The last twelve months have been huge for mobile security. Malicious actors returned with a vengeance and mobile attacks grew rapidly in sophistication. Ransomware outbreaks like WannaCry and Petya hit enterprises globally causing unparalleled disruption, new vulnerabilities like BlueBorne were discovered and phishing techniques grew more advanced by the day.
The threat landscape continues to be asymmetrical, and despite the continued investment, enterprises struggle to outsmart cybercriminals. Recent statistics show a 95% growth in mobile security breaches in 2017, but what is it that makes the current threat climate so volatile?
1.Sophisticated mobile phishing
When people think about phishing, they conjure up thoughts of poorly worded emails offering ‘unclaimed lottery winnings’, or ‘hassle-free’ payouts from ominous third parties. Fast forward to 2018 and things are very different. In today’s threat climate even the most reputable CISOs are finding it difficult to spot a phish.
Research shows a mobile user is 18x more likely to be exposed to a phishing attempt on mobile than malware. Less scrutinized channels like SMS, Skype, WhatsApp, games and social media are being employed at scale to distribute phishing links in places employees do not expect. Our latest whitepaper looks at the advanced phishing techniques employed to encourage innocent targets to interact with malicious files.
Unsuspecting victims are encouraged to click links, or run files to launch malicious code to start the attack. Mobile phishing is relentless within the enterprise and we don’t expect this to change anytime soon.<Sachin Sharma, VMware
2.Aggressive mobile malware
Ransomware attacks cost the enterprise an estimated $5billion in 2017, and the resurgence of threats like SLocker meant that enterprises had every right to be worried. It’s never been easier for cybercriminals to distribute ransomware to so many devices, a trend that is set to continue and which will facilitate more attacks.
Our digital lifestyle is changing at an immense rate, greater connectivity directly relates to greater opportunity for potential hackers: BYOD workplaces are on the rise, giving opportunities for smart hackers to place malware on your devices to infiltrate your workplace. This white paper explores the different strains of malware to be wary of throughout this year.
Last year’s evolution of malware shows adversaries are becoming wiser at exploiting undefended gaps in security. Like never before, defenders need to make strategic security improvements, technology investments, and incorporate best practices to reduce exposure to emerging risks.John N. Stewart, SVP and Chief Security and Trust Officer at Cisco
3.Explosion of cryptocrime
A developing trend that emerged in 2017 was the explosion of digital currency. Last year it was impossible to flick through a news feed, open a paper or go online without coming across a mention of cryptocurrency, cryptotrading or a crypto-related crime. That’s why it’s predicted that attackers will continue to target vulnerabilities in systems that implement blockchain technology associated with digital currencies throughout 2018. Incredibly, Wandera’s research shows that more than a ¼ of organizations have a least one mobile device running a cryptojacking script. Our report summarises all the ways in which attackers exploit digital currencies.
We’ll see a progressive shift in 2018 towards criminal use of cryptocurrencies other than Bitcoin, making it generally more challenging for law enforcement to counter.Rob Wainwright, Executive Director of Europol
Public and insecure Wi-Fi hotspots are an unavoidable part of the modern employee’s day-to-day life. Therefore, it comes as no shock that Wi-Fi hotspots are an enticing attack vector for criminals seeking to exfiltrate data for corporate devices. For minimal cost, an attacker can get their hands on equipment advanced enough to set up your own hotspot. Following a relatively simple process, an attacker can monitor online traffic to capture valuable information, and intercept your data as it’s being transferred. Read this whitepaper to explore other ways in which hackers can abuse Wi-Fi to get their hands on your data.
With the exponential growth in Wi-Fi and the fact that consumers show a strong preference for it, Wi-Fi is emerging as a truly global, roamable network. Evan Kaplan, CEO of iPass
Given the atrocities committed against consumer data over the decade or so, it’s no shock that legislative changes are being implemented this year to protect the sharing and storing of customer’s personal data. The key aim of the European Union’s General Data Protection Regulation – GDPR – which comes into effect in May this year, is to give EU citizens greater control and protection of their personal information. It also aims to provide a common regulatory framework for global businesses operating in the EU. Read our whitepaper to find out more about how you can protect your corporate data.
For organizations, the greatest risk is having a data breach when the reforms are fresh. GDPR implements new requirements for giving notice of a breach which will then attract a cascade of investigations into not only the organization’s security but also its compliance with the many other complex features of GDPR. Benjamin Wright, Attorney, SANS Istitute Instructor and GDPR expert
Mobile Threat Landscape 2018
Mobile moves fast, and security moves even faster. What are the key mobile security challenges facing the enterprise in 2018? Download this report to find out.