COVID-19 has made us rethink the way we work, adjusting how we socialise, and adapting to contact tracing regulations. With a new reliance on our mobile devices in multiple aspects of our lives, mobile security vulnerabilities, exploits, and threats have evolved significantly during the pandemic.
There have been numerous reported cases of fake, malicious mobile applications imitating contact tracing applications that give attackers access to smartphone data or encrypt devices for ransom. With mobile devices and apps becoming increasingly important in a contactless world, they have started receiving extra attention from cybercriminals. As a result, cyber threats against mobile devices have gotten more diverse. Let’s look into the types of mobile security threats and how you can protect yourself and your loved ones.
Top Mobile Security Threats
1. Malicious applications & websites
Mobile malware has grown more prevalent alongside the increasing capabilities of our mobile devices. In Singapore, the rise of mobile malware is considered one of the top threats in the country’s cybersecurity landscape.
Like desktops, most mobile devices today have internet access. This allows threat actors to target them through malicious apps and websites, resulting in data theft, data encryption, surveillance, etc.
Furthermore, these apps come in a range of different types. The most infamous among these smartphone apps are trojans that pose as popular apps only to try to obtain private login credentials illegally.
2. Mobile ransomware
In line with the nationwide rise in ransomware incidents, CSA received 61 reports of mobile-targeted attacks in 2020, a considerable number of which were mobile ransomware. The number represented a sharp surge in ransomware incidents reported to CSA.
The mobile ransomware variant has grown to be particularly damaging due to the increased usage of mobile devices in Singapore. It encrypts personal data and files on your mobile device and then demands a ransom to release the decryption key that can restore access to the encrypted data.
One of the most common attack vectors, phishing, enables other forms of cyberattacks. Most of them begin with a phishing email containing a malicious link or attachment containing malware. In fact, 70% of incidents reported to SingCERT by members of the public occurred via phishing attacks. On smartphones, phishing attacks can exploit a range of media for delivering malicious links and attachments, which include email, SMS, trojan apps, and even social media platforms.
4. Man-in-the-Middle (MitM) attacks
Man-in-the-Middle (MitM) attacks revolve around attackers intercepting your network to eavesdrop and modify the data being transmitted. While this form of attack is possible on different systems, mobile devices are particularly susceptible to it. Unlike desktops, where web traffic uses encrypted HTTPS for safe communication, mobile devices do not use such encryption for services such as SMS. As a result, these messages can be easily intercepted through malicious mobile applications using unencrypted HTTP and can be used to transfer personal information.
5. Advanced jailbreaking & rooting techniques
Jailbreaking, much like rooting, is a term for gaining root (admin) access to the underlying operating system (OS) of the device. It involves taking advantage of vulnerabilities in your mobile device’s OS to gain admin access to it. This increased permission enables threat actors to access more data and inflict greater damage than others with limited permissions can.
How to protect yourself from mobile threats
As the mobile landscape rapidly expands and diversifies, the scope for newer threats keeps rising too, prompting a need for mobile security solutions. This is especially true as remote working arrangements make these devices a more popular and crucial component of work. An effective mobile threat defence solution needs to be able to detect and respond to a variety of different attacks while providing a positive user experience.
For more robust mobile protection, ESET Mobile Security provides anti-malware, app-lock, and anti-theft features, along with offering a 360-degree view of security across mobile devices.
At the same time, don’t neglect to protect your desktops and laptops either. Powerful antivirus software such as ESET Smart Security Premium and ESET Internet Security can keep your devices safe from ransomware attacks and data breaches.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.