Cybercrime / malware / ransomware / hacking

Working from home leads to surge in mobile phishing and malware attacks

Cyberattacks targeting mobile devices have more than doubled over the last year as cyber criminals look to take advantage of those working from home without the protections of an IT department.

As knowledge workers around the world have tried to adjust to the new reality of remote working, hackers are increasingly targeting them with phishing and malware campaigns tailored specifically to take advantage of potential security vulnerabilities in smartphones and tablets.

As pharmaceutical companies have grabbed the headlines over the last 18 months, with lucrative new treatments and vaccines progressing through development at a rapid pace, pharmaceutical employees have become top targets for cyber criminals and nation-state actors looking to steal the billion dollar intellectual property.

While email remains the most common attack vector for phishing, the variety of messaging and social media platforms people use on their smartphones provide a wealth of new opportunities for bad actors to exploit and push malicious links into the curious feeds of unsuspecting users. And thanks to Facebook’s recent policy change on data sharing with WhatsApp, millions of users have been using new messaging apps for the first time in recent months, which makes them easy prey for malicious actors.

Whilst most people are at least aware that you should not open attachments or click suspicious links sent from unknown people via email, because we have our phones on us all the time and the various messaging apps always tout themselves as “secure”, many people don’t realise that hackers can and do use any and all messaging platforms for nefarious purposes. People think only their known contacts contact them over WhatsApp, Signal, Telegram, Viber, and TXT message, but in reality the volume of spam and phishing messages are on the rise across all platforms.

Via mobile messaging, hackers may attempt to phish users, sending them to login at a site that looks legitimately like their bank or work portal, but will actually be a facade that capture any usernames and passwords a user may enter. Or, alternatively, they may try and convince people to download a new app, that whilst on the face of it may seem innocuous like a new video streaming photo manipulation app, but in reality may be malware that steals their information and spreads itself further to that persons friends and colleagues. Forms of malware recently highlighted by researchers as popular with hackers in 2020 include Monokle, SilkBean and the Wroba trojan.

Whilst nation-state actors may have multiple 0-day exploits at their disposal for hacking campaigns, most hackers rely instead upon users failing to keep their operating systems updated and secure. This is partially the fault of users, who consistently put off installing updates until many weeks or months after the notifications pop up, but also manufacturers who will regularly stop supporting phones and tablets 24 months after release, whilst many people are today keeping their devices for three or four years, leaving them exposed through no fault of their own.

As people continue to work from home, companies are increasingly reliant on their employees maintaining digital security or they risk becoming a weak point of attack for hackers into the company network. It is critical, therefore, for companies to help their employees with their device security through mobile threat protection systems like Pradeo and others, which can help with security across applications, networks, and individual devices.

Share This