Connect with us

Cyber Security

Why Are Cybercriminals Increasing Their Focus on Mobile Devices?

Published

on

Written by Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East

A survey carried out in the last year revealed that almost half (49%) of organizations worldwide are unable to detect an attack or breach on employee-owned devices. At a time when workforces around the world are becoming increasingly distributed, there’s a genuine risk that the mobile arena could soon become the new corporate cybersecurity battleground.

From mobile spyware that can assume complete control of iOS and Android devices via zero-click exploits, to trojans deployed via malicious apps that can harvest users’ credentials, organizations have never been more at risk from mobile threats. What’s more, any notion that hybrid working and a BYOD (bring your own device) culture were simply part of a temporary response to the COVID-19 pandemic can now also be laid to rest.

In data published as recently as February 2022, Statista reported that 30% of the world’s workforce now work exclusively from home. The same survey indicated that around 60% of companies are now actively facilitating hybrid working, giving their employees the freedom to choose where they log on. But how many of these organizations are fully prepared for the security demands of a truly mobile workforce?

As outlined in our 2022 Security Report, the number of weekly cyberattacks on corporate networks peaked at an average of 900 attacks per organization in Q4 2021. Across the entire year, we recorded a staggering 50% increase in weekly attacks from 2020. Far from being a coincidence, it’s more likely that cybercriminals are simply taking advantage of the expanding mobile ecosystem that organizations worldwide now occupy.

The emerging mobile threat
We’ve seen some concerning developments in the mobile threat landscape throughout the past year. Our report referenced NSO’s Pegasus, notorious for its ability to gain full control of iOS and Android devices via an elaborate zero-click exploit. NSO, the group responsible for the spyware, is currently one of the highest-profile vendors of “access-as-a-service” malware, selling packaged hacking solutions that enable affiliate threat actor groups to target mobile devices without the need for homegrown resources.

In 2019, Pegasus was used to leverage WhatsApp and infect more than 1,400 user devices, from senior government officials to journalists and even human rights activists. More recently, in 2021, it was widely reported that Pegasus had been used to target the mobile devices of more than 50,000 devices around the world, including those of high-level business executives. Pegasus is noted for its sophisticated infection and data exfiltration capabilities, and as such we think it’s likely to inspire similar malware threats. As mentioned in our report, a Macedonian-based group has already created the Predator spyware in Pegasus’ wake, designed to infect target devices via single-click links sent over WhatsApp.

Both Pegasus and Predator are representative of a general shift toward social media and messaging apps as a way to steal credentials and infiltrate corporate networks. In August 2021, an Android trojan known as FlyTrap was found to have compromised more than 10,000 Facebook accounts across more than a hundred countries. Not long after, a fraudulent version of WhatsApp designed to deliver the Triada banking trojan made its way onto the Android store, putting thousands of devices at risk. Toward the end of the year, in November, a new malware known as MasterFred gained traction by using fake login overlays to steal credit card information from Twitter and Instagram users.

These emerging mobile malware threats aren’t just designed to impact individuals; they’re designed to extort and steal data from corporate networks at a time when the lines between personal and business-owned devices are becoming increasingly blurred. WhatsApp Business launched in 2018 and already has more than 100 million users, all of them using the messaging app to exchange potentially sensitive business information. This emerging mobile threat is real, and this is most likely only the beginning.

SMS phishing
Another worrying trend we’ve witnessed is a rise in SMS phishing or “Smishing” attempts. Using SMS messages as an attack vector may seem rudimentary, but as with email phishing, it’s still disconcertingly effective. In our report, we noted that the FluBot botnet had made a return in 2021 despite being dismantled by authorities earlier in the year. It spread convincing security update warnings, parcel delivery alerts, and voicemail notifications to users that, if they clicked on the link, would infect their device.

UltimaSMS also launched in 2021, a widespread SMS scam that leveraged more than 150 apps on the Google Play Store to sign victims up to a “premium” SMS subscription service without their knowledge, stealing money and additional access privileges as a result. With an increasing number of users bringing their smartphones to work or using their smartphones at home to access work-based information, the risk caused by Smishing – or any phishing campaign for that matter – cannot be ignored.

Banking and mobile malware
The banking malware landscape has been a hive of activity for years now, dominated by adaptive, difficult-to-detect malware families that extort business and harvest financial information. Trickbot rose from second place to become the most prevalent banking trojan in 2021, responsible for nearly a third (30%) of all global incidents according to our own research. Trickbot is incredibly versatile and uses sophisticated techniques such as anti-analysis to get around the defenses of financial and technology companies, including those that deal in cryptocurrency.

Qbot and Dridex are two other prominent banking trojans that exhibit botnet-like features, used by ransomware campaigns to drop malware onto infected devices. Dridex was even among the first malware to be distributed via the Log4j vulnerability that put countless businesses at risk toward the end of 2021.

In September 2021, we uncovered a wave of malicious Android applications that targeted the PIX payment system and its mobile banking apps. These applications abused Android’s Accessibility Services (AAS) in order to siphon money from PIX transactions while remaining largely undetected.

This was yet another incident that we expect to inspire further similar moves from other threat actors within the mobile banking space – not good news for a generation of accountants, c-suite executives, and business owners that are now more likely than ever to rely on mobile or remote-access banking.

How organizations can keep their guard up
From malicious apps and mobile ransomware to SMS phishing and OS exploits, the mobile threat landscape is a complex one for organizations to navigate, particularly with employee-owned devices in the equation. How can a company strike a balance between protection and privacy? What can businesses do about devices that are inherently vulnerable? Aren’t MDM (mobile device management) solutions enough to keep company data safe?

The difficulty with mobile devices is that they’re vulnerable to several attack vectors, including the application, network, and OS layers. If an organization wants to proactively guard against mobile malware instead of simply reacting to infections as they occur, it needs more than the basic level of monitoring afforded by most MDM solutions.

As our mobile ecosystem continues to expand, the attack surface area available to threat actors will expand right along with it. It’s never been clearer that mobile security is no longer an option for businesses. Instead, they should be looking to broaden their capabilities while taking a more holistic approach to guarding their increasingly distributed endpoints.

Cyber Security

GISEC Global 2025: Phishing, Data Breaches, Ransomware, and Supply Chain Attacks Causing Challenges

Published

on

Maher Jadallah, the Vice President for Middle East and North Africa at Tenable, says effective exposure management requires a unified view of the entire attack surface (more…)

Continue Reading

Cyber Security

GISEC Global 2025: A Place Where Innovation, Partnerships, and Leadership Come Together

Published

on

Meriam ElOuazzani, the Senior Regional Director for META at SentinelOne, says, the company will showcase its latest developments in AI-powered security solutions, reinforcing its position as a leader in this area (more…)

Continue Reading

Artificial Intelligence

Cequence Intros Security Layer to Protect Agentic AI Interactions

Published

on

Cequence Security has announced significant enhancements to its Unified API Protection (UAP) platform to deliver a comprehensive security solution for agentic AI development, usage, and connectivity. This enhancement empowers organizations to secure every AI agent interaction, regardless of the development framework. By implementing robust guardrails, the solution protects both enterprise-hosted AI applications and external AI APIs, preventing sensitive data exfiltration through business logic abuse and ensuring regulatory compliance.

There is no AI without APIs, and the rapid growth of agentic AI applications has amplified concerns about securing sensitive data during their interactions. These AI-driven exchanges can inadvertently expose internal systems, create significant vulnerabilities, and jeopardize valuable data assets. Recognising this critical challenge, Cequence has expanded its UAP platform, introducing an enhanced security layer to govern interactions between AI agents and backend services specifically. This new layer of security enables customers to detect and prevent AI bots such as ChatGPT from OpenAI and Perplexity from harvesting organizational data.

Internal telemetry across Global 2000 deployments shows that the overwhelming majority of AI-related bot traffic, nearly 88%, originates from large language model infrastructure, with most requests obfuscated behind generic or unidentified user agents. Less than 4% of this traffic is transparently attributed to bots like GPTBot or Gemini. Over 97% of it comes from U.S.-based IP addresses, highlighting the concentration of risk in North American enterprises. Cequence’s ability to detect and govern this traffic in real time, despite the lack of clear identifiers, reinforces the platform’s unmatched readiness for securing agentic AI in the wild.

Key enhancements to Cequence’s UAP platform include:

  • Block unauthorized AI data harvesting: Understanding that external AI often seeks to learn by broadly collecting data without obtaining permission, Cequence provides organizations with the critical capability to manage which AI, if any, can interact with their proprietary information.
  • Detect and prevent sensitive data exposure: Empowers organizations to effectively detect and prevent sensitive data exposure across all forms of agentic AI. This includes safeguarding against external AI harvesting attempts and securing data within internal AI applications. The platform’s intelligent analysis automatically differentiates between legitimate data access during normal application usage and anomalous activities signaling sensitive data exfiltration, ensuring comprehensive protection against AI-related data loss.
  • Discover and manage shadow AI: Automatically discovers and classifies APIs from agentic AI tools like Microsoft Copilot and Salesforce Agentforce, presenting a unified view alongside customers’ internal and third-party APIs. This comprehensive visibility empowers organizations to easily manage these interactions and effectively detect and block sensitive data leaks, whether from external AI harvesting or internal AI usage.
  • Seamless integration: Integrates easily into DevOps frameworks for discovering internal AI applications and generates OpenAPI specifications that detail API schemas and security mechanisms, including strong authentication and security policies. Cequence delivers powerful protection without relying on third-party tools, while seamlessly integrating with the customer’s existing cybersecurity ecosystem. This simplifies management and security enforcement.

“Gartner predicts that by 2028, 33% of enterprise software applications will include agentic AI, up from less than 1% in 2024, enabling 15% of day-to-day work decisions to be made autonomously. We’ve taken immediate action to extend our market-leading API security and bot management capabilities,” said Ameya Talwalkar, CEO of Cequence. “Agentic AI introduces a new layer of complexity, where every agent behaves like a bidirectional API. That’s our wheelhouse. Our platform helps organizations embrace innovation at scale without sacrificing governance, compliance, or control.”

These extended capabilities will be generally available in June.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.