How can you protect your mobile device/computer from malicious attack?

As the number of people shifting to mobile devices increases day by day, the risks of mobile threats are also growing. With several businesses permitting employees to use personal devices to access corporate networks, they are more vulnerable to cyber-attacks.

There are different types of mobile malware, and they utilise various methods of delivery and infection. In this post, our cybersecurity experts from Perth will help you understand what mobile malware is, the different types and how to protect your mobile devices from malware.

What is Mobile Malware?

Mobile malware is malicious software that exploits vulnerabilities in mobile OS to attack devices like smartphones and tablets.

Why are Mobile Devices Vulnerable, and How does it Affect Businesses?

Mobile devices are more open to cyberattacks because they don’t have the same level of security measures as computers. Many mobile device users don’t take time or effort to install antivirus software as they would do on a computer.

Having no firewalls, antivirus software, and no encryption leaves the mobile devices vulnerable to malware attacks. Yet, many people use their mobile devices to access confidential information. This leaves their sensitive information and also their businesses in danger.

A malware attack can cause a prolonged effect on your business. Over the loss of confidential information, there will be loss of money, extra financial expenses, lack of productivity, and more.

How do Malware Affect Mobile Devices?

Open a Pathway: Mobile app malware have a better chance of passing unnoticed through a safety check. They hide in apps, and the malicious code will be launched later when the user starts using the app. This way, hackers get access to your data, sensitive information and can even control your device.

Lock a Device: A hacker can lock you out and gain control of your device or data and even demand money for releasing it.

Slow Down Productivity: Malware can interrupt workflow and even get a device replaced, causing undesirable expenses. It can also drain the device battery and stop devices from getting online.

What are The Types of Mobile Malware?

Mobile Spyware
Spyware infiltrates your device as a program. It is usually attached to links clicked by people or to free software downloads. It observes your action, notes your location and, steals sensitive data. It usually goes unnoticed until your device performance declines or you run an anti-malware scan.

Ransomware
Ransomware locks the device or the significant data of the target, often by encryption. It demands money from the victim in return for access to the device or data. The victim is notified by the attacker themselves and is given instructions on payment of ransom and how to retrieve the data. Cybercriminals usually demand payment in cryptocurrencies like Bitcoin or Litecoin to guard their identity.

SMS Trojans
SMS trojan uses the SMS services of an infected mobile device to send and intercept messages. They often send texts to premium-rate numbers leading to higher phone expenses.

Mobile Phishing
You may have already heard about what email phishing is. Mobile phishing is similar to email phishing but uses applications instead of emails to transport malware. Most users are often incapable of recognising a fake application and end up compromising sensitive data like account numbers and passwords.

Browser Exploits
The browser exploits take advantage of your browser’s vulnerabilities and take control of your browser and other applications that work within. After infected, you may find changes in your homepage, favourites, and search pages.

How to Protect Your Mobile Devices from Malware?

Here are a few preventive measures you can implement to protect your data and device from mobile malware.

Training Yourself and Others
Cybersecurity training is essential to stay updated about mobile malware and other cyber threats. It helps you and your staff identify malware and avoid them in the future.

Keep Your Apps Updated
With updating, you can ensure your phone’s safety since your apps are running the latest security updates.

Use Layers
Rely on more than one security feature. For example, use VPNs and MFA simultaneously with your anti-malware software. This way, even if one of them is compromised, you still have better chances of protecting your data and device.

Download Applications from Trusted Stores
All apps available in official stores have been screened to ensure they are safe. This doesn’t ensure all of them are fully safe; some fake apps can slip through the screening, but this way, you still have a better chance of being secure.

If your mobile is still not secured with cybersecurity measures, take action now! If you are not sure where to begin, contact us or email us at . Computing Australia has over two decades of experience helping various clients secure their systems and business from cyber-threats. Our cybersecurity experts are 24/7 ready to assist you with any cybersecurity issues.

Jargon Buster

Browser – An application for accessing information on the Internet.
Cryptocurrency – Currency that uses digital files as money. All the currency transactions are recorded and verified by a decentralised system instead of a person or government. e.g., Bitcoin
Email Phishing – is a type of online scam where criminals impersonate as a legitimate source and send fraudulent messages via email to steal sensitive data.
Encryption – a process that encodes information so that it can be read by authorised parties only.
Mobile OS – Mobile Operating System – is software that lets smartphones and other devices run apps and programs. It also manages cellular and wireless network connectivity and phone access.

Article originally published on 02/02/2021Revised by Blake Parry on 19/04/2021Added new section: Why are mobile devices vulnerable and how it affects businesses?

Added new terms to Jargon Buster

Phones in the office are threatening your business and you may not even realize it.

Whether used as a POS device, storing and accessing sensitive data, or even making calls, mobile devices are being used more frequently in the office space. Here are some reasons why:

More convenient: Filling out information on a tablet is often easier to do than filling out paperwork. It also frees up space for paper work.
Less expensive: A mobile device will cost much less than a POS device. A company can save even more by implementing a BYOD policy.
More mobile: This may sound obvious, but carrying around a mobile device is much easier than taking a computer everywhere. It gives you quick access to information right away.

To many companies, the rise of mobile devices is a great thing. Business can be done quicker, more efficiently, and with less paperwork.

But there’s also a downside to mobile devices, and that’s malware. Hackers are constantly working to steal data from mobile phones and tablets. You’ve probably seen examples of mobile device malware and these attacks in the news. And the attacks are becoming more and more common.

Mobile devices in general aren’t as secure as computers. The same security measures that companies use for workstations and servers usually aren’t in place for mobile devices. Because of this, mobile devices may not be protected by things like firewalls, encryption, or antivirus software.

SEE ALSO: Top 5 Security Vulnerabilities Every Business Should Know

Yet more employees are using mobile devices to gain access to sensitive information. This puts their company more at risk for data theft.

Most businesses have corporate resources available from employee devices. Should any of these devices be compromised by malware, sensitive information could be captured.A lot of the risk depends on how your mobile environment is set up and how your employees can access sensitive data. Unless you have policies and controls in place regarding mobile devices, your employees are probably accessing sensitive information from their mobile devices, information that can be stolen by malware.

SEE ALSO: Stop Looking for a Mobile Security Standard

But how does the malware get on your phone? Here are 5 ways your mobile device can get malware.

How do mobile devices get malware?

1. Downloading malicious apps

The most common method hackers use to spread malware is through apps and downloads.The apps you get at an official app store are usually safe, but apps that are “pirated,” or come from less legitimate sources often also contain malware. These are apps that appear to be legitimate, but instead contain spyware or other types of malware.Occasionally an app with malware will make it through to an official app store. One recent example is InstaAgent, an app that stole Instagram user credentials and sent them to a third-party server without the knowledge of the user. These apps are usually discovered and taken care of quickly, but they illustrate what can happen.Sometimes developers will use pirated development tools, which have been compromised. Everything developed using these tools will then contain malicious code, which may steal sensitive data or damage the mobile device.

WATCH: How to Know if an App is Secure

Be choosy when downloading apps, and download only from reputable app stores. That usually prevents you from coming across malware-infected apps.

Often the mobile device itself may have vulnerabilities that hackers can exploit. Usually these vulnerabilities are discovered fairly quickly and patched up, but if you’re not regularly updating the software on your phone, your device will be vulnerable.It’s critical to keep your mobile device up to date just like any other computer, or hackers can exploit those discovered vulnerabilities.More employees are using their phones to look at and answer corporate email, which is a way hackers can install malware on your phone.Here’s an example: you receive an email that says you’ve won something (a tablet, a vacation, etc). You open the email and click on the link, and nothing happens, or you’ve been taken to a dummy site. But malware was downloaded and installed on your phone. The data on your phone may now be exposed to that hacker.

Just like on your computer, avoid opening suspicious emails on your phone.

SEE ALSO: 7 Ways to Recognize a Phishing Email

If you’re accessing insecure websites, you run the risk of exposing sensitive data transmitted from your device. You’re also more susceptible to man-in-the-middle attacks, and being exposed to malware. Avoid using insecure websites and Wi-Fi networks, and consider using antivirus protection and a VPN on your phone to secure Wi-Fi communication.The browser itself on your phone could also be a source of vulnerabilities. This can lead to web browser attacks. Attacks like these are more common on android devices. Make sure you have the most current version of whatever browser you use.You may get a text message or a voicemail from what appears to be a legitimate source asking for personal information either about you or your device.Hackers often use this information to steal whatever data they can, including social security numbers, credit card data, etc. They may even be able to use it to make a targeted attack to install malware on your phone.

Whenever you get a text like this, call the company on their legitimate phone and verify with them. Never give out sensitive information through a text. Sometimes even replying to a text can be dangerous, so you should immediately delete any suspicious texts and attempt to contact the company directly.

SEE ALSO: Reverse Phone Lookup
The good news is while your mobile device may be at risk for being infected by malware, there are some easy things you can do to avoid it. Here are some ways to protect your phone and other devices from malware:

Don’t jailbreak your device: Jailbreaking your device removes a lot of its built-in security. While this may let you do more with your device, it also leaves it more vulnerable to attacks.
Use a VPN: A virtual private network is a secure “tunnel” that lets you access and share information securely over public Wi-Fi networks.
Download apps only from reputable sources: Unofficial app stores are more likely to be sources of malware-infected apps.
Encrypt your data: If you have sensitive data on your mobile device, make sure it’s encrypted. It will then remain secure, even if malware steals it.
Do mobile vulnerability scanning: You can’t prevent what you don’t know about. Use a vulnerability scanner like SecurityMetrics Mobile for your mobile device.
Update software and hardware: Companies often release updates on mobile devices that address potential vulnerabilities.
Train employees: Your employees should know about malware and taking the right measures to avoid it. Include mobile device security in your training.
Have mobile device policies in place: Whether your company owns the devices, or your employees use their own, you need to have security policies set up that address the use of mobile devices.

When it comes to data security, you need to treat mobile devices the same way you treat servers and other computers. Hackers are constantly finding new ways to steal information from mobile devices.

Even though mobile devices can be hard to fit into a traditional network or data security model, they need to be considered. It's critical to include them in your information security planning!

David Page is a Qualified Security Assessor and has been with SecurityMetrics for six years. He has over 18 years experience in network and system engineering, design, and security.