Lookout’s newest Pharmaceutical Industry Threat Report shows attackers have turned to spear phishing campaigns to steal employees’ login data or deliver malicious payloads to their mobile devices to compromise the infrastructure of pharma companies.
Malicious actors are focused on mobile phishing because they can use any of the hundreds of apps the average person has on their mobile device. Attackers can socially engineer targets on a personal level through social media apps, messaging platforms, games, and even dating apps. An attacker will target particular individuals, including heads of research, manufacturing plant managers, sales leaders, or company executives, to gain privileged access to the data they want.
Lookout research shows that there have been multiple reports of foreign adversaries targeting pharmaceutical industry executives with mobile spear phishing attacks. Both the National Cyber Security Centre in the U.K. and the Cybersecurity & Infrastructure Security Agency in the U.S. issued advisories to organizations involved in the COVID-19 response to shore up their security practices.
Since most employees use either a smartphone or a tablet, or both, to access data within their infrastructure, the risk surface is widespread. To help protect and secure iOS, Android and ChromeOS devices, IT and security teams have used the NIST Special Publication 800-124 as a framework to develop their strategy to secure mobile devices.
The rate at which devices encounter mobile phishing, app threats, device threats and risky networks is increasing.
According to Lookout, while operating system CVEs (Common Vulnerabilities and Exposures) are patchable, there are still some challenges to overcome. These challenges include —
CVEs are known exploitable vulnerabilities attackers can actively target to take over a device or surpass its built-in security measures. Patching usually requires action by the mobile user to update the device. If an employee is running an old OS version, they’re walking around with a doorway to your organization’s data in their pocket.