The cyber security industry has undergone significant changes, and the threat landscape has evolved to the extent that even cybercriminals are adopting sophisticated business models just like legitimate businesses that can earn substantial returns on their criminal activities.
These activities range from trading stolen data to hacking into corporate networks, giving rise to ‘Malware-as-a-Service (MaaS)’, demonstrating the increasing sophistication, creativity and maturity within the illicit cybercrime market. The business model of blanket spreading malware or ransomware attacks is a profitable form of distribution, making every business a target. And right now, the easiest way in is through your cell phone.
Some statistics give a rough idea of the scope of modern cybercrime: 83% of breaches involve external actors; nearly a quarter of all emails can be classified as malicious or do not engage; cybercrime occurs with an average of 97 cybercrime victims per hour, which means that there is a victim of cybercrime every 37 seconds; hackers attack computers with Internet access every 39 seconds, on average. Statistics predict that cybercrime will cost the global economy more than $20 trillion by 2026.
“Mobile devices serve as a convenient entry point for cybercriminals to obtain passwords, subsequently infiltrating company networks. A significant number of employees utilise their mobile devices to connect to their organisation’s networks, inadvertently providing cybercriminals with the opportunity to access sensitive company information,” explained Zamani Ngidi, Business Unit Manager for M&A and Cyber Solutions at Aon South Africa
Types of mobile cybercrime:
Malicious Apps and Websites – Mobile malware and malicious websites can perform various harmful activities on mobile phones, similar to traditional computers.
Mobile Ransomware – This type of mobile malware encrypts files and demands a ransom for their decryption.
Phishing Attacks – Cyber-attacks commonly begin with phishing emails, but on mobile devices, phishing attacks can occur through various means, including email, SMS messaging and social media platforms.
Man-in-the-Middle (MitM) Attacks – MitM attacks involve intercepting network communications to eavesdrop on or modify transmitted data. Mobile devices are particularly vulnerable to these attacks.
Advanced Jailbreaking and Rooting Techniques – These techniques exploit vulnerabilities in mobile operating systems to gain administrator access, allowing attackers to access more data and cause greater damage.
Device and Operating System (OS) exploits – With mobile devices – like computers – vulnerabilities in the mobile OS or the device itself can be exploited as they often exist below and outside the visibility of the device’s security.
“Mobile devices such as smartphones and tablets carry a plethora of inherent cyber risks, including those from websites, emails and various applications. This exposes users to malware and potential hacking with threat activators looking to gain access to mobile banking apps and company data. Background apps may scan devices, URLs, and Wi-Fi connections, which can lead to exposure to dangerous links across various platforms including social media and games. Despite appearing harmless at first glance, these risks can ultimately lead to the theft of personal information,” Zamani warned.
“To safeguard your device and secure sensitive business information from potential threats, it’s crucial to invest in security measures,” Cybersafe CEO, Macleod Burrill, said, to shield against seemingly innocent yet malicious apps, scan WIFI connections, and block access to malicious URLs which are sent in communications like email, SMS and WhatsApp.
