Demystifying Mobile Security Attacks
There is a global shift from online attacks on immovable devices like desktop computers to mobile phones and tablets, raising security concerns among individuals and organisations, writes Emma Okonji
“Attacks on mobile devices and online traffic are fast evolving. Mobile attackers are gaining unauthorised access to organisation’s data through new tactics that really take advantage of the new pathways mobile devices offer into an organisation’s network, and it becomes important for organisations and individuals to prevent all possible ways that an attacker can use to exploit mobile devices”
As technology evolves, hackers are also planning new ways of attacks on devices used by techies. The most vulnerable and widely attacked devices, are the mobile devices. Experts, who confirmed the high frequency of attacks on mobile devices, attributed it to Android Operating System (OS) adopted by mobile devices manufacturers, which they said, is prone to attacks. Others, however, attributed it to the shift in consumer behaviour, from desktop computers to mobile devices, especially now that the demand for mobile phones is on the increase, since majority of people now use mobile phones to browse the internet and also use them to perform a lot of computer-based tasks.
Analysing the risk factors of mobile devices, security solution company, Check Point, has advised organisations to guard against mobile phones used by their employees, raising security concerns that mobile phones could be used to infiltrate organisation’s stronghold, and corrupt vital information.
Attacks on mobile devices Attacks on mobile devices and online traffic are fast evolving. Mobile attackers are gaining unauthorised access to organisation’s data through new tactics that really take advantage of the new pathways mobile devices offer into an organisation’s network, and it becomes important for organisations and individuals to prevent all possible ways that an attacker can use to exploit mobile devices through eavesdropping, enterprise data collection and compromise of secure applications.
While eavesdropping takes over the mobile device microphone and camera and then monitor all sounds and conversations, the attack could distort all emails, texts and call logs of enterprise data. At the end, secured applications are compromised through extraction of application data. Attacks on Android malware applications These are malicious applications installed on a device using the Android operating system. The malware usually disguises itself as innocent app such a game, conference or PDF viewer and then runs in the background, doing all its malicious activities. The malicious applications may be downloaded from Google Play store or a third party App store, an email, or an infected website or add network. The malicious applications may also be uploaded by an attacker who gains physical access to the device.
Potential danger of attacks Malware applications can act as a remote access Trojan, with a surveillance toolkit that can enable the attacker to steal passwords, corporate data and emails, as well as capture all keyboard activities and screen information. They may also activate the microphone to listen in on conversations and meetings, act as Trojan to steal contacts or text messages, or act as a mobile botnet to send text messages to premium numbers.
Detection and prevention According to security experts from Check Point, organisations need to detect and prevent attacks by combining network and event anomaly detection and behavioural application analysis like sand-boxing and advanced code and traffic analysis to be able to detect the wide variety of malicious applications that are potentially available in the environment.
According to the security experts, organisations need on-device remediation that can enable users to remove malware already on their device, as well as network-based mitigation to block any exfiltration activities.
Other forms of attacks Another form of attack is the Denial of Service (DoS) attack. Since the first DoS attack was launched in 1974, Distributed Denial of Service (DDoS) and other DoS attacks have remained among the most persistent and damaging cyber-attacks. These attacks reflect hackers’ frustrating high levels of tenacity and creativity and create complex and dynamic challenges for those responsible for cyber security.
One of the first large-scale DDoS attacks occurred in August 1999, when a hacker used a tool called ‘Trinoo’ to disable the University of Minnesota’s computer network for more than two days. Trinoo consisted of a network of compromised machines called ‘Masters’ and ‘Daemons’, allowing an attacker to send a DoS instruction to few Masters, which then forwarded the instructions to the hundreds of Daemons to commence flood against the target internet protocol (IP) address. With such instructions, the system gets compromised without the user knowing. As soon as hackers began to focus on DDoS attacks, the DoS attacks attracted public attention. The distributed nature of a DDoS attack, makes it more powerful and difficult to identify and block its source.
Today, many businesses, financial institutions and government agencies globally, have been brought down by DDoS attacks.
Another form of attack is the attack that targets network resources and attempt to consume all the victim’s bandwidth by using a large volume of illegitimate traffic to saturate the company’s internet pipe. This attack, called network flood, is simple, yet very effective and dangerous. In a typical flooding attack, the offence is distributed among an army of thousands volunteered or compromised computers that simply sends a huge amount of traffic to the targeted site, overwhelming its network.
DDoS attacks According to Radware, a security solution company, emerging threats bring with them and new attack vectors, noting that organisations must consider the kind of vendor they engage and ensure they verify the vendors’ experience and reputation. Organisations must also verify that the solution deployed to address attacks are hybrid solutions that can handle pipe saturation risks with no disturbance to user experience.
Check Point is of the view that its new DDoS protector keeps businesses running with multi-layered, customisable protections and 12Gbps performance that automatically defends against network flood and application later at racks for fast response time against today’s sophisticated denial of service attacks. According to Check Point, DDoS protector appliances offer flexible deployment options to easily protect any size of business and integrated security management for realtime traffic analysis and threat management intelligence for advanced protection against DDoS attacks.
Since attacks on mobile devices are on the increase, organisations must seek the help of security experts to mitigate attacks. They must also ensure proper screening of all mobile phones of employees that have access to the organisation’s network.