The universal adoption of mobile devices in business environments has created new attack vectors that organizations struggle to address. A new report from CrowdStrike, the “Mobile Threat Landscape Report: A Comprehensive Review of 2019 Mobile Malware Trends,” offers a deep-dive into some of the threats that plague mobile devices, and provides recommendations for how organizations can best secure their data and networks against mobile threats.
CrowdStrike’s Mobile Threat Report details how mitigating the risks has become even more urgent because of the rapid adoption of mobile devices worldwide. In some regions, such as Latin America, mobile devices have surpassed desktop computing as a source for both business and personal use, including email access, banking and authentication, making mobile security an even more pressing issue.
CrowdStrike’s report offers an overview of the key types of malware observed so far in 2019 and the deployment mechanisms adversaries typically use. It also identifies the adversary groups and unaffiliated criminal actors that target mobile devices and how their tactics — and the mobile threat landscape in general — are evolving. The report includes valuable recommendations that can help you better secure your organization against mobile threats.
Report Key Findings
Some key findings from this report include the following:
- A range of criminal and targeted adversary groups are increasing their attacks on mobile platforms.
- Banking continues to be a prime target, supported by an underground of developers operating mobile “malware-as-a-service” subscription models.
- Targeted adversary groups continue to develop mobile malware variants, and these development capabilities are proliferating to less-skilled groups.
- Mobile malware designed for the Android operating system is the most prevalent – driven by the ease of installing new applications from third-party sources.
- Mobile security maturity levels lag behind that of traditional platforms, leading to protracted attacker dwell times on compromised mobile devices.
Mobile Malware Comes in a Variety of Forms
Much like malware families developed for traditional desktop computing platforms, mobile malware can take a variety of forms, depending on the capabilities and motivations of the developer and those deploying the malware. While some state-aligned actors may seek to establish long-term persistence on a device to gather intelligence on a target over a period of time, criminally-minded groups are more likely to focus on malware to intercept banking credentials in order to provide a quick route to financial gain. Meanwhile, less sophisticated criminal actors may seek to repurpose existing revenue-generation models, such as ransomware and cryptomining, although often with limited results.
Despite the wide variety of mobile malware families observed in the wild, the report categorizes most into five major types, which are described in detail. The report also addresses the motivations behind various threat actors, whether it’s financial gain, intelligence gathering or disruption, and breaks down their tools and objectives depending on the class of threat actor involved.
Recommendations for Strengthening Your Mobile Security
The report stresses that organizations must now contend with not only the ubiquitous use of mobile devices in their environments but the fact that they may hold significant amounts of corporate data. Mobile threats will continue to proliferate as both nation-state and eCrime groups innovate and refine their mobile attacks in their efforts to evade organizations’ security defenses. CrowdStrike recommends that all organizations employ measures to help better secure the mobile devices connecting to sensitive corporate data every day. The following is a brief summary of these recommendations.
- Only download applications from trusted sources, such as official app stores: The majority of mobile malware is distributed from third-party sources that don’t perform comprehensive checks of the applications they provide.
- Be on the lookout for phishing messages: Users should be wary of messages being delivered by SMS or email that prompt them to install applications from untrusted sources, because this mechanism is often used by attackers to trick their targets into installing mobile malware.
- Regularly apply security patches to mobile operating systems and installed applications: Flaws in operating system software can be exploited by malicious actors to install mobile malware and escalate operating privileges to obtain greater access to data and capabilities on the device.
- Establish security around solid mobile device management (MDM) processes: Corporate management of mobile devices can provide protection against mobile malware by restricting which applications can be installed, and allowing for the automatic deployment of security patches. However, this capability can also provide opportunities to an attacker, who may be able to leverage their own MDM servers to deploy malware.
- Evaluate Mobile endpoint detection and response solutions: Solutions such as CrowdStrike® Falcon for MobileTM take a visibility-first approach to mobile security, eliminating blind spots that lead to breaches. Security teams can see activity generated by Android and iOS enterprise apps, gaining deeper insight into their behavior while enabling threat hunting and rapid incident investigation. Learn more about Falcon for Mobile.
- Maintain physical security of physical devices: Enabling strong passwords, or biometric authentication measures such as fingerprint or facial identification, in addition to ensuring that mobile devices are not left unattended, can reduce the risk that a malicious actor may be able to install malware manually during so-called “evil maid” attacks.