Threat Intelligence Blog

Posted November 19, 2015


By Cyveillance

A report last month revealed that 51 percent of U.S. online holiday shopping will occur on mobile devices. There are an estimated 184 million U.S. mobile phone users, which means at least 92 million people will shop via their mobile devices this holiday season. With so many people accessing the Internet from handheld devices, cybercriminals are looking for as many ways to target unsuspecting victims as they can.

The rise in mobile usage highlights a growing trend of mobile-specific attacks that are more malicious than ever. To stay safe while shopping on your mobile device during the holiday season, look out for the following threats to mobile safety:

Mobile Threats

  • Mobile-Specific Malware: Mobile-malware is designed to specifically infect the operating systems (OS) of mobile devices. According to the Government Accountability Office (GAO), mobile-malware has increased 185 percent since 2014. Mobile-malware can give criminals access to all personal and business data stored on your device, including passwords, financial information, files, and images. This can be especially problematic for companies with a Bring Your Own Device (BYOD) environment.
  • Ransomware: Ransomware is one of the latest and most prolific mobile-malware threats. It can lock your phone, encrypt files, and hijack administrative privileges to make it harder to remove the malware.
  • Phishing Emails/Websites and SMShing via Text or Phone Call: Cybercriminals often use this method to lure victims into giving away personal information via “too good to be true” deals. Mobile devices’ small screens make it harder for you to confirm the legitimacy of these messages and websites. A rule of thumb is to never give personal, private information to someone you’re communicating with online or over the phone if you’ve never met them in person or aren’t 100 percent confident of their identity.
  • Link Shortening: Shortened links can hide the final URL destination, prompting you to unknowingly visit an infected site. Unlike on a computer, mobile devices don’t give you the ability to hover over a link with your mouse to verify where the link is taking you.
  • Malicious Applications: Mobile device owners can accidentally download rogue apps from an official app store that hasn’t properly vetted the app (e.g., iOS App Store, Google Play), or “sideload” the app from one of hundreds of unofficial app stores. Be cautious of unofficial or non-sanctioned apps as they may contain malware or other infectious programs that can endanger your privacy and security.
  • Applications Leaking Data: According to a recent study, 73 percent of Android apps and 47 percent of iOS apps share personal information with third parties. Apps that leak information pose a risk as they can disclose sensitive information to a third-party without your knowledge.

Mobile Safety Best Practices

Being cautious about the links you click and sites you visit, as well as who you interact with, is only one aspect of being safe on your mobile device. The other is implementing the correct security measures. Here are some tips for mobile safety.

  • Only download applications from the official app store related to your device’s OS
  • Be aware of the information you’re authorizing apps to access (e.g., why does a Flashlight app need access to your photos and contacts?)
  • Use password padding
  • Be cautious about open wireless networks; disable your Wi-Fi from connecting to any random open network; when in doubt, ask a store clerk for the official Wi-Fi hotspot name
  • Disable Bluetooth and mobile hotspots when you’re not actively using them
  • Use a VPN application when you’re connecting to an unknown network; some top-rated ones are VyperVPN, NordVPN, Iron Socket, and ExpressVPN
  • Keep software up-to-date to make sure security fixes are applied
  • Turn off location-based tracking on all apps that do not need it to function

If you have an iPhone:

  • Turn off AirDrop or only make it accessible to contact
  • Change the default Wi-Fi key for personal hotspot
  • Enable “erase data after 10 failed passcodes” function

If you have an Android:

  • Turn off autosync on cloud storage apps (e.g., Dropbox)
  • Enable biometric security settings – don’t use pin or patterns
  • Enable phone to lock instantly with power key (and press power key to lock device)
  • Modify tethering/mobile hotspot data from the default settings
  • Limit which applications can access mobile data
  • Manually disable Near Field Communication (NFC) if device is equipped
  • Enable device encryption
  • Update firmware and software

Holiday sales predictions are in the billions of dollars, and bad actors are going to want a piece of that pie. This makes paying attention to your online actions, especially on your mobile devices, more important than ever. Make safe online choices this holiday season and happy shopping!

Contact us for more information on our Malicious Apps Detection services, and download our Mobile Security Threat Landscape white paper to learn more on mobile security.


Additional Posts

LookingGlass Weekly Threat Intelligence Brief: November 24, 2015

We publish this weekly threat intelligence brief keep you informed on the latest security ...

LookingGlass Weekly Threat Intelligence Brief – November 17, 2015

We publish this weekly threat intelligence brief keep you informed on the latest security ...