Every corporate device needs to be protected against the various mobile malware threats, says David Emm
A virtual cyber war is taking place. With hackers constantly trying to outwit cybersecurity defences with ever-changing threats and tools, businesses are now forced to regularly review their security strategies – and if they do not do so, they risk becoming extremely vulnerable to cyber-threats. In this age, every connected device is vulnerable to cyberattacks, with the rise of bring your own device (BYOD) increasing the threat vector.
Mobile malware plays a significant and growing role in a cybercriminal’s attack arsenal. And with more organisations supplying company phones and tablets, hackers have new endpoints to target and opportunities to profit from.
Mobile malware can result in the loss of money and sensitive data and allows attackers access to corporate networks. Put simply, every corporate device needs to be protected against the various mobile malware threats, which include the following:
The ransomware Trojan Rakhni is a case in point. This malware loader chooses which component to install depending on the device. The malware, which we have seen in Russia, Kazakhstan, Ukraine, Germany and India, is distributed through spam mailings with malicious attachments. One of the samples we analysed masquerades as a financial document. When loaded, this appears to be a document viewer. The malware displays an error message explaining why nothing has opened. It then disables Windows Defender and installs forged digital certificates. The malware checks to see if there are Bitcoin-related folders on the computer. If there are, it encrypts files and demands a ransom. If not, it installs a crypto-currency miner. Finally, the malware tries to spread to other computers within the network.
One of the most noteworthy discoveries this year was Skygofree, one of the most advanced mobile implants that Kaspersky Lab has ever seen. It has been active since 2014 and was designed for targeted cyber-surveillance. It is spread through web pages, mimicking leading mobile network operators. This is high-end mobile malware that is very difficult to identify and block, and the developers behind Skygofree clearly used this to their advantage - creating and evolving an implant that can spy extensively on targets without arousing suspicion.
Some of the discovered WAP-clickers also had modules for crypto-currency mining. The rise in price of crypto-currency makes mining a far more profitable business, even though the performance of mobile devices is not that good. Mining results in rapid battery consumption, and in some cases even device failure. Kaspersky Lab also discovered several new Trojans posing as useful applications that were mining crypto-currency on an infected device. As crypto-currency mining continues in 2018, there will likely be a rise in new miners and techniques.
However, despite this decline in the total number of people impacted, mobile ransomware Trojans remain a serious threat, because they have become much more technically advanced and more dangerous than ever before.
Mobile ransomware remains both simple and effective, with its capabilities and techniques almost unchanged – and still posing significant threats to both consumers and businesses.
In recent times, rooting malware has been the biggest threat to Android users. These Trojans are difficult to detect, boast an array of capabilities, and have been very popular among cybercriminals. Once an attacker has root access, the door is open to do almost anything. Their main goal is to show victims as many ads as possible, and to silently install and launch the apps that are advertised.
This shift was triggered by the overall decrease in the number of mobile devices running older versions of Android, which are the main targets of Trojans. This is primarily because the common vulnerabilities they exploit are usually patched in the newer versions of the system.
As a result, creators of advertising Trojans are increasingly confronted with devices on which they cannot gain a foothold. This provides the victim with the chance to get rid of this malware once it starts aggressively displaying ads or installing new applications.
To reduce the risk of infection from today’s evolving threat landscape, stay protected and avoid endpoint infiltration, Kaspersky Lab advises businesses to do the following:
Kaspersky Lab also has the following top tips for individual employees:
David Emm is Principal Security Researcher, Kaspersky Lab
Powered by Zimbra