With very few exceptions, such mobile devices no longer run on proprietary or device-specific operating systems. Instead, 97% of all mobile devices sold rely on one of two operating systems. The fact that hackers have long since taken advantage of. For a good reason.

Current malware is now so significant that it can even target specific device types. This opens up a broad additional field of activity for hackers and one that can be opened up with limited resources. Modern mobile devices are susceptible to malware, man-in-the-middle attacks, SMS information interception, and, most importantly, phishing attacks.

Most attack scenarios benefit from the fact that, on a mobile device, we are much more inclined to click on a malicious link or to install legitimate-looking malware. Social engineering, phishing, or a combination of different attack vectors are the means of choice. The only way to protect yourself against attacks of this kind is to make the user aware and provide technological support.

Attractive Because It Is Ubiquitous

One reason for the rapid increase is the ubiquitous professional use of mobile devices. In contrast to the ‘controlled’ and concentrated use of a laptop or desktop, smartphones are used in multi-tasking mode: on the way to work or the next meeting, during a short break, or quickly in the evening on the couch before the news. Also, many devices are used in a mix for both professional and private purposes. This, combined with smaller screens and the limited possibilities on mobile platforms to distinguish real from fake, has opened up new possibilities for criminals. The development has even “forced” them to deal with attack methods on mobile platforms in order not only to “phish” access data from end-users.

From a company perspective, the previously defined boundaries of traditional company networks and solution approaches are blurring and disappearing. Against this background, corresponding perimeter solutions are only partially effective if you want to protect yourself against phishing attempts on mobile devices, as devices are mostly used outside of your controllable network. Therefore, it is more comfortable and more profitable for cybercriminals to attack a mostly unprotected mobile device than a comparatively well-protected laptop or desktop.

Traditional Security Measures Surrender To Mobile Phishing Attacks

Conventional security solutions such as secure email gateways filter out potential phishing emails and malicious URLs before they land on the email server or with the user. Secure Web Gateways, in turn, analyze the employees’ Internet content for malicious code and phishing pages. Both methods are ideal for protecting company emails. However, employees use emails and a large number of different mobile messaging and social media applications on their devices in addition to business and private emails.

And to exacerbate the problem, the majority of smartphones are used outside of the company’s WLAN – i.e., in networks that companies cannot control. All in all, companies are increasingly lost when it comes to protection against mobile phishing and cannot avoid dealing more seriously than before with the topic of mobile security.

Private Emails

Hackers are aware that the sometimes strict security precautions for company emails are often missing in private accounts. Also, most people today read private and business emails first on their mobile devices. Phishing attempts that target personal email accounts work something like this:

An employee receives a private email from her friend on her mobile phone to share photos via a new photo-sharing app. The said employee does not find this unusual. It’s not the first time she and her friend have exchanged photos via text and email. So the employee clicks on the link and downloads the app. After downloading, it initially looks like the app is not working. Later that afternoon, the employee makes a bank transfer to the shared family account, opens her mobile banking app, and enters her access data. What the employee missed, however, is that there is a banking Trojan behind the alleged “photo” app.

Social Networking And Mobile Messaging Apps

Mobile devices and their app stores make a flood of messaging apps and platforms accessible. The downside: They also open up entirely new avenues for attackers. Imagine an employee who regularly communicates with friends, family, and even colleagues and customers via WhatsApp. One day, a colleague that said employee typically chats with on WhatsApp sends a message asking him to review a batch of information for a customer meeting as soon as possible. Based on the shared history, the employee does not hesitate long and clicks on the link. This leads him to a Microsoft login page, where he enters his access data as usual because the team uses Office 365 for presentations.

SMS / MMS

The third way that attackers like to launch a phishing attack is SMS or MMS. According to a study conducted by Lookout in the United States, over 25 percent of employees click a link in a text message if the fake phone number looks like it’s from the local area. Pegasus, one of the most sophisticated mobile advanced persistent threats (mAPT), used precisely this method. It was possible to crack an iPhone with just one click, install spyware, and leave the user just as smart as before.

Once you understand how easy it is to exploit these weaknesses, it is hardly surprising that mobile phishing attacks are rising. In contrast, it is more surprising that most companies and organizations continue to protect, for example, only company emails from phishing attacks. Phishing attacks have long since developed well beyond the corporate email vector and are one of the primaries, but notoriously underestimated, gateways for accessing sensitive corporate data.

Also Read: 3 Converters From PDF Bear You Should Use

The post Mobile Phishing Danger For Users And Companies appeared first on Trends Tech Blog.

We Have Increased Our Dependence On Technology

The reported cases of coronavirus in the world cover more than 150 countries and the obligation of confinement lead individuals and companies to have a greater dependence on communications by digital means. The Internet has become almost the only channel for interaction and as a means of work.
We have increased our dependence on technology, companies, both in the private and public sectors, continue their work to encourage teleworking, and communications between people are practically reduced to calls and videoconferences, chats, and messages on social networks. Similarly, a good part of the services and information offered by different government organizations are accessible by online means.
In this context, as novel as it is unusual, an attack by cybercriminals that would limit users and companies from accessing their devices, their data, or simply the Internet, would be devastating because it would lead to a stoppage of operations.
And putting ourselves in the worst-case scenario, such an attack could cause infrastructure failures that can affect even cities, paralyzing, for example, the function of health care systems or public services in general.

Threats That Exploit Fear And Uncertainty

Cybercriminals seek human recklessness to enter systems. When a crisis is prolonged excessively, as it is currently happening, people often make mistakes that they would not have made under normal circumstances.
It is estimated that 98% of attacks are due to the use of social engineering methods, and the creativity of cyber criminals increases day by day to access passwords and personal or special interest data. To do this, current topics are used to tempt users and make them make mistakes when clicking on a link or opening an attached message in an email.
We have lived the cases of phishing and malware distribution impersonating the Chinese Ministry of Health or the impersonation campaign to the World Health Organization (WHO) in which a donation was requested to be made in the form of Bitcoins, to contribute to the investigation of a cure against COVID-19.
The extortion cases even affect hospitals, with the record of an attack on a hospital in the Czech Republic, as well as messages addressed to elderly people with threats of contagion if a certain amount of money is not transferred.
And scams via the web proliferate over the purchase of virus test kits, fraudulent pages aimed at collecting donations for research into a vaccine, or portals that offer and sell all kinds of products in the Darknet markets.

Cybersecurity Recklessness Soars

On the other hand, it is not a conscious thing, but being online for more time leads us to behave in a more risky way. For example, it is not uncommon to search for free access to undesirable web pages or to search for software without official licensing, thus opening a door to possible attacks and the installation of malware.
Let’s not forget that there can also be hidden risks in the usual tasks related to credit cards or in the installation of specialized applications.
Normally it is dangerous to click on unreliable links, but during the pandemic, this action can be destructive and have a very high economic cost for whoever performs it or for the organization in which they work.

Awareness And Caution, The Best Safety Tips

• COVID-19 has forced us to change our daily habits and routines, but it also requires a change in our online behavior:
• In the current situation, wherein many cases employee-owned domestic devices are used to remotely access company networks, it is particularly relevant that our homes are cybersecurity.
• You have to be especially careful to whom we give your personal information. It is convenient to take our time to check what we are reading, what they ask us, and where we are going to access it.
• Last but not least, the best way to act is to look at everything with a magnifying glass and trust only those companies, people, or institutions with credible creditworthiness, as well as national or local government agencies.
• To help protect everyone, the Basque Cybersecurity Center has created a specific section on the related risks and threats related to the coronavirus and an awareness kit with tips, specific infographics, and a series of documents that help prevent exposure to cyber threats.

Also Read: How To Accelerate Your Business With Artificial Intelligence

The post Cybersecurity In The Days Of COVID-19, More Important Than Ever appeared first on Trends Tech Blog.