Hackers and other bad actors are constantly changing and upgrading their techniques, all with the goal of breaking into one of your users’ mobile devices. From there, a talented hacker can do major harm to your company, to your data, and to your corporate reputation.
Not only are hackers continuing to refine their attacks, they keep launching more and more of them. In fact, hacking activity targeted at mobile devices increased more than 50 percent in 2019, according to a new report from Experian. One technique that stood out was the use of malware in attempts to gain access to mobile banking and other sensitive data.
There were more than 3,000 successful attacks against just financial institutions alone last year, according to the Treasury Department’s Financial Crimes Enforcement Network. A flaw in the security software used by one major bank allowed an intruder to gain access to personal information for more than 100 million customers, making it one of the top 10 cybersecurity data breaches on record.
It helps to know what you’re up against. With that in mind, here are three of the newer techniques being used by hackers to gain access to your company’s data. These demonstrate just how determined hackers are to tweak their attacks in search of new vulnerabilities.
Phishing morphs into smishing
The prevalence of social media has given rise to a new twist on one of the oldest hacking approaches, phishing. That’s where a hacker sends an email to an individual that is crafted to look legitimate, though it is anything but.
Now the outreach is coming through social media and texts, hence the term smishing. This is an increasing concern as your users can do almost everything on a single mobile device. In their social media use, they naturally join communities, based on common music, food, or other interests, or political leanings and social issues.
That’s fine, but what happens is they tend to let down their guard when they feel they’re “in the community.” So if an email or text comes in – purportedly community-related – asking for an urgent political donation or GoFundMe contribution for what looks like a good cause, they can be too trusting. Making that small but well-meaning payment can open a door that a hacker will happily walk right through.
With 2020 being a presidential election year and with feelings sure to be strong about the eventual candidates, watch for this scam to show up frequently from bogus political sources. It’s important to educate your users about this potential vulnerability and watch for the warning signs. Those are similar to phishing emails, with questionable grammar, misspellings, and requests for confidential personal information. Enterprises can also stop cyber threats that get by employees with a robust threat detection and prevention solution
Wi-Fi hacking by drone
You don’t need to be told about the risks associated with public Wi-Fi networks. But hackers are expected to soon take their Wi-Fi attacks to the next level – literally.
One tool that hackers have increasingly used over the last few years is a small, inexpensive handheld device they can buy easily online. It was originally designed as a hacking defense, intended for use by security professionals to demonstrate how an unsecured Wi-Fi network could be spoofed.
Unfortunately, hackers put this device to criminal use, stealing sensitive data such as passwords from unsuspecting users. And now, with more mobile hot spots available, the number of unsecured networks has multiplied, and so have the risks.
It would be a simple matter for a hacker to attach the handheld device to an inexpensive drone, floating it above areas where there are unsecured networks and trolling for easy targets. Most of us see a drone and don’t suspect anything; we figure someone’s either using it recreationally or trying to get an interesting bird’s-eye-view photo.
But whether the threat is ground-level or 100 feet in the air, it points up the importance of using a mobile virtual private network (VPN) for any and all mobile data applications. The new breed of mobile VPNs are far more user-friendly than ever before, with a greater range of device support, easy transitions from one Wi-Fi network or macro connection to another, two-factor authentication features, and more. Be sure your users are outfitted with VPNs and secure Wi-FI connections and use them.
Making mobile payments could seriously cost you
The convenience of mobile payments carries with it threats of e-skimming, especially in light of increasing concerns about the security and privacy of some mobile payment platforms. Small retailers, sports venues, and even trade shows are seeing more and more point-of-sale platform usage that can’t always be counted on to be secure.
Increasingly, we expect to have the option to pay via mobile almost anywhere, and in those situations where we can’t use a phone app, we figure to easily swipe our credit card through a handheld payment device. And while NFC (near-field communication) mobile payment apps typically feature strong security protocols, other platforms may not.
Bargain mobile point-of-sale platforms tend to be low-cost in part because they skimp on security, so they present real vulnerabilities. What seems like a simple transaction, such as a salesperson buying a client a souvenir T-shirt or a hot dog and a beer at the ball game, could end up a lot more costly than expected.
The burden is on both retailers and their customers to be vigilant when it comes to security. We can’t ever take the risk of sacrificing security for convenience, as tempting as it may be at times. Train your employees to be vigilant about security when using mobile payments. Mobile payment cards should only be loaded to a device using a secure and protected Wi-Fi network. Enterprises should also protect corporate mobile devices with an AI-based mobile threat detection tool to ensure the device is always protected when a user swipes their phone to make a purchase.
To battle these types of attacks – and others – and protect your company’s assets, the best approach is a multi-layered one, blending mobile device management (MDM) and endpoint security, including threat detection and secure network access via a secure Wi-Fi connection. Embracing this strategy, which also encompasses people and processes, provides a strong defense against intrusions by hackers, corporate spies, and other criminal types.
Sophisticated mobile threat defense (MTD solutions) build on your existing defenses by detecting and preventing threats against iOS and Android platforms. With their artificial intelligence, machine learning, and behavior analysis capabilities, they detect, prevent and remediate attacks.
They monitor and analyze a broad range of indicators of compromise, enabling identification of anomalies and the ability to counter potential threats. Not only do they collect threat information from the devices they support, they also stay on top of external sources. All this allows MTD solutions to intelligently compare the behavior of healthy devices with the behavior of devices under attack, constantly learning what attack signals to watch for.
The biggest advantage of MTD solutions is that they are designed to protect the device, the network, and the application – along with guarding against phishing attacks, the most common form of initial attack on a device.
Sprint’s Secure Mobile AI is an advanced on-device mobile threat detection application. It uses machine learning to provide comprehensive protection against cyberattacks. When it discovers a threat, action can be taken either automatically or by the user, or preferably through a separate, third-party device management solution.
Where enterprise defenses are weak, it is typically because companies lack visibility into the overall security of their assets and don’t properly understand how devices, apps, data, and the corporate network are interconnected. That forces them into a reactive defense posture, whereas the superior strategy is prevention. That is what MTD solutions and the multi-layered approach deliver.
Don’t wait any longer. Before a hacker gains access to your company’s network and starts messing with or stealing customer data, damages your sales and production capabilities, and costs you customers because they’re not sure whether it’s safe to do business with you, take the necessary steps to protect yourself.