Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Mitigating Digital Risk from the Android PC in Your Pocket

Security Teams Must Prioritize Risk Mitigation Against Android Malware

Security Teams Must Prioritize Risk Mitigation Against Android Malware

Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users’ computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android.

Threat actors watch these trends too. They’re opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks. 

As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android’s official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores. 

Android Mobile SecurityUsers are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations. Apps have been found that impersonate Uber, any number of financial institutions, gaming apps and perhaps most galling, security apps. Mobile malware is generally delivered and deployed via a multi-step process requiring some user interaction. This presents threat actors with many opportunities to infiltrate a device. For example, once installed, many malicious apps request users to approve unnecessary privileges, such as administration access, to execute processes. Overlays (superimposing phishing screens on a legitimate app) are also used to prompt users to provide sensitive information, such as credentials or financial data. 

So, what’s the ultimate endgame for cyber criminals? The most prevalent objective is espionage – gathering information through profiling device data or recording phone calls and messages. Mobile banking malware, such as Marcher and BankBot, uses sophisticated techniques to harvest user banking data, including overlays specific to target banks, and intercepts SMS messages to obtain multi-factor authentication codes. Recently, mobile devices have also been targeted for cryptocurrency mining. While less powerful than desktops and servers used for this purpose, more Android devices exist, and they are often less protected and, thus, more easily accessible. You can expect this objective to continue to grow as smartphones become more powerful.

Security teams must now prioritize risk mitigation against Android mobile device malware. But after surveying more than 3,600 security professionals across 26 countries, the Cisco 2018 Security Capabilities Benchmark Study found that mobile devices are the most challenging areas and functions to defend. Implementing the following 10 practices will help: 

1. Use the official Google Play store and only download Play Protect-verified apps and those from legitimate companies. 

2. Only enable limited permissions for downloaded apps. 

Advertisement. Scroll to continue reading.

3. For business devices, use mobile device management solutions to give IT security staff control to set access permissions and restrictions.

4. Do not root business devices; rooting allows root access to the Android operating system code and preventing it discourages unauthorized administration privilege access. 

5. Deploy endpoint antivirus solutions on individual devices. 

6. Ensure that mobile device operating systems are up to date.

7. Use runtime application self-protection (RASP) to prevent overlay attacks by detecting and blocking malicious activity in real time. 

8. For BYOD enterprises, establish user policies that forbid connection of employee-controlled devices to corporate infrastructure. 

9. Educate employees on threats associated with SMS phishing and mobile device browsing. 

10. Monitor mobile applications, not just third-party apps but internal company mobile apps that may have been modified by a third party. 

Android devices, and smartphones in general, will continue to be attractive targets for cybercriminals, particularly as these devices become more powerful, offer longer battery life and plug into keyboards and other peripherals to easily serve as a user’s computer. But with a multilayered approach to security that includes best practices and a defense-in-depth strategy, security teams can overcome many of the challenges they face when mitigating risk from the PC we carry in our pockets.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.