Pages

Friday, March 1, 2013

Widgets

Widgets

Top 5 Mobile Security Threats 2013



Today I will expand further on Security threat for specifically mobile devices using Andriod's Operating System.

A quick refresher from my last blog where I discussed the most likely security threats for anybody using a mobile device (Smartphone or Tablet)
- Toll Fraud
- Ransomware
- Bring Your Own Devices (BYOD)
- "Drive-by Exploits"
- Mobile Payments via NFC

TOLL FRAUD:
(SMS Text)  Everybody with a mobile or smartphone receives txt message like "Text 3030 to get your daily weather forecast on your phone" you want it? You text back the number and you receive your daily weather forecast.
This is called PREMIUM SMS as in this figure >>>>>>






Toll Fraud occurs as displayed in the below graph. It is successfull and it happens to more and more users
1A customer downloads an app that sends out an SMS message to that same ringtone provider.
2. The ringtone provider sends the confirmation message, but instead of reaching the smartphone owner, the malware blocks and confirms the text message before the user ever knows.
3. The malware writers further jumps in between the wireless carrier and the ringtone provider, pretending to be an aggregator, and collects the money you just paid through your bill. 


Ransomware:

What is Ransomware? Ransomware traditionally would infect PC's (via a trojan) and demand a ransom to unlock.  For Hackers it is a proven business model on pc's and now has set its sights on Mobile Devices Users. 
The biggest difference between Ransomware and other Trojan is that it does not rely on its victims to use the infected systems, instead hackers hijack the users ability access data, communicate or use their system at all! It is either pay up and hope you will gain access.
A typical and popular tactic of Ransomware is to infect somebodies mobile device or PC displaying a message from a local law enforcement agency asking to pay  an x-amount fine



BYOD (Bring Your Own Device):

BYOD means permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and use those devices to access privileged company information and applications. 
Big Question is: Are business prepaired for the (potential)risks it poses too its' IT structure. Organizations or IT departments have
less control than ever over enterprise data access from a myriad of consumer devices—including a groundswell of bring your own devices (BYODs)—and more difficulty determining which devices are accessing which systems and data. 
The answer is: 66% of organizations do not have or have not yet implemented a BYOD Policy or Strategy.

If you add to the fact that 25% employed people in the U.S. have been a victim of Malware in 2012 and take into account the factor of an organization's IT infrastructure and the individual user/employee own personal preferences whether using a company provided or personal device the threat of BYOD is to be taken serious because hackers do!



The basic precaution any organization should take:
1. Provide cybersecurity training to all BYOD employees. That training should include physical security, WiFi security and social engineering attacks. Try to provide at least four hours of face-to-face learning.
2. Make password-protected auto-locking a requirement on personal devices used for work and make sure employees know what makes a password strong.
3. Develop and enforce a clear, written policy that lets employees know what work-related data they may access with their own devices.


Drive-By Attacks

This type malware (via Botnet) is either offered for download directly, as a disguised executable file, or is hosted on a webpage that includes exploits that are designed to use specific browser vulnerabilities to secretly install malware on visitors’ computers often using complex social engineering techniques to convince the recipiants to click the links 




Although the above example is based on a PC or Laptop, any mobile device is exposed to the same threat! Or even a bigger one. Adam Kujawa of Malwarebytes calls 2013 "The Golden Age of Drive-By Exploits" "Due to the sheer number of incidents reported per day"
The key is to update your security patches and other patches (JAVA). Although this still does not entirely close the risk for infection as malware developers are reaching a level of development sophistication and effectiveness that they are able to to catch the tiniest window of opportunity. 

Mobile Payments via NFC
NFC stands for "Near Field Communication" it is the mobile wallet. Only introduced recently and a  big hit with the public. It is easy, simple and convenient: Tap & Pay! 

But not all is good. The introduction by Google of its own E-Wallet and the subsequent security breach posed a warning to all smartphone users.




For 2013 it is expected that digital pickpockets will be active in densely populated venues (airport, stations etc) to steal your money via the classic "bump and infect" method, this means that NFC is actually acting as enabler for theft. 

How can you prevent it happening to you? Manage your device in a vigillant way, be aware of free WI-FI area's, manage your device's connectivity responsibly. 

I have left a few items high on most of the industry security providers:
- Large scale attacks aimed at infrastructure
- Attacks focused on new software platforms (Windows 8, HTML5)
- Snowshoes & Spam (Botnet & Marketing)
- Hacking as a service... Yes indeed hacking is becoming mainstream... 

In my next blog I could address those, but I think I'll explore another MCommere angle!

Thank you for reading, please leave some comments and feedback, much appreciate! 

Share this blog and keep on reading!

Special thanks for McAfee, Lookout for their comprehensive reports.








No comments:

Post a Comment