Europol’s 2018 Internet Organised Crime Threat Assessment reported that ‘[m]obile malware [was] absent in law enforcement reporting, but industry reports [a] growing volume’ of such attacks. The authors suspected that the cause of the low law enforcement figures may have been that ‘[v]ictims of mobile malware are more likely to approach their provider in relation to problems with their device than to report it to the police.’ In addition, mobile malware is far more prolific in African and Asian countries, with China topping a Kaspersky list for Q1 2018 with 34.43% of users suffering such an attack. In the same article, the US comes second for the number of users attacked by mobile banking Trojans with only 0.65%.
That said, and as the Europol report points out, industry data present a less rosy picture, even outside of Africa and Asia. McAfee predicted back in 2017 that 2018 could prove to be ‘the Year of Mobile Malware’, and Symantec’s 2018 Internet Security Threat Report indicated that ‘[t]hreats in the mobile space continue to grow year on year’, directing part of the blame on the ‘[m]any users [who] continue to make life easy for attackers by continuing to use older operating systems’ and pointing out that ‘only 20 percent of [Android] devices are running the newest major version.’
One common attack vector is the trusty ‘fake app.’ approach. G DATA Security, who ‘discovered a new [mobile] malware strain every 7 seconds in the second quarter’ of 2018, present the example of a malicious app. that targeted mobile gamers in order to spread malware, and Trend Micro have presented another similarly malicious app. found on Google’s Play store at the start of 2019. Malwarebytes have also discussed the danger of mobile devices coming with malware pre-installed.
This increased threat from mobile malware coincides with the massive popularity of Bring Your Own Device (BYOD) schemes in workplaces. 50% of North American businesses are believed to be operating some form of BYOD scheme, in which employees are authorised to perform work-related activities on their own personal devices. This differs from remote or teleworking arrangements, in which the employee works remotely but on a company-issued and -managed device.
Despite the increasing numbers of employees being made responsible for the security of their own devices when handling potentially-sensitive company information, an article in Security Magazine claimed that ‘77 percent of employees say they haven’t been trained about the risks of using their devices at work’. It’s no surprise, then, that poorly-thought-out BYOD can be a disaster waiting to happen, as evidenced by the 2017 breach of a South Korean cryptocurrency exchange—attackers compromised over 30,000 customers’ details, took off with at least $31m and are believed to have attacked an employee’s home computer.
Mitigate comes with a suite of Cyber Essentials-, ISO-27001 and GDPR-compliant default policies and e-learning training for employees on a range of security topics, including BYOD, helping to ensure that your employees are informed and know how to keep both themselves and your company safe from ransomware attacks—for more information, get in touch at 0333 323 3981 or [email protected] today.