Subscribe
About

Mobile under attack with malicious intent

Today’s cyber criminals are highly motivated and equipped to launch a wide range of attacks on our personal devices.
MJ Strydom
By MJ Strydom, MD, DRS, a Cyber1 company
Johannesburg, 24 Oct 2019

As convenient as it is to have all of our personal and business data – and essentially our lives – managed and stored on mobile devices, it is alarming to note that today’s cyber criminals are highly motivated and equipped to launch a wide range of attacks on these gadgets.

Theft of sensitive credentials through fake apps and surveillance operations are just two of the activities observed. Thus far this year, we have seen more and more malicious adaptations of techniques and methods from the general threat landscape move to the mobile world.

Banking malware – one of the most popular of its kind – has successfully infiltrated the mobile cyber arena with an acute increase of over 50% when compared to 2018. Malware capable of stealing payment data, credentials and funds from victims’ bank accounts are growing in tandem with the escalation in the use of mobile banking apps. This has become a very common threat in both the general and mobile arena.

The methodology used to distribute banking malware has also been borrowed from the general threat landscape – malware builders are available for purchase in underground forums. In this way, the builders of mobile malware, such as Asacub and Anubis, can allow for the creation of new versions  set to wreak havoc through massive distribution and readily available to the highest underground bidder.

Using sandboxes for advanced malware detection

In cyber security, a sandbox is an isolated environment on a network that mimics end-user operating environments. Sandboxes are used to safely execute suspicious code without risking harm to the host device or network.

Using a sandbox for advanced malware detection provides another layer of protection against new security threats. Essentially, what happens in the sandbox, stays in the sandbox – which avoids system failures and prevents software vulnerabilities from spreading.

What characterises 2019 is not the number of reported breaches but rather the magnitude.

But of course, Newton’s Third Law of Motion immediately enters stage left – for every action there is an opposite and equal reaction. So, another trend observed this year is the dawn of the era of evasions for the mobile arena.

From delayed execution – to avoid sandboxes – through to encrypting the malicious payload, it is evident cyber criminals have boosted their skill and creativity in mobile attacks. The object of the exercise is to keep malware persistent and effective while avoiding detection.

This year, two fake applications were discovered on Google Play capable of monitoring devices’ motion sensors to evade security emulators. Furthermore, in March, a new Android Trojan dubbed Gustuff – which now joins the ranks of the aforementioned similar top-tier threats – was introduced. 

It is capable of targeting customers of leading international banks and features various evasion techniques, including turning off Google Protect, the built-in anti-malware protection on Androids.

Cyber criminals are stepping up their efforts and as a result we can expect to see mobile attacks rise in the months and years ahead.

What can we expect going forward?

In addition to the above major trends, there are three other cyber trends of 2018 that are still very relevant in 2019.

  • Targeted ransomware: This approach gained popularity during 2018 and continues to be effective in 2019.  
  • Crypto-mining: This remained a prevalent malware type in the first half of 2019’s threat landscape. Crypto-miners continue to dominate the malware rankings, keeping their place at the top of the global and regional ranks. It is clear crypto-mining malware is undoubtedly still a preferred tool in the arsenal of cyber criminals.
  • DNS attacks: These target one of the most important mechanisms that govern the Internet – the Domain Name System (DNS). The DNS is in charge of resolving domain names into their corresponding IP addresses and it is a crucial part of the Internet’s trust chain. Such attacks target DNS providers, name registrars, and local DNS servers belonging to the targeted organisation and are based on the manipulation of DNS records. DNS takeovers can compromise the whole network and enable multiple attack vectors: control of e-mail communications, redirection of victims to a phishing site, and more. One of the biggest advantages DNS attacks provide is the option to issue legitimate-looking certificates by certificate authorities which rely on DNS to verify you are the legitimate holder of the domain in question.

In the first half of 2019, cyber breaches continued to be one of the major threats to organisations in all sectors and all regions, putting at risk sensitive information of billions of people. What characterises 2019 is not the number of reported breaches but rather the magnitude.

Two examples exemplify this fact with two major hits in April 2019. The first was Facebook with more than half a billion user records found exposed on unprotected Amazon cloud servers. The second was LinkedIn where eight unsecured databases containing scraped data and e-mail addresses of nearly 60 million users were found online.

To conclude – 2019 was not really more of the same but rather an escalation and expansion of cyber criminal activity to which there may be no single silver bullet, but while solutions are being continuously enhanced for compliance and data protection, it is possible to be one step ahead of the Dark Web protagonists.

Share