As per reports, India has over 1.2 billion mobile phone users and 600 million smart phone users according to Deloitte’s 2022 Global TMT. As India sees the aggressive rollout of 5G service, it is expected that data consumption will increase to 75GB per month per smartphone user in 2029, way ahead of any completion, according to Ericsson’s Mobility Report for 2023. The surge in mobile device usage within organizations has inevitably opened the floodgates to a new kind of cyber threat—mobile spyware. As the term “spyware” suggests, this kind of threat can often go unnoticed until the damage is done.
The growing dependence on mobile technology has made it imperative for organizations to recognize and mitigate the risks associated with mobile spyware. It’s no longer just about enhancing productivity; it’s equally about safeguarding the digital gateways that our mobile devices have become. 2023 has seen that vulnerability increase as mobile threats continue to grow in number and sophistication.
Check Point Research revealed that the majority of organizations experienced a mobile malware attack in 2022, with phishing (52%), command and control (25%), and automatic browsing to infected websites (23%) among the most common types of malicious traffic. Banking trojans, designed to steal users’ online banking credentials, and premium dialers, which subscribe to premium rate services without the users’ knowledge, are also on the rise. According to Check Point’s Threat Intelligence Report, over the past six months, the rate of mobile attacks on organizations in India has averaged 7.5% per week, while the global average for attacks per organization stands at 2.2%.
In Check Point’s 2023 Mid-Year Cyber Security Report, mobile devices continue to prove a common attack vector. The “FluHorse” malware, for instance, camouflages itself as popular Android applications, aiming to extract Two-Factor Authentication (2FA) codes and other sensitive user data. Another malware, known as “FakeCalls”, simulates over twenty distinctive financial applications and generates fraudulent voice calls, further highlighting the innovative tactics employed by cybercriminals.
Understanding Mobile Spyware
The subtle yet significant threat of mobile spyware demands attention, as these covert software pieces infiltrate mobile devices, often undetected, and can execute various malicious activities. Furthermore, the real challenge here is spyware’s ability to blend in. Often, it’s hidden in apps that look safe or in updates that seem routine. This sneakiness is what makes spyware so tricky to spot and stop.
Users might download an app that seems fine on the surface but secretly carries spyware. Or they could fall for phishing emails, where a simple click on a dubious link or attachment starts the spyware download.
The threat becomes even more complicated with “zero-click” malware, a type of spyware that doesn’t need any action from the user to install itself. It takes advantage of weaknesses in the device’s software or operating system. Once it’s in, spyware can do a lot of damage like stealing sensitive company data or personal information, which can lead to serious security breaches and financial losses.
Best Practices for Spyware Prevention
To tackle the issue of mobile spyware effectively, organizations should embrace a diverse strategy that extends beyond the mere implementation of security measures:
1. Regular software updates: Keeping all mobile software up to date is crucial. Software updates are key since they typically include fixes for security flaws that spyware could potentially exploit.
2. Cyber security training: It’s important to educate employees to identify threats such as suspicious applications and phishing emails. Awareness is a key defense mechanism in the fight against spyware.
3. Robust security policies: Establishing and enforcing comprehensive security policies for mobile device usage can significantly reduce the risk of spyware infections. This includes regulating the installation of apps and the use of public Wi-Fi networks.
4. Advanced security solutions: While the above best practices such as regular security updates, adequate training for employees, and clear security policies go a long way in improving security posture, it takes an advanced security solution to fully prevent and handle mobile spyware.
– Harish Kumar GS, Head of Sales, India and SAARC, Check Point Software Technologies.