Mobile devices are increasingly popular vectors for cybercriminals targeting the enterprise. How to tell when a smartphone may be under attack.
It’s easier than ever to use smartphones as go-to devices for accessing sensitive data and critical apps. Unfortunately, it’s also easier for cybercriminals to take advantage of them.
“We’re starting to see public indications that mobile devices are an amazing vector to attack,” says Yair Amit, CTO and cofounder of mobile defense company Skycure. “More and more attacks target data on these devices: email, chat, credentials to other services.”
Amit explains how smartphones are helpful for productivity but double as “ideal tracking devices” for bad guys as people rely more heavily on them.
“If I compromise your devices, I can steal data and credentials, but I can also monitor where you go, whom you meet with, why you meet with them, and what you say,” he continues.
Mike Murray, VP of security research and response for Lookout, emphasizes the shift in cyberattacks to mobile devices among enterprise users — ironically, because of security measures already in place.
“Until now, general attacks in the enterprise were on computers,” he explains. “Because of the rise in two-factor authentication, and because of two-factor authentication via phone, the phone has become part of the cyber kill chain.”
If a hacker wants privileges within an organization, or their VPN, at some point he or she will have to compromise an employee’s phone.
The severity of business risk varies from victim to victim, Murray says. If an entry-level human resources employee says their phone is acting strange, it may spark less concern than if the same complaint came from a high-level exec who was recently on a major assignment overseas.
“The risk profile is less about behavior than about why the behavior is likely,” Murray explains.
Businesses face several challenges when it comes to strengthening their mobile security. Employees bring several types of devices, powered by multiple carriers, and running many versions of different mobile operating systems.
Unlike PCs, corporate mobile phones often double as personal devices. BYOD policies complicate security because employees are the owners, says Amit. Many times, businesses will implement safeguards that fail because employees simply don’t like them.
Murray also acknowledges a mindset problem. Many people don’t yet realize the huge problem mobile security presents to the business.
“We think of the phone as an extension of the Motorola flip phone, not realizing it’s the most powerful digital access device that we have,” he says. If more organizations would recognize the need to take mobile threats seriously, it would change the enterprise security posture.
Here are some key red flags that could indicate a smartphone has been hacked.
Websites Appear Differently
Many forms of cybercrime manifest as “silent attacks,” says Amit. It’s often difficult for employees to determine whether their device has been compromised because the signs can be subtle or completely invisible. In some cases, websites appearing differently could be an indicator of malicious activity. Mobile devices are constantly connected to networks, and businesses are seeing more attacks where someone is manipulating traffic between the device and the Internet. Amit recommends organizations implement tools that can identify and defend users from bad WiFi or cellular networks. It’s also important to be wary of public WiFi networks. “If you’re on a network that looks fishy, be sure not to perform business activity there,” he emphasizes.
Presence Of Mysterious Apps
Victims’ phones may suddenly have apps they don’t remember installing, says Murray. While this may mean one thing if a user has kids who like to play with his or her phone, it’s a different story if the user is the only person with access to the device. “If I can put an app on your phone, I can do anything on your phone that the app can do,” he warns. Sophisticated malware can entirely take over a device, giving the attacker full access. “We are seeing a very fast evolution of malicious apps in mobile,” says Amit. A few years ago, fraudulent apps were considered annoyances; they may have been used to snoop on SMS messaging, but rarely did much beyond that. Now, malicious apps are being used more for genuinely harmful purposes. Hackers can plant apps on employee devices to snoop, perform actions on their behalf, explore their calendars, and access their GPS. “The most sophisticated attacks are very covert,” says Amit. “They hide themselves.” He recommends employees avoid downloading apps if they don’t understand why they need them. This advice goes beyond mobile, he notes, and extends to all digital devices used in the enterprise.
Rapidly Decreasing Battery Life
Some apps employed by cybercriminals are more advanced than others; as a result, they are harder to detect. “When it comes to malicious apps, it’s a question of how sophisticated the malicious app is,” Amit explains. If the app is less smart and attempts to send hordes of traffic from a device, victims may notice a few suspicious signs. Their smartphones may mysteriously start using a lot of battery, for example, or become warmer for no apparent reason. Temperature increase is another sign the device has been compromised.
Increase In Blacklisted Network Traffic
“Without mobile security software, an enterprise’s first indicator of compromise would be a lot of traffic going to a blacklisted IP,” says Murray. Most organizations have something set up to let them know if a blacklisted IP address has been accessed. Murray notes how one of the first indicators of mobile cybercrime is a network indicator of compromise coming from a mobile device. While it doesn’t happen often, he notes this is the best way to detect malicious activity without mobile security software deployed.
Sensitive Data Leaks
If you notice major information is leaked outside the organization and are not sure why, it could be a sign of mobile cyberattack, says Amit. Many businesses may blame data leaks on a computer hack and investigate accordingly. They should also be making sure mobile devices have not been compromised, as smartphones are an increasingly common threat vector.