Hi. Welcome to Ingram Micro.

Please choose your role, so we can direct you to what you’re looking for.

If you’d like to learn more about Ingram Micro global initiatives and operations, visit ingrammicro.com.

The mobile malware landscape in 2022

November 18, 2022

The mobile malware landscape in 2022

Cyberattacks are increasing in number all the time. In fact, Check Point’s 2022 Mid-Year Report revealed a 42% global year-on-year increase in attacks, and according to the World Economic Forum’s 2022 Global Risk Report, 95% of cybersecurity issues are traced back to human error. This should be a red flag for all organizations, especially as employees continue to transition to remote and hybrid working, adding more mobile devices to your customers’ networks.

Despite this trend, many corporate cybersecurity strategies tend to focus only on traditional endpoints, such as laptops. It’s never been a more critical time for your customers to have a robust solution in place.

Let’s take a look at the current landscape to understand what it takes to keep your customers protected in 2022.

Thriving spyware marketplace

The current mobile malware landscape is a minefield with more and more vulnerabilities being exploited and spyware software being deployed. Check Point’s last security report noted that NSO Group’s notorious spyware, Pegasus, was wreaking havoc after it was discovered gaining access to the mobile devices of government officials and human rights activists. Unfortunately, 2022 was no different and Pegasus has compromised the devices of Finland’s Ministry of Foreign Affairs, Spain’s prime minister and multiple devices of U.K. officials.

Zero-click attacks

In terms of techniques, this year has seen a surge in discovered zero-click attacks. As the name suggests, these attacks require no input from the victim before deploying malware. This is because they exploit existing vulnerabilities in already installed apps, allowing threat actors to sneak past verification systems and begin their attack unnoticed. This technique is particularly focused on applications that accept and process data, for example, instant messaging and email platforms.

We saw this in action in April when it was discovered that a new zero-click iMessage exploit leveraged to install Pegasus on iPhones, running on some early iOS versions. The exploit named HOMAGE was used in a campaign against Catalan officials, journalists, and activists.

It’s important to emphasize, however, that this technique isn’t just a threat to world leaders but to everyday people and organizations. Our phones are hubs of confidential data, both personal data such as banking information as well as business data, with many employees now connected to their company’s networks and data via their mobile devices. Cybercriminals are utilizing this silent and persistent practice to gain as much access as possible.

Smishing attacks on the rise

In addition to zero-click attacks, we’ve also observed an uptick in the use of a technique known as “Smishing” (SMS Phishing), which uses SMS messages as the attack vector for malware distribution. These attempts often imitate trusted brands or personal contacts to entice the victim to click on a link or share personal details in confidence. This method has proven particularly successful as after one device has been compromised, its entire contact list is up for grabs, creating an endless cycle of possible victims.

This is how the infamous FluBot was commonly deployed. Since its emergence in December 2020, it’s been considered the fastest growing Android botnet ever seen. Soon after, a new Android malware operation called MaliBot emerged. MaliBot is targeting online banking and cryptocurrency wallets in Spain and Italy, looking to replicate the success of its predecessor.

Safety on the App Store?

Many users turn to application stores to help keep their devices secure; however, there are apps that claim to help manage security risks but often contain malware themselves. The most secured stores like Google Play Store and Apple App Store have thorough review processes to investigate candidate applications before they’re uploaded and are held to high security standards once they’re admitted onto the platforms. Resourceful cybercriminals continually try to bypass these security measures, though, with different tactics such as manipulating their code to pass through the filters or introduce initially benign applications and add the malicious elements at a later stage. So, it’s not surprising to still find malicious applications hiding in these stores. In fact, these platforms remain the main infection vectors in mobile threats.

Unfortunately, the threat landscape is evolving rapidly, and mobile malware is a significant danger to both personal small business and enterprise security, especially as mobile devices are vulnerable to several attack vectors from the application to the network and OS layers. To combat this risk, your customers should be looking to instill proactive strategies that can keep staff and corporate data safe from a potential attack. This must be a continuous journey as cybercriminals are relentless, always adapting and improving their tactics.

For some businesses it may be beneficial to employ the help of tools that fortify endpoint resilience and secure remote users. Check Point Harmony for instance, uses real-time threat intelligence to actively guard against zero-day phishing campaigns, and URL filtering to block access to known malicious websites from any browser. It also enforces conditional access, ensuring that if any device does become infected it will be unable to access corporate applications and data. Harmony Mobile achieves all of this—and more—without disrupting employees or hampering their productivity.