Symmetrium Supports Deployment Across 5G Networks

Read more

What Google Can Teach Organizations About Mobile Security and Malware’s Use as a Weapon of War


Symmetrium Team

| March 12, 2024

Targeting mobile phones with malicious software is now one of the tools of choice when it comes to waging war, according to a report released by Google. The research focuses on the conflicts in the Middle East and Ukraine, where the phones and tablets of civilians and military personnel are being targeted to disrupt communications, steal sensitive information, spread misinformation and potentially put lives at risk. This sinister use of malware is adding a new dimension to modern warfare, underlining the importance of the digital battlefield.

Google has been actively monitoring spikes in cyber threats and mobile malware to safeguard their users during these conflicts. This has revealed fresh insights into phishing campaigns, hack-and-leak operations, information warfare, disruptive attacks and other cyber activities to its Threat Analysis Group (TAG), Mandiant, and Trust & Safety teams.

A significant number of cyber attacks involve spyware campaigns that rely on malicious mobile apps, which are playing a substantial role in gathering intelligence by targeting data at rest on users’ devices, including messages, contacts, real-time location, and other sensitive data.


Anatomy of a Mobile Spyware Campaign

In its report, Google details the key elements of the spyware campaigns and their sequence being used in conflict zones and beyond:

1) Delivery to user: This is the first stage of the attack and its primary emphasis lies in persuading users to install malicious applications through SMS phishing or social engineering techniques employed on social media and messaging applications.

2) Installation: The spyware might disguise itself as a legitimate application, tricking the user into granting access to sensitive information, including SMS and location data.

3) Gather and steal information: Following installation, the spyware has the capability to collect various information about the device, including but not limited to location, contacts, SMS, and audio recordings.

4) Exfiltration of the data: The malicious application might store any data that comes to rest on that device or pilfered data in an encrypted file, transmit it to command and control infrastructure controlled by the attacker, and subsequently erase the file from the device.

Malicious apps can be hard to detect by users because they often cloak themselves in legitimacy, mimicking commonly used utilities like VPNs and messaging apps like Telegram. However, beneath the surface lurk standard backdoor features, designed to turn the user’s device into a surveillance tool.

Unlike Apple’s App Store, which is famously a ‘walled garden’ from which it controls all app distribution, Android users can download apps from Google Store and alternative third-party channels. This allows groups involved in conflicts to distribute Android spyware through apps not verified by Google, employing SMS phishing and social engineering tactics on social media and chat platforms to trick users into installing them.


Targeting the Weakest Link

Humans are often considered the weak link in mobile malware attacks due to their susceptibility to manipulation. Mobile malware attackers frequently exploit human vulnerabilities through tactics such as phishing, where users are tricked into clicking on malicious links or downloading harmful applications. Social engineering techniques, including deceptive messages and fraudulent websites, capitalize on human trust and curiosity.

Moreover, users may inadvertently grant unnecessary permissions to seemingly benign apps, allowing malicious software to access sensitive information. Lack of awareness, complacency, and a tendency to overlook security warnings contribute to the effectiveness of mobile malware attacks. Human behavior plays a pivotal role in the success of these attacks, making it crucial for individuals to stay informed, exercise caution, and adopt security best practices to mitigate the risks associated with mobile malware.


Lessons for Organizations

Mobile malware attacks during conflicts offer several harsh lessons for organizations:

Preying on urgency: These attacks exploit heightened emotions and the need for information during crises. Malicious actors disguise malware as legitimate apps, like fake air raid sirens or news sources, to trick users into downloading them. Organizations should remind staff to be cautious of unexpected app downloads, especially during volatile times.

Targeting vulnerabilities: Conflict zones often have limited access to reliable internet and software updates. This creates a breeding ground for malware targeting outdated operating systems with known vulnerabilities. Organizations should prioritize keeping software updated on all devices and enforce strong password policies.

Importance of a ‘walled garden’ approach: Organizations should implement a ‘walled garden’ approach to ensure a secure environment that controls employees’ access to apps. Such a policy enhances security by only allowing the downloading of approved apps from verified sources.

Evolving tactics: Cybercriminals are constantly adapting their methods. For instance, malware might steal user data for espionage or disrupt critical infrastructure. Organizations should have up-to-date security solutions and conduct regular training for employees on cybersecurity best practices.

Importance of backups: Malware attacks can render devices unusable or erase critical data. Organizations should have robust backup and recovery plans in place to minimize disruption and data loss.

Global threats: These attacks highlight the borderless nature of cyberwarfare. An attack targeting one region can have ripple effects worldwide. Organizations should be prepared for potential spillover and have incident response plans in place.

Data at Rest is Data that is Vulnerable: Once attackers have infiltrated a phone they have complete access to the data that comes to rest on that device. Thus the data is no longer in the secure confines of the corporate network environment and is exposed and vulnerable on the device it is now residing on. Symmetrium negates this vulnerability by ensuring no data comes to rest on devices outside of the security of the corporate network.


Mobile Security — A New Battlefield Challenge

The digital realm is now an undeniable battleground, with the tentacles of malware created during conflicts stretching far beyond war zones to potentially impact organizations. This should be of major concern as most businesses have a fundamental flaw in their mobile security strategy and are vulnerable because they place an emphasis on users and devices rather than on data.

Symmetrium uses a walled-garden approach by transforming any mobile device, whether managed or unmanaged, into a virtual extension of the organization’s network, incorporating all compliance, security, and IT protocols. Once users enter this secure mobile workspace they only have access to approved apps, and any data accessed never comes to rest on their device. Symmetrium also protects against SMS phishing (Smishing), by scanning every message and integrating with existing email security tools before delivery to end users.

Businesses operating in the health services, finance, telecom and utilities sectors should be most aware of the dangers of mobile malware and potential flaws in their mobile security due to the valuable data they hold and their strategic importance.

For cybercriminals, a successful attack on any of these sectors can lead to financial gain through identity theft, extortion, or the disruption of critical services. The organizations attacked will also face large fines for regulatory violations due to any lapse in the security of the sensitive data they hold. This is why, as we navigate periods of global uncertainty, the lessons learned here by governments and corporations operating in highly regulated environments hold immense value.

Read more about the use of malware in conflicts in Google’s latest report.

Related Blogs

posts-img Zero-trust Security

The Challenges in Creating a Secure Zero Trust Environment


Inbal Meshulam

| January 12, 2023
posts-img Zero-trust Security

The Stealthy Menace of Spyware: How to Protect Your Workspaces


Omer Cohen

| July 26, 2023
posts-img BYOD

2023: The Year of Mobile Data Protection


Symmetrium Team

| December 13, 2023
posts-img BYOD

The Complete Zero-Trust Mobile Security Manual for CISOs


Symmetrium Team

| February 13, 2024

We’re proud to be the ones making TPRO, CISO, IT and vendors - happy

by ramping up zero-trust mobile access.