | 10:24:33 AM
Re: Before it happens
The problem is with so many ways for every employee to be interacting with their work email the average phishing security doesn't extend to mobile without the need for everyone to adopt some plugin or app. Which is just unreasonable. 
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35519
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel i...
CVE-2021-20204
PUBLISHED: 2021-05-06
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbi...
CVE-2021-30473
PUBLISHED: 2021-05-06
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
CVE-2021-32030
PUBLISHED: 2021-05-06
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_chec...
CVE-2021-22209
PUBLISHED: 2021-05-06
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.