The 5 Most Common Cyber-Attacks on Mobile Devices In 2021
By Nicole Allen, Marketing Executive, Salt Communications.
Many companies are prioritising mobile efforts these days with research suggesting that increased mobility helps businesses enhance their operations and efficiency. Verizon’s 2021 Mobile Security Index Report demonstrates, there are many pre-existing and new hazards when it comes to mobile security that businesses must consider in order to stay safe.
Traditionally the increases in organisational mobility often resulted in a rise in the number of mobile devices accessing your systems from afar. With COVID-19 impacting business operations globally in 2020 there are much higher numbers of mobile users accessing internal systems from home. For your security staff, this implies an increasing number of endpoints and risks to secure in order to prevent a data breach at your company.
Before we get into the top attacks of 2021 here are four different types of mobile security threats that businesses need to continue to look out for:
Most people think of mobile security risks as a single, all-encompassing issue. However, there are four major forms of mobile security concerns that businesses must be aware of in order to defend themselves.
- Web-Based Mobile Security Threats
Web-based attacks constitute an ongoing challenge for mobile devices since they are continually linked to the Internet and regularly used to access web-based services. These threats can be carried out through phishing scams, drive-by downloads and browser exploits.
- Mobile Network Security Threats
Cellular and local wireless networks are usually supported by mobile devices (WiFi, Bluetooth). Different forms of risks can be found on each of these types of networks through threats such as network exploits and wi-fi sniffing.
- Mobile Device Security Threats
Theft or loss of a device are the most common physical hazards to mobile devices. This threat is especially dangerous for businesses because hackers have direct access to the hardware where confidential data is housed.
- Mobile Application Security Threats
Mobile application security threats, like all other sorts of security threats, are continually evolving. Security threats to mobile applications, on the other hand, are of particular concern because they receive less security attention than other forms of software and technology. Some of the top mobile application threats are through malware, insecure coding, ransomware and crytojacking.
5 Most Common cyber attacks on mobile devices this year:
- Social engineering
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. When unscrupulous actors send bogus emails (phishing attacks) or text messages (smishing attacks) to your employees, they are attempting to deceive them into giving over personal information such as passwords or downloading malware onto their devices. According to reports from cybersecurity firm Lookout and Verizon, workplace mobile phishing assaults have increased by 37%, and phishing attacks will be the leading source of data breaches globally by the end of 2021.
The best protection against phishing and other social engineering threats is to teach employees how to recognise suspicious phishing emails and SMS messages so they don’t fall for them. Reducing the amount of employees with access to sensitive data or systems can also help protect your company from social engineering attacks by reducing the number of ways attackers can obtain access to key systems or information.
- Data breach via malicious apps
The millions of freely available apps on employees’ devices pose a significantly greater threat to businesses than mobile malware. Since 85% of today’s mobile apps are essentially insecure, this is the case. Hackers may now simply locate an unprotected mobile app and exploit it to plan broader assaults or steal data, digital wallets, backend details, and other lucrative information directly from the app.
When your employees go to Google Play or the App Store to download apps that appear to be harmless, the apps will ask for a list of permissions before they can be downloaded. These permissions typically demand access to files or folders on the mobile device, and most individuals simply scan over the list of permissions and agree without thoroughly evaluating them.
This lack of oversight, on the other hand, might leave devices and businesses susceptible. Even if the software performs as expected, it has the potential to mine corporate data and distribute it to a third party, such as a rival, exposing critical product or business data.
- Unsecured public & home WiFi Networks
Since there’s no way of knowing who set up the network, how (or if) it’s secured with encryption, or who’s now accessing or watching it, public WiFi networks are inherently less secure than private networks. Furthermore, as more firms provide remote work choices, the public WiFi networks your employees use to access your servers (for example, from coffee shops or cafés) may pose a security risk to your organisation. Cybercriminals, for example, frequently set up WiFi networks that appear legitimate but are actually a front for capturing data that travels through their system – a “man in the middle” attack.
Requiring employees to utilise a VPN to access corporate systems or data is the greatest approach to safeguard your firm from dangers over public WiFi networks, this can also be carried out for those working from home wifi’s. This ensures that their session remains private and safe, even if they access your systems via a public network.
- End-to-end encryption gaps
A hole in an encryption gap is similar to a hole in a water pipe. While the point where the water enters the pipe (your users’ mobile devices) and exits the pipe (your systems) may be secure, the hole in the middle allows bad actors to gain access to the water flow.
One of the most common examples of an encryption gap is unencrypted public WiFi networks (which is why they pose such a significant risk to businesses). Since the network isn’t secured, fraudsters can gain access to the information your employees share between their devices and your systems. WiFi networks, however, aren’t the only thing that may be exploited; any application or service that isn’t protected might provide attackers access to important company data. Any unencrypted mobile messaging apps that your employees use to communicate work-related information, for example, could provide an entry point for a bad actor to intercept important business communications and documents.
End-to-end encryption is required for any sensitive work data. This means ensuring that any service providers you interact with encrypt their services to prevent illegal access, as well as encrypting your users’ devices and systems.
- Internet of Things (IoT) devices
Mobile devices that access your company’s systems are expanding beyond smartphones and tablets to include wearable technology (such as the Apple Watch) and physical hardware (like Google Home or Amazon Alexa). Since many of the latest IoT mobile devices have IP addresses, bad actors can exploit them to acquire internet access to your organization’s network if those devices are connected to the internet that are connected to your systems.
It is the responsibility of each organisation to implement the necessary technological and regulatory regulations to ensure that their systems are secure. According to statistics, you probably have more IoT devices connected to your networks than you think. In a research conducted by Infoblox, 78% of IT leaders from four countries indicated that over 1,000 shadow IoT devices accessed their networks every day.
What can your company do today?
Seeing the destruction that cyber attacks can do should be enough to convince your organisation to take the necessary measures as soon as possible. So, there are some steps you can do to improve your company’s cybersecurity and protect it from cyber threats.
Mobile security should be at the forefront of a company’s cybersecurity agenda, especially in an era where remote working is the new norm, and not something that will be going away anytime soon. Many companies and organisations that Salt Communications work closely with have seen an increase in mobile usage for communications and day-to-day work requirements. Often firms will look at developing a mobile security guide for what users should and should not be doing while operating from their mobile devices. Other companies have deployed MDM/UEM systems to lock down devices and provide an extra layer of security to workplace issued devices which employees are utilising from home.
At Salt we understand the requirement for a secure communications system to be utilised in an era where mobile interception is rife. With the ever increasing requirement for sensitive communications to take place remotely, organisations need to be able to deploy a system that they have complete assurance that everything they are disclosing remains confidential. This may be law enforcement events, or lawyer-client communications; effectively any form of communications that needs complete security. Salt Communications works with clients all around the world that understand the importance of having complete control over their private communications. Leaks to the public tarnish their organisation’s reputation and, in some cases, jeopardise the safety of their employees and the broader public. You will be able to govern your communications and feel safe in whatever situation you may experience throughout your everyday operations by utilising a secure communication platform such as Salt Communications.
At Salt Communications we work with businesses of all sizes all around the world to enable them to have secure, confidential discussions wherever they are, at any time.
To discuss this article in greater detail with the team, or to sign up for a free trial of Salt Communications contact us on info@saltcommunications.com or visit our website at saltcommunications.com.
About Salt Communications
Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt is headquartered in Belfast, N. Ireland, for more information visit Salt Communications.
About the Author
Nicole Allen, Marketing Executive at Salt Communications. Nicole has been working within the Salt Communications Marketing team for several years and has played a crucial role in building Salt Communications reputation. Nicole implements many of Salt Communications digital efforts as well as managing Salt Communications presence at events, both virtual and in person events for the company. Nicole can be reached online at (LINKEDIN, TWITTER or by emailing nicole.allen@saltcommunications.com) and at our company website https://saltcommunications.com/