Hendrik Schless, Senior Manager Security Solutions at Lookout, explains in an interview the current and future threat posed to companies by mobile malware:
How serious is the mobile malware threat to businesses today? And why?
Mobile malware is a growing threat to businesses. The number of attackers who have diversified their tools to attack mobile targets in addition to desktop targets has increased significantly. There are probably several reasons for this. Certain categories of malware, such as ransomware, have proven successful in attacking non-mobile infrastructure. Attackers are now hoping for financial gains by targeting a user base that often does not expect to be targeted by mobile “locker” or ransomware applications. While mobile ransomware does not directly affect corporate infrastructure, it can affect employees’ access to corporate resources on their devices.
Surveillance malware offers attackers a more reliable way to gather sensitive information about a company or its employees. This information can be used to launch sophisticated spearphishing attacks against corporate infrastructure or resources, even if they are not accessible from a compromised employee’s device. In general, more and more employees are using mobile devices to connect to corporate infrastructure when working remotely. This increasing reliance on mobile devices for work—and even for personal errands like banking—offers a wider attack surface for attackers.
If phones play a bigger role in accessing accounts (two-factor authentication (2FA), use of authenticator apps), will they become a bigger threat to the business?
This is to be expected, yes. Greater reliance on mobile devices for work and access to accounts gives attackers a wider attack surface. Many users also use their mobile devices for personal applications and are not necessarily as adept at preventing attacks or keeping up to date with important security updates. As a result, attackers often see mobile devices as a way to move laterally to collect sensitive data from other accounts or applications installed on the victim’s device.
According to the latest Malwarebytes threat analysis, adware is the largest mobile malware category. Are there ways adware can pose a threat to the business?
Adware can encompass a number of different functions beyond faking advertising revenue. For businesses that depend on mobile advertising, it costs a significant amount of money. More sophisticated adware can cripple devices, requiring a full factory reset of the device or preventing users from accessing corporate accounts and applications. Some adware can also sniff out more sensitive data about the user and their device as part of their campaigns. However, an adware family is unlikely to pose a serious threat to an organization in the same way that a surveillance application or ransomware sample would. However, it can disrupt devices or collect more data than necessary about a company’s employees.
Will mobile malware pose a bigger threat to businesses in the future? And why?
That is very likely. The pandemic has changed the way many of us work, and we’re unlikely to reduce our reliance on mobile devices for that work. While people are increasingly understanding that their mobile devices are just as vulnerable to attacks as their desktop computers, there is still less knowledge about how to protect their devices and avoid compromise.
Mobile devices are basically the perfect espionage tool: they can collect sensitive data about a potential target, record passive audio recordings, photos and details about the victim’s social network and are almost always connected to a network. These features we’re leveraging are tempting to attackers looking for details on sophisticated spear phishing attacks. They can also prove useful in an attempt to compromise or access corporate infrastructure when accessed from an employee device. As we increasingly rely on mobile devices for work and personal life, threat actors will continue to diversify their malware to exploit this dependency.