Well, happy weekend everybody!!! It’s hard to believe that in another week it
will be Memorial Day Weekend, and soon, half the year will be over. Honestly, this year has gone by the fastest
than I ever remember.
But speaking of the halfway mark, in June I will be
releasing my midyear Cyber Report. Just to pique your curiosity somewhat, the
topic will be about the true cost of Security Breaches that have occurred here
in the United States.
Everybody talks about it; nobody has really put a firm
dollar value to it. This is where I am
hoping this report will have. One of the
other objectives of it is to hopefully raise some alarm bells as well. I could have written about other topics, but
last year I covered Ransomware, and at the beginning of this year, I covered
Phishing.
Anyways, as we hit June, there is yet another form of threat
vector out there that has not received the attention it should be getting. We are all so obsessed with the Cyber impacts
from Russia invading the Ukraine, that this one has totally faded out.
What am I talking about?
It is attacks to our mobile devices, whether there are notebooks,
tablets, laptops, smartphones, etc.
Luckily, I came across an article which covered some of the
major avenues in which your device can be attacked. Some of them I never even thought of
before. So, here we go:
1)
Conducting Fraud:
When one thinks of an attack to a
smartphone, the immediate thoughts that come into mind are that of the
Cyberattacker taking 100% control of the device, or implanting some kind of
Malware on it in order to gain access to the information that is stored on
it. But now, hackers can use your
smartphone as a way to conduct fraudulent based activities. This is technically known as “On Device
Fraud”, or “ODF” for short. This kind of
attack first hit the mobile apps that were created for the customers of the
major banks, but now it is being used anywhere fraud can be carried out. Two of
the most notorious threat variants are that of Octo and Teabot. They both allow for the hijacking of video
conferencing and screen sharing on your Android device. More information about these two can be seen
at these links:
https://thehackernews.com/2022/04/new-octo-banking-trojan-spreading-via.html
(FOR OCTO)
(FOR TEABOT)
2)
Redirecting phone calls:
Think Smishing attacks and
Robocalls are annoying enough? Well,
here is something that is even scarier.
Placing a call on your smartphone with a legitimate phone number, the Cyberattacker
intercepting it, and instead rerouting your call to another receiver. In this entire process, you do not even know
what is happening until the person picks up on the other side. This trend started to happen with a rogue mobile
app Trojan Horse known as “Fakecalls”.
During the installation process of this app, the Cyberattacker
overwrites all of the permissions on your smartphone.
More information about this nasty
Trojan Horse can be seen at this link:
https://usa.kaspersky.com/blog/fakecalls-banking-trojan/26354/
3)
Taking over push-notifications:
This is when you receive a direct
notification, such as a One Time Password (OTP) in which you have to respond
to. For example, many financial
institutions now require some sort of 2FA, and using an OTP fits this bill
perfectly. But now, there is a new piece
of Malware called the “FluBot” that directly targets the push notification
functionalities of Android based devices.
This Malware will reply automatically to any sort of push notification
that you may receive, even without you knowing about it. Even worst, it can even hijack the address
book in your Android device, and spread itself like a worm to infect other wireless
devices to your contacts. This kind of
attack is known technically as “Push Message Phishing”. There is another variant of this which is
known as “Sharkbot”, and information about both can be seen at these links:
https://www.darkreading.com/threat-intelligence/flubot-malware-s-rapid-spread-may-soon-hit-us-phones
(FOR THE FLUBOT)
https://www.darkreading.com/endpoint/google-removes-dangerous-banking-malware-from-play-store
(FOR THE SHARKBOT)
4)
The creation of new domain names:
A new trend that started to occur when
COVID-19 hit was the registration of many domain names by the Cyberattacker. While one intent of this was to create phony
and fictitious websites, the other has been used to create multiple command and
control centers hosted on VMs. For example,
when a Cyberattacker launches an attack, he or she may not specifically target the
victim. Rather, they will issue remote commands through one of these servers to
in target the victim, in an effort to disguise themselves. But keep in mind that tracking these kinds of
ill-used domains has been a target of law enforcement, such as that of the
FBI. So to avoid further detection, the Cyberattacker
will shut down the VM on which a domain has been used, and create a new one, to
host a new domain to be used for these malicious purposes. The Sharkbot variant has been used for this very
purpose, in an effort to stay covertly inside your wireless device for extended
periods of time. In a way, this can also
be compared to that of an Advanced Persistent Threat.
5)
Getting through Google and Apple:
Apple has one of the most stringent
requirements when it comes to uploading of new apps to iTunes, and Google not so
much. But even despite these tight requirements, Cyberattackers have found ways
to bypass all of this and deploy the rogue mobile apps. These kinds of apps are technically known as “Droppers”.
My Thoughts On This:
There are numerous ways in which to lessen the odds of becoming
a victim of a smartphone attack:
1)
Limit mobile app usage. I know life is a lot easier with a mobile app
for everything, but the more you put on, the more you are increasing your
attack surface. Try restricting how many
mobile apps you put on to those that are really only necessary. As for myself, I hardly ever use mobile
apps. I only have two of them.
2)
Always read the reviews of a mobile app you want
to use. If they are any good, then it
just gives that mobile app more credibility. But take this with a grain of
salt. Even a Cyberattacker can put up
fake reviews.
3)
Always confirm the authenticity of the mobile
app. By this, I mean actually try to call the creator of it. Any legitimate mobile app designed by a real
company should have a distinct website, with real contact information.
4)
Always keep your wireless updated with the latest
versions and software patches/upgrades.
In the end, for the sheer lack of a better term, you have
CYA. In other words, trust your
gut. If it doesn’t feel right, then download
it.
No comments:
Post a Comment