Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

CISO’s Corner: Cybersecurity Best Practices: Securing Employee Smartphones

Arguably, the most used device by an organization’s employees is their smartphone. Ensuring that anyone, from the CEO to a newcomer being onboarded, knows how to keep this device safe should be paramount.

 

Why?

 

Globally, more than 2 million attacks on mobile devices are reported each month, according to Statista. While the number of attacks has dropped precipitously from its peak of 6.5 million in October 2020, it is still dangerously high and a favorite threat actor attack vector.

 

The issue for an organization is that many allow staffers to use their personal phones for work-related activities. These can range from checking email to editing web pages or even making financial transactions. This usage means that an attack on a mobile device may lead to not only a breach of valuable personal data but corporate data, as well.

 

Most Common Mobile Phone Attacks

 

A mobile phone’s sophistication makes it handy for its user but also enables a threat actor to use a wide variety of techniques during an attack. These include  implanting malware, man-in-the-middle attacks, phishing/smising, social engineering attacks, SIM Card swapping, and having fake, insecure, and unnecessary apps on board.

 

Compromising a mobile device using any of these methods opens the user and their organization to any number of future problems. Attackers can access and steal email addresses, phone numbers, login credentials for business apps and use them to gain direct access or give the attacker the information needed to launch additional socially engineered attacks.

 

Let’s take a quick look at each of the most common attack vectors.

 

Malware – Adware, spyware, crypto mining, and ransomware are most often implemented. Adware refers to a software application wherein an advertising banner or other promotional content is exhibited or downloaded while a program operates. Spyware is malicious software that infiltrates a user’s computer, collecting data from the device and the user, and subsequently relaying this information to third parties without obtaining their consent. Crypto mining uses software that helps create certain types of cryptocurrencies, such as Bitcoin. Threat actors use ransomware to lock a device or data until the victim pays the attacker.

 

Phishing/Smising – Sending a socially engineered email or text that contains malware or malicious links.

 

Main-in-the-Middle Attacks – This variety of attack is when the assailant covertly intercepts and forwards messages between two parties under the false impression that they are directly communicating with each other. This attack constitutes a form of eavesdropping in which the attacker intercepts and subsequently gains control over the entire conversation. This can be done through a website or even over a Wi-Fi network. The best protection is never to use Wi-Fi, just cellular Internet, whenever transmitting any sensitive information.

 

Social Engineering – This frequently used term describes when attackers send a message in an email or text designed to elicit a specific response, such as opening an attachment or clicking a link. This can also be done through a phone call. For example, a call beginning with the caller making the opening statement “Good morning, am I speaking with [Your Name]?” and nothing else, not his name, not his company, no reason why they are calling, is almost certainly a scam call and can be discontinued at this point without providing any further information to the caller.

 

SIM Card Swapping – Attackers convince a service provider that they are a customer and want to activate a new phone, requesting the provider port a phone number to the new device. Attackers will achieve a copy of all messages sent to a specific phone number and can spoof outgoing messages. This methodology is not widely used, about 1,600 such attacks were reported in 2021, but one should be aware of the possibility.

 

Fake, Insecure, and Unnecessary Apps – Sure, that new mobile game looks fun, but is it, in fact properly secured and safe to use? The insecurity of installed apps is the most common attack surface attackers use to install malware. And remember not all apps are downloaded by the user. Many phones come in their factory setup with useless and possibly dangerous apps. It is recommended to remove all apps from your device that are not explicitly useful.

 

Detecting When a Phone is Infected

 

There are many clues even a novice cybersecurity sleuth can look for to tell if their phone has been victimized.

 

If a SIM card switch has been conducted, the phone may remain silent for an extended period with no incoming text messages or phone calls and logically, you can’t make calls or send texts. One odd indicator is if you open Google Maps, it may show a different location than where you actually are at the moment since your phone is not communicating with the app anymore.

 

Other signs include:

 

Strange pop-up ads appearing, the phone sending unknown texts or calls, inexplicably high data usage, general performance decline, the battery draining quickly, constant warm from heavy usage, new apps appearing, and any security software on the phone indicating detection.

 

If you spot any of these signs, act quickly and attempt to remove the problem.

 

In most cases, the infection is contained to a specific app that has been compromised. Removing the app in this situation may be sufficient. Other situations might require restoring the phone to factory condition, but first make sure to back up all the information from the device.

 

Some malware may hide in the recovery partition , in those situations you will have to seek the help of a phone service center to clean the device.

 

Keeping Employees Safe

 

Here are a few tips to keep safe to pass along to employees or to include during onboarding training:

  • Encrypt your phone
  • Update your operating system (OS) regularly, as well as all the apps installed on your phone
  • Uninstall all unnecessary apps, be careful about which apps you install
  • Set a strong password on your phone
  • Do not connect to unsecure WiFi networks, do sensitive actions only over cellular data
  • Do not root or jailbreak your phone
  • Be careful about any links or files you access on your device
  • Restrict the use of Bluetooth.
  • Use anti-malware software
  • Remove unnecessary permissions for apps, avoid installing apps with unjustified greed for permissions
  • Regularly review the list of permissions on your phone, as well as the list of installed apps and whether they are up to date

 

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More