Many corporate cybersecurity strategies focus on traditional endpoints, but mobile devices are just as vulnerable to malware infections. As mobile devices become more important to personal and business lives, the number and types of mobile malware are rapidly expanding. Today, any cyberattack that can be carried out on a traditional endpoint – credential theft, ransomware, data exfiltration, etc. – can also be performed on a mobile device.
Why Mobile Malware Matters More Than Ever
Mobile malware has been a growing threat for years. Mobile devices are the primary means by which many people access the Internet, and the “always on” mobile culture tends to lower barriers to exploitation by increasing the probability that a malicious link will be clicked, or a suspicious app downloaded.
During COVID-19, employees needed to use collaboration apps (videoconferencing, messengers, etc.) to communicate and often selected ones without corporate review or approval. As a result, corporate communications occurred outside of the organization’s visibility.
With work from home, employees commonly are working from personal mobile devices; however, these devices are often also accessible to and used by children and other family members as well. This increases the probability that corporate data will be exposed to attackers via installation of malware or other risky behavior.
The Evolving Mobile Malware Threat Landscape
Cybercriminals are well aware of the central role that mobile devices play in many peoples’ lives and have adapted their tactics to match. The mobile threat landscape is evolving rapidly, and mobile malware is a significant threat to personal and enterprise security:
- Mobile malware is more numerous. In 2018, mobile malware attacks grew to 116.5 million, almost double that of the previous year. Additionally, the number of unique users compromised by this malware surged compared to previous years.
- Mobile malware is getting more sophisticated. While the number of successful mobile malware attacks have grown, the number of unique variants has shrunk. This means that mobile malware developers are becoming more successful at sneaking malware into app stores and infecting consumer devices.
- All mobile devices are vulnerable to malware. Historically, Android devices have gotten a bad reputation for security as mobile malware frequently slips into the Google Play Store. However, in recent years, several high-profile malware variants have been discovered in the iOS app store with very high download numbers.
Best Practices for Mobile Device Security
Mobile devices present a different threat surface than traditional endpoints. Securing these devices requires following mobile-specific security best practices:
- Mobile Device Management (MDM) is insufficient for cybersecurity. MDM is designed to enable an organization to remotely monitor and control mobile devices, including deleting unauthorized apps or wiping a lost device. However, it does not provide intrusion detection or scan for malware on the device.
- A mobile threat defense solution is necessary. Mobile devices require the same level of cybersecurity protection as traditional endpoints. This includes deploying an enterprise mobile security solution with integrated antivirus and threat detection capabilities.
- OS updates are essential. Mobile OS vulnerabilities are how mobile users jailbreak their phones and achieve root permissions. Mobile devices should always be updated to the latest OS to protect against exploitation of privilege escalation vulnerabilities.
- Only install apps from official app stores. While Google and Apple’s security isn’t perfect, they do make an effort to detect and remove malicious apps from their app stores, which is more than can be said for third-party app stores. Installing apps only from official app stores reduces the probability of an unintentional installation of mobile malware.
- Never connect to public Wi-Fi networks. Public Wi-Fi networks give an attacker a more trusted relationship to a device, making it easier to perform man-in-the-middle (MitM) and other attacks. Limiting mobile devices to trusted Wi-Fi and mobile networks reduces their exposure to cyber threats.
- Secure mobile devices with a screen lock. Mobile devices are small and easily lost or stolen. All devices should have an automatic screen lock with a strong password to reduce the impact of a lost or stolen device.
- Enable remote wipe on all mobile devices. With physical access to a device, a number of options exist for bypassing or overcoming a screen lock, granting an attacker access to the device and the data that it contains. All devices should have remote wipe enabled to minimize the probability of loss of sensitive data.
- Provide mobile device cybersecurity awareness training. Most mobile malware takes advantage of risky user behavior, such as downloading untrusted apps or visiting risky websites. Cybersecurity awareness training is essential for teaching users the risks associated with these actions.
Feedback