As the action shifts to mobile, so does the attention. For hackers and cybercriminals, smartphones have morphed into a juicy and lucrative target, since they are increasingly used for everything from chatting to banking. And at the workplace, too — a recent Gartner study estimates that, by 2018, less than 15 per cent of organisations will have effective mobile threat defence (MTD) in place.
Meanwhile, Kaspersky Labs makes even dire predictions — in its latest Threat Prediction 2017 report, it warns that 2016 was a turning point with the discovery of ProjectSauron, “a top-of-the-top modular cyber-espionage platform in terms of technical sophistication, designed to enable long-term campaigns through stealthy survival mechanisms coupled with multiple exfiltration methods”. But the most dangerous bit about this tool is that it customises itself for every victim, rendering popular detection methods, like Indicators of Compromise (IoCs), useless.
Moreover, as the lines between PCs and phones blur even further in 2017, expect more dangers to hop over from the desktop side of things to mobile. Here are some of the key threats you should be paying particular attention to in 2017.
Gone in a jiffy
Kaspersky Lab calls them ephemeral infections, and predicts that, in 2017, we will see the rise of memory-resident malware “that has no interest in surviving beyond the first reboot”. The gaol of this malicious code is general reconnaissance and the collection of credentials, and is likely to be deployed in “highly sensitive environments by stealthy attackers keen to avoid arousing suspicion or discovery”.
In fact, mobile phones will emerge as the next big thing for stealing private and work-related data. Kaspersky Lab expects to see more “espionage campaigns” targeted primarily at mobile, and benefiting from the fact that the security industry “can struggle to gain full access to mobile operating systems for forensic analysis”.
Pay up, or else…
Ransomware that locks down your device and extorts you into paying for unlocking it, will continue to rise, but will also witness a “turning point” in the trust between victims and hackers — currently, the assumption is that if you pay up, the hacker will ‘release’ your device and move on. But in 2017, there might be a “breakdown of trust as a lesser grade of criminal decides to enter the space”.
IoT under attack
As homes and offices get smarter, they increasingly rely on a network of wireless sensors that are collectively known as the Internet of Things (IoT). Many of these devices are controlled via smartphone apps, providing a path for hackers to disrupt your phones, too. Kaspersky Lab warns that as IoT-device manufacturers continue to pump out unsecured devices that cause wide-scale problems, “there is a risk that vigilante hackers could take matters into their own hands and disable as many devices as possible.”
Ads snoop on you
As traffic to desktop sites dwindle, publishers will increasingly push ads on their mobile websites and apps. Which also means, ads will emerge as a great opportunity to hack into your phones. Or snoop on what you are doing. Kaspersky Lab notes that over the next year, we will see the kind of tracking and targeting tools used in advertising being used to monitor alleged activists and dissidents. “Similarly, ad networks – which provide excellent target profiling through a combination of IPs, browser fingerprinting, browsing interest and login selectivity – will be used by advanced cyberespionage actors keen to precisely hit targets while protecting their latest toolkits,” the report adds.