Wandera is committed to helping our partners stay in the know about the latest trends in mobile security. A key component of this initiative is providing you with clear, high-level insights you can pass on to your customers as you educate them on the importance of mobile security.
In our last piece, we covered phishing, unencrypted network risks and cryptojacking.
This time, we’re shifting the spotlight to mobile malware.
Malware, short for ‘malicious software,’ comes in many different forms on mobile, including adware, banker malware, ransomware, rooting, SMS malware, spyware and trojan malware.
New strains of malware are being identified all the time (for more on the latest malware attacks to watch out for, check out all our malware coverage here).
One of the most common ways malware hits devices is via malicious apps, or through apps that are compromised and allow for malware to be installed on devices before security patches are released. This is why it’s critical for users (and organizations) to stay vigilant about which apps are installed on their devices and to keep apps and operating systems as up to date as possible.
How to relate it
Mobile malware is the smartphone and tablet equivalent to traditional computer viruses for desktops and laptops. Due to this connotation, when the term ‘mobile threat’ or ‘mobile cyber attack’ comes up, the idea of mobile malware is likely what someone with little to no exposure to mobile security imagines in some form.
This often makes malware a good starting point for explaining mobile cyber threats to customers that are just starting to think about mobile security.
Why it’s a problem
A common objection we hear from customers during initial conversations about mobile security is that they believe their devices are protected by security measures within the operating systems, or that they’re protected as long as they keep operating systems up to date.
Mobile operating systems are not foolproof. As we’ve seen time and time again, hackers can and do find and exploit vulnerabilities within the OS to infect devices with malware.
A few recent examples of OS vulnerabilities that have been exposed:
- Google researches reveal another iOS vulnerability
- Apple accidentally reopens a security flaw introducing jailbreak risk
- Update your iPhone now: severe vulnerability affecting iMessage
- How to protect your organization from Agent Smith malware (Android vulnerability)
Apple and Google are continuously enhancing the security of their devices and operating systems as well as vetting apps on their respective app stores. This makes it more difficult and less rewarding from a cost-benefit perspective for hackers to develop malware sophisticated enough to bypass all of the security measures in place for iOS and Android. Shortly after a major attack is carried out and discovered, the vulnerabilities that made it possible are typically remedied by the OS developers, sending hackers back to the drawing board.
However, this back-and-forth nature has certainly not deterred hackers from developing new strains of mobile malware that penetrate operating system vulnerabilities and infect devices through malicious or compromised apps.
But it has stimulated growth in other attack vectors.
Cyber criminals are increasingly turning to social engineering techniques. According to Wandera’s 2019 Mobile Threat Landscape report, mobile users are 18x more likely to click on a phishing link than they are to encounter malware.
How Wandera protects against mobile malware
With a database of over 42 million scanned apps alongside our vetting technology, malicious apps can be identified and blocked, keeping sensitive data safe. Wandera’s threat intelligence runs on MI:RIAM, an advanced machine learning engine that identifies and eliminates the broadest range of known and unknown zero-day threats.
Learn more about Wandera’s Mobile Threat Defense solution here.