With more than 4.77 billion mobile users worldwide and a rush to adopt connected devices for every conceivable usage, it is little wonder that cybercriminals have turned their attention away from the PC to smaller devices. Here we look at some of the trends that will shape the ever-changing landscape of mobile security this year.
The General Data Protection Regulation (GDPR), which comes into force on May 28 2018, will be a major focus for organizations looking to secure data on mobile devices. Under GDPR, organizations are required to secure all personal data on a mobile device including data in transit from one mobile device to another, to a desktop or an application, together with data being processed. Organizations will need to look closely at what devices employees are using, what type of data they have and where it is being stored and put mobile management platforms in place.
This issue is complex and the risk of data privacy leakage higher where employees are installing personal apps and also store their own private data on work approved devices. Apps are particularly vulnerable with 84 percent of all attacks happening at the application level, according to software company SAP.
How secure is your WiFi? This is a question that will get asked many times over the coming months.
Recently a security researcher in Belgium discovered a flaw, dubbed KRACK, short for Key Reinstallation AttaCK, which relates to the authentication process of Wi-Fi’s protected access, known as WPA2. Attackers have to be physically close to the target, but once in they can decrypt traffic, launch man-in-the-middle attacks or hijack connections. Luckily, there is an easy fix patch available.
It has put into question, however, the security of IoT devices and the fact that many manufacturers still view security as an afterthought. There is also the issue that many IoT devices lack easily accessible interfaces through which uses can update, patch and secure their connections. The responsibility for patching will be with the device manufacturers, who will need to push out updates to millions of IoT devices simultaneously.
Mobile based attacks
Increasing use of mobile devices attracts cybercriminals. McAfee Labs reports that in the first quarter of 2017, it identified 16 million incidents of mobile malware. And survey of security professionals by Check Point found that 20% of companies knew they had been breached and another 24% couldn’t tell.
The most likely threats are targeting mobile devices at sources of Distributed Denial of Service attacks on web services. Readily available DDoS kits and DDoS as a Service platforms are making it much easier for cybercriminals to launch attacks. At the same time, the rush to connect ‘things’ has left poorly secured devices open to being hijacked by malicious users to form a powerful botnet to lock up websites.
Rise of Ransomware
The global nightmare of ransomware attacks on mobile devices continues. Mobile ransomware ‘soared’ in the first quarter of 2017, up an astonishing 250%, according to Kaspersky Labs, and shows no signs of abating.
Sophos Labs has just released its 2018 malware forecast and the big takeaway is that malware isn’t going away. Android ransomware is attracting cybercriminals in particular, with attacks increasing on Android devices on almost a month by month basis. Sophos believe that this type of Android attack has taken off as it as an easier way for cybercriminals to make money as opposed to stealing contacts and SMS or phishing for example.
Cybercriminals will step up their attacks on mobile devices in 2018, seeking out vulnerabilities in organizations’ mobile networks using sophisticated new techniques, alongside old and proven ones. For those that do not have robust security policies in place alongside employee awareness training, will is not a case of ‘if’, but ‘when’ they will be targeted.
Do you want to preserve your business from denial-of-service attacks? Orange Business Services’ DDoS protection offers you defense against all types of DDoS attacks. Find out more here
Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.