The world’s top companies use wandera Learn Why Try Wandera for Free

Threats in a mobile world, according to Graham Cluley

Threats in a mobile world, according to Graham Cluley

1916 731 Suraiya Datardina

The world has changed.

Of course, we all know the world has changed, we can see it. But are we aware of how much it has changed in such a short space of time?

Graham Cluley, a leading security blogger spoke at Wandera’s mobility and security event LEVEL earlier this year and his presentation was eye-opening.

“There is no doubt, that cybercrime has changed enormously.”

Where did it all begin?

25 years ago when Graham first started as a programmer there were about 200 computer viruses a month. At that time computer updates were pushed out on 360 floppy disks which were sent in the post. Or if there was something really urgent, it was possible to fax or even call and dictate the antivirus update.

The viruses of the time were little more than electronic graffiti, they didn’t do much and would announce their presence straight away.

“There used to be no point in writing viruses”

The rise of organized criminals

Slowly, organized criminals entered the picture and realized if their malware was silent, they would then be able to steal passwords, credit card information and other sensitive data.

It was then possible to monetize this activity, either directly through stealing bank details, or through stealing intellectual data and commoditizing it.

“Malware changed from being that electronic graffiti to being insidious, stealthy, it could be present for months and months before anyone noticed”

Ransomware

This is when ransomware started to take off – the blue screen of death. Your data is encrypted, and the only way to get the key to un-encrypt it is to pay a ransom. And it has worked, data is the lifeblood of an organization.

Some ransomware went one step further. Jigsaw started putting time limits on ransom payments, saying it would delete your files every hour, and after 72 hours they would ‘shoot all the hostages’ and you would never get your data back.

“You will need Bruce Willis to deal with this situation”

Popcorn Time was another type of ransomware. If you couldn’t work out how to create Bitcoin, the other way to pay was to spread the evil. Send the link to two people. If they got infected and paid the ransom, you got your files back. So, in complying, you would become an affiliate to the ransomware.

Hacking

Before you knew it, hospitals were being hacked and having to revert back to paper, hackers were demanding millions. The metro system in San Francisco was hacked not too long ago, however, they refused to pay, instead they opened ticket gates letting travellers travel for free for the day. Crucially they had backups in place so they were able to recover. This is the key, every organization needs to make sure they have backups in place and that those backups are secure.

“You have got to have backups in place, you have to have a recovery mechanism and make sure that that backup is secure.”

“There has been a huge rise in identity theft, 25 years ago it sounded like something from a Sci-Fi movie. Now, everyone knows about it.”

Rising mobile attacks

While historically these attacks have mostly been seen on desktops. They are now hitting mobile. The reason for this? Mobile phones are no longer phones. They are mini computers that can track your location and have built-in microphones and cameras.

Criminals realized there was value in knowing what people were doing on their devices – where they do their banking and shopping for example – and they also knew the devices were under less security and IT control than desktops.

“Everybody had a spy in their office, on all of the time, everywhere they went inside their pockets. Tracking locations, with microphones and cameras.”

The problem of apps

The first smartphones didn’t have apps. The app store didn’t exist. Both the Android and iOS operating systems (assuming they are up to date) are fairly secure systems. The main problem is the apps. Apps are under less scrutiny than the devices themselves and anyone can write a dodgy app and put it up on the app store.

“Not so much about the operating system, it is really about the apps that are running on them, they are a much bigger security problem”

Milkydoor was a backdoor that affected over 200 apps. A hacker would download a popular app, wrap it up in some malware and re-upload their version pretending to be the real thing.

People then download the app not knowing. This created a back door used as a proxy to exfiltrate information from your organization, and it all came through the app.

“Your users would come along and download the app without knowing”

Hackers then realized they could infect many apps by creating a library of codes which app developers could then use when creating their own apps.

These libraries were used and did spread malware. It was even found that the Android weather app was a trojan stealing information. In some cases malware has been pre-installed onto the device before it is even sold.

“Programmers are lazy (trust me I know), if someone has already written the code for you, you can just plug that code in. But have you checked the code is legitimate or not?”

Who is interested in your data?

It is not just criminals who are interested in your data. The police are also interested, as are intelligence agencies. Countries are using it to spy on each other. Or even hack each other as you can see from recent claims about various elections including the US and France.

Don’t forget about mobile security

Mobile security is a must. Not an afterthought.

  • What to think about:
  • Are apps properly protecting your data?
  • Are they properly authenticating your access?
  • Are they using encryption to secure your data
  • Can free apps afford to secure it in the first place?
  • Where is the information being stored? Is it a secure cloud?

“Put the right defenses in place you shouldn’t have too much to worry about.”

To watch the full presentation click here.

 

Learn more about threat prevention

You might hear about the dangerous leaks and mobile attacks that make the news. But your organization might just be vulnerable to other threats right now.

FIND OUT MORE