Mobile Malware is 35 times more prevalent than ransomware globally, a report shows.
Data
from cybersecurity firm Checkpoint show that in 2017, the year in which
Ransomware including WannnaCry and Petya disrupted businesses and
governments globally, the attacks were still fewer than those carried
out by mobile malware.
“Users look at a phone as
convenient tool and don’t look at security as an important thing to put
in place,” said Serianu chief executive William Makatiani.
In
the age of ‘Bring your own Device’—where employees use their phone to
plug into the corporate network to access emails and other work-related
documents —t he threat on the devices and networks is one that must be
recognised.
In the just released Africa Cyber Security Report 2017, 73 per
cent of organisations allow for ‘bring your own device’ (BYOD) use.
“All these devices are coming into the network. What they are forgetting is that they are extending the network,” he said.
“You
get all these people using the device, including the children. In terms
of hygiene it causes so many more problems than it helps.”
This
has created the need for organisations to educate their employees and
users of its network as well as ensure devices are protected to prevent
hack, loss of data and other probable outcomes of unsecure devices on
the network.
“Uninformed staff or employees not
familiar with basic IT security best practices can become the weakest
link for hackers to compromise your company’s security,” Serianu said.
The
damages go beyond breaking into the corporate network as users’
location can be tracked, emails and contact lists stolen, while
microphone can record conversations, take photos, steal passwords and
sensitive information as well as intercept text messages.
A
Checkpoint report shows that 14 million devices were hit by Copycat
mobile malware globally last year, while 10 million were affected by
Hummingbad, another mobile malware.
Copycat was rooting
phones and hijacking apps to make millions in fraudulent ad revenue.
Checkpoint estimated that 4.9 million fake apps installed on infected
devices, displayed up to 100 million ads netting $1.5 million in just
two months.
Further, unlike ransomware which is
detected within a month or two of the attack, mobile malware can go
undetected for as long as 12 months.
Judy and Hummingbad went undetected for a year unlike WannaCry and Petya which were discovered within a month.
Judy and Hummingbad went undetected for a year unlike WannaCry and Petya which were discovered within a month.
“Mobile
malware is 11.5 times more profitable than ransomware,” said Ryan
McGee, mobility leader Middle East and Africa for Checkpoint.
The
Serianu report indicates that as the use of online services on mobile
has risen, attackers are now leveraging these platforms to steal money
from customers.
“This year, several attacks reported
indicated that hackers used dormant accounts to channel huge sums of
money from banks,” it reads.
As the use of mobile banking and mobile money increases in Kenya, the vulnerability of the mobile device does not just create a problem for the organisation, it also has a direct threat to the user of the device.
As the use of mobile banking and mobile money increases in Kenya, the vulnerability of the mobile device does not just create a problem for the organisation, it also has a direct threat to the user of the device.
According to
Checkpoint, there are several threats that affect mobile devices
including zero-day malware, Wi-Fi, OS exploitations, SMS attacks and
device settings.
The most common vector for mobile
threats is the download of infected apps. These apps come with the virus
embedded and once installed, they perform the malicious tasks that they
are programmed for.
Unsecure Wi-Fi, mainly public and
open networks, are a trap for users and haven for hackers and phishers.
Without the necessary security protocols, victims log into a Wi-Fi
network and as a result, they are exposed to attacks.
“Hundred
per cent of all organisations are infected with mobile malware.
Eighty-nine per cent have experienced a man-in-the-middle attack over
Wi-Fi,” said Checkpoint.
“You need an antivirus plus
other tools to secure your phone. The tech on the device has been
sourced from various places. You have to get patching and new updates to
ensure that the system is secure,” said Mr Makatiani.
Last
year, Ernst & Young (EY) reported that deeper Internet penetration
and growing mobile-based products have exposed Kenyan companies to
bigger threats of cybercrime.
Kenyan firms are
increasingly investing in mobile and digital innovations as an efficient
and cost-effective way of reaching customers, buoyed by rising Internet
penetration.
The Central Bank of Kenya said in its
annual supervision report for 2016 that fraud in computer, mobile and
Internet banking was on the rise based on cases reported to the Banking
Fraud and Investigation Department.
Banks, the primary
target for hackers, have up to November 30 this year to adopt new
cybersecurity regulations developed by the CBK.
“There
is technology and process but key is education. You must educate
everyone. If they are not educated, It becomes impossible for them to
protect themselves,” said Makatiani.
No comments :
Post a Comment