Cyber-attacks on mobile phones, the bloodletting that never stops

There are now more mobile phones in the world than inhabitants. This is a major problem for the world of cybersecurity. In fact, the number of cyber-attacks on mobile phones is growing all the time

The attack surface is so large that, in the end, it could not be otherwise. Cyber-attacks on mobile phones have become a major problem in the world for a simple statistical reason. Today, the number of mobile phones exceeds the number of citizens on a global scale.

More than 7.7 billion phones for 7.3 billion people, according to the International Telecommunications Union (ITU). In other words, a succulent temptation for cybercriminal groups lurking in the bowels of the Net.

The truth is that the number of cyber-attacks on mobile phones is growing all the time. In Spain, for example, it’s estimated that four out of every 10 cyberattacks on companies originate from a smartphone.

Phishing, credential theft, ransomware attacks, infected applications… The casuistry is so varied that cybersecurity companies such as Tarlogic Security have high-level teams working in this field.

The objective? To mitigate the threats posed by a phenomenon that has given ample proof of its capacity over the last few years.

Just tell that to the almighty Jeff Bezos, founder and largest shareholder of Amazon. In March 2018, a group of hackers managed to infect his mobile phone with spyware called Pegasus.

The program, created by the Israeli company NSO, allowed cybercriminals to steal a wealth of information about the e-commerce magnate.

Journalism icon hacked

Just two months later, the same spyware infected the terminal of New York Times journalist Ben Hubbard. The attack sought to access data from a series of articles on Saudi Arabia and a book on Saudi Crown Prince Mohammed bin Salman.

The truth is that, beyond these episodes, cyber-attacks on mobile phones represent a latent threat to companies due to the lack of a strategy. Of an operation to monitor and prevent the multiple threats related to these incidents.

Mauricio Trujillo, Tarlogic’s cybersecurity consultant, points out at this point that it’s necessary to differentiate between company mobiles and personal terminals that are also used for these purposes.

This is known as BYOD (Bring your own device). A company policy that authorizes the use of employees’ personal devices to access the company’s technological resources. Corporate email, applications…

In the case of company telephones, Trujillo recommends that companies use MDM (Mobile Device Management) platforms. These are tools that allow very precise configuration of the terminals and their security policy.

Access configurations, applications that can be downloaded, access to Wi-Fi networks… In short, very precise risk control to prevent cyber-attacks on mobile phones. «Mobile phones must be part of the global cybersecurity strategy. It would be foolhardy not to do so», explains the Tarlogic Security consultant.

Multiple threats on the Net

In any case, it’s with personal mobiles that the multiple threats circulating on the Internet reach their maximum expression. Óscar Mallo, a cybersecurity advisor at Tarlogic, reminds us of the multiple fronts on which they are working.

Mobile-specific ransomware such as Android /FileCoder C. A malicious code that, using the contact lists of the phones that had been compromised, propagated itself by sending mass SMS messages.

Or malware such as AbstractEmu, which accessed Android devices to reconfigure the device. This was how they stole credentials, monitored notifications, or took screenshots.

A huge problem for employees who work with sensitive information and could see the security of their handsets compromised.

Both Trujillo and Mallo insist on the need to be extremely vigilant when downloading applications. This could also be the source of a very serious problem. There are many applications that appear every year in the official Apple and Android shops that contain very unpleasant surprises. Apps that hide malware or malicious code that end up infecting legitimate terminals.

Just three months ago, Google removed eight applications from its shop for being infected with a virus that allowed them to take control of the mobile phone. Accessing banking information, passwords, even money…

«People are sometimes a bit careless about this -warns Trujillo-. When you download an application, you have to take a good look at the issue of permissions because, by giving them, they can end up infecting your smartphone».

Many cyber-attacks on mobile phones stem from this practice.

However, the ball is also in the court of the companies that develop apps. Their responsibility in these episodes is obvious, and they would do well to conduct a mobile security audit to prevent these devices from being a gateway to other attacks.

Monitoring Wi-Fi networks, containing risks

Wi-Fi networks are also often a gateway to businesses. In particular, they allow users to connect to public networks with poor security levels. These are networks that will end up allowing third parties to infect a phone and, later on, to unleash a cyber-attack on a company via that same handset.

But it’s not only outside that there are problems. Monitoring and segmenting a company’s wifi networks is essential because that is where the problems can come from. A suite of wifi analysis programs such as Acrylic Wi-Fi can become a valuable ally to avoid them.

These tools not only analyze the coverage of available networks but also certify and monitor their security. Vital support to prevent hostile actors from getting hold of a user’s credentials.

«If someone manages to spoof a corporate access point, the threat is critical. Why? Because you could then unleash a brute force attack to penetrate the company’s systems», warns Óscar Mallo.

The theft of credentials via corporate wifi networks is a very sensitive issue. This is why Red Team’s services often test this vulnerability when they carry out one of their exercises.

In this scenario, protection is not an option. It’s an obligation. In addition to having advanced security services in place, companies would do well to provide a series of basic tips to their employees to prevent these episodes.

The list provided by Trujillo and Mallo includes basic issues and some more sophisticated ones to prevent cyber-attacks on mobile phones. All of them, taken together, represent a good starting point:

• Always keep the mobile phone updated with the latest version of the operating system.
• Update apps to the latest version, a process that can be automated from the handset. This can correct some vulnerabilities.
• Having an antivirus on the mobile. «If it can be a paid one, all the better -they both explain-. It’s not the definitive lifeline, but it can be a very useful aid».
• Download applications from the official shops. «It’s assumed that there are fewer problems, although we have seen serious incidents», says Trujillo.
• Use or activate a 2FA authentication factor where possible.
• Periodically check your phone and uninstall unused apps. The more apps you have on your phone, the larger the attack surface. That is why they recommend using only those that are actually useful.
• Install an application such as Conan Mobile to check the device’s security. This solution scans apps and checks permissions.
• Always use MDM platforms if they are corporate terminals to centrally manage security policies.
• Don’t connect to public networks. The vast majority are insecure and can become a headache.
• For enterprises, have network team services. They are worth their price in gold. Even develop source code audits to see if any services may be exposed.

In short, it was the first wall of security to keep the fort safe.

Discover our work and cybersecurity services at www.tarlogic.com