The number of threats that our mobile devices encounter increases every year and the risks from mobile malware has a large share in it. Research from Check Point revealed that every organization has encountered at least one mobile-related attack last year. In its 2021 Mobile Security Report, Check Point revealed that nearly 97% of organizations in 2020 faced mobile threats that used multiple attack vectors. Around 46% of organizations had at least one employee download a malicious mobile application. Banking Trojans, mobile Remote Access Trojans (MRATs), Clickers, Dialers, and Ad fraud were among the most common malware applications downloaded.
Key Findings
- At least 40% of the world’s mobile devices are inherently vulnerable to cyberattacks.
- Of 93% of security incidents originated in device network attacks, 52% are phishing attacks, 25% are related to C&C communication with malware already on the device, or 23% involved infected websites/URLs.
- Among the applications that had major vulnerabilities in 2020 are the world’s most popular social apps, including Facebook, Instagram, WhatsApp.
- COVID-19 is the new app attack premise, with skilled threat actors exploiting the public’s concerns with the pandemic via malicious apps that are masquerading as providers of legitimate help in times of crisis.
- Ransomware has gone mobile as in the case of Lucy, a Malware-as-a-Service (MaaS) botnet and a dropper for Android devices.
- Mobile Device Management (MDM) is a powerful new attack vector as was seen, for example, with a new Cerberus malware variant that infected over 75% of one company’s devices via corporate-owned MDM.
- Major threat groups are focusing on mobile, conducting elaborate and sophisticated targeted attacks, improving their mobile arsenal with capabilities that have yet to been seen on mobile.
Top Five Mobile Malware
Check Point’s report also revealed the top five mobile malware in 2020. These include:
- Hiddad
- xHelper
- Necro
- PreAMo
- Guerrilla
“Researchers have been observing a continuous rise in the number of attacks and data breaches that are coming in through the mobile endpoint. As such, it has become all too clear that the new normal means more numerous and more sophisticated mobile security threats, making robust mobile security a key business imperative,” Check Point said.
Security Precautions Against Mobile Malware
While mobile devices are vulnerable to various malware attacks, there are certain security measures to avoid them. These include:
- Use a virtual private network (VPN) to secure the data transfer while using public Wi-Fi networks.
- Download apps only from legitimate sources.
- Make sure to encrypt any sensitive data in the mobile. Your valuable information will remain secure, even if malware steals it.
- Use mobile vulnerability scanning to identify unknown vulnerabilities.
- Regularly update the mobile software and applications in the device to fix potential vulnerabilities.
- Install mobile security software.
Cybercriminals are constantly looking for new ways to break into victims’ devices. We need to consider our mobile devices the same way we treat our computers and servers, where we store a large amount of information. Since mobile devices carry most of our sensitive data like banking details, emails, and other private information, it is imperative to include them in the data security model.
