Home The mobile malware landscape in 2022

The mobile malware landscape in 2022

Sept 16 – Across the past 10 years, mobile device usage has increased exponentially. Over 5.3 billion people rely on mobile phones worldwide and over 90% of those individuals rely on smart or internet-enabled phones. What does this really mean?

As smartphone usage has skyrocketed, so has the probability of experiencing a phone-based cyber attack. For many, phones now retain access to sensitive company data and maintain direct connectivity to the enterprise network.

In spite of this, many corporate cyber security strategies concentrate exclusively on traditional endpoints, like laptops. On account of the evolution of the mobile threat landscape, it’s never been more important to have a mobile threat solution in place.

Spyware marketplace

Security researchers have proven that nation-states have successfully installed spyware on phones belonging to activists, rights workers, journalists and business persons. While certain spyware has been designed to help governments pursue criminals and terrorists, its use hasn’t always reflected the intention behind it.

In order to thwart spyware attacks, Apple has built ‘Lockdown Mode’ into iOS 16. While the iPhone is designed to protect privacy, there are limitations to its capabilities.

Zero click attacks

Across the past 8 months, security researchers have also observed an increase in zero-click attacks. As the name suggests, zero click attacks do not require any input from the victim before deploying malware. Spyware software, like the infamous Pegasus spyware, leverages zero click mechanisms, making the attack and installation of spyware entirely imperceptible to users.

Spyware reflects only a single example of how people can become victims of digital meddling, mischief, misconduct and malware. Keep reading to learn more…

Smishing attacks

In addition to zero click attacks, experts also report a continuous increase in the distribution of ‘smishing’ (or text-message/SMS phishing) messages. These messages commonly impersonate well-known brands in an effort to cajole, push or force the user to provide login credentials, banking information or other valuable sensitive data.

App store safety

Many device users turn to application stores to assist them in maintaining device security. However, some apps state that they help manage security risks, when in fact they contain malicious code. Although the most secured stores, such as the Google Play Store, and the App Store, have review processes ensure app security, some apps manage to sneak past security controls. Apps are actually the #1 infection vector when it comes to malware on mobile devices.

The new normal

It’s worth noting that, across the past two years, leveraging mobile phones for work purposes suddenly became part of the new normal. In turn, for cyber criminals, targeting mobile phones with cyber attacks also became a new normal. But general awareness of mobile phone threats is relatively low.

Business response

For some organizations, it may be beneficial to employ tools that increase endpoint resilience and secure users. For example, Check Point Harmony users real-time threat intelligence to actively guard against zero-day phishing campaigns and URL filtering to block access to known malicious websites from any browser.

It also enforces conditional access, ensuring that if any device does become infected it will be unable to access corporate applications and data. Harmony Mobile achieves all of this – and more – without disrupting employees or hampering their productivity.

Get the full story here. To receive cutting-edge cyber security news, exclusive interviews, high-minded expert analyses and leading security resources, please sign up for the CyberTalk.org newsletter.