Why mobile phone is the softest target for hackers

Checkpoint estimated that 4.9 million fake apps installed on infected devices, displayed up to 100 million ads netting $1.5 million in just two months last year. FILE PHOTO | NMG
Checkpoint estimated that 4.9 million fake apps installed on infected devices, displayed up to 100 million ads netting $1.5 million in just two months last year. FILE PHOTO | NMG 

Mobile Malware is 35 times more prevalent than ransomware globally, a report shows.

Data from cybersecurity firm Checkpoint show that in 2017, the year in which Ransomware including WannnaCry and Petya disrupted businesses and governments globally, the attacks were still fewer than those carried out by mobile malware.

“Users look at a phone as convenient tool and don’t look at security as an important thing to put in place,” said Serianu chief executive William Makatiani.

In the age of ‘Bring your own Device’—where employees use their phone to plug into the corporate network to access emails and other work-related documents —t he threat on the devices and networks is one that must be recognised.

In the just released Africa Cyber Security Report 2017, 73 per cent of organisations allow for ‘bring your own device’ (BYOD) use.


“All these devices are coming into the network. What they are forgetting is that they are extending the network,” he said.

“You get all these people using the device, including the children. In terms of hygiene it causes so many more problems than it helps.”

This has created the need for organisations to educate their employees and users of its network as well as ensure devices are protected to prevent hack, loss of data and other probable outcomes of unsecure devices on the network.

“Uninformed staff or employees not familiar with basic IT security best practices can become the weakest link for hackers to compromise your company’s security,” Serianu said.

The damages go beyond breaking into the corporate network as users’ location can be tracked, emails and contact lists stolen, while microphone can record conversations, take photos, steal passwords and sensitive information as well as intercept text messages.

A Checkpoint report shows that 14 million devices were hit by Copycat mobile malware globally last year, while 10 million were affected by Hummingbad, another mobile malware.

Copycat was rooting phones and hijacking apps to make millions in fraudulent ad revenue. Checkpoint estimated that 4.9 million fake apps installed on infected devices, displayed up to 100 million ads netting $1.5 million in just two months.

Further, unlike ransomware which is detected within a month or two of the attack, mobile malware can go undetected for as long as 12 months.
Judy and Hummingbad went undetected for a year unlike WannaCry and Petya which were discovered within a month.

“Mobile malware is 11.5 times more profitable than ransomware,” said Ryan McGee, mobility leader Middle East and Africa for Checkpoint.

The Serianu report indicates that as the use of online services on mobile has risen, attackers are now leveraging these platforms to steal money from customers.

“This year, several attacks reported indicated that hackers used dormant accounts to channel huge sums of money from banks,” it reads.
As the use of mobile banking and mobile money increases in Kenya, the vulnerability of the mobile device does not just create a problem for the organisation, it also has a direct threat to the user of the device.

According to Checkpoint, there are several threats that affect mobile devices including zero-day malware, Wi-Fi, OS exploitations, SMS attacks and device settings.

The most common vector for mobile threats is the download of infected apps. These apps come with the virus embedded and once installed, they perform the malicious tasks that they are programmed for.

Unsecure Wi-Fi, mainly public and open networks, are a trap for users and haven for hackers and phishers. Without the necessary security protocols, victims log into a Wi-Fi network and as a result, they are exposed to attacks.

“Hundred per cent of all organisations are infected with mobile malware. Eighty-nine per cent have experienced a man-in-the-middle attack over Wi-Fi,” said Checkpoint.

“You need an antivirus plus other tools to secure your phone. The tech on the device has been sourced from various places. You have to get patching and new updates to ensure that the system is secure,” said Mr Makatiani.

Last year, Ernst & Young (EY) reported that deeper Internet penetration and growing mobile-based products have exposed Kenyan companies to bigger threats of cybercrime.

Kenyan firms are increasingly investing in mobile and digital innovations as an efficient and cost-effective way of reaching customers, buoyed by rising Internet penetration.

The Central Bank of Kenya said in its annual supervision report for 2016 that fraud in computer, mobile and Internet banking was on the rise based on cases reported to the Banking Fraud and Investigation Department.

Banks, the primary target for hackers, have up to November 30 this year to adopt new cybersecurity regulations developed by the CBK.

“There is technology and process but key is education. You must educate everyone. If they are not educated, It becomes impossible for them to protect themselves,” said Makatiani.