Cyber attacks in the form of HP mobile phishing have doubled. It happened to financial services and insurance organizations between 2019 and 2020. Cyber attackers deliberately target phones, tablets, and Chromebooks to increase their chances of finding vulnerable entry points.
One successful phishing cyber attack or mobile ransomware can give an attacker access. Access to exclusive market research, client finance, investment strategies, and cash. Or other liquid assets, according to a new Lookout research team report released May 6.
The Financial Services Threat Report reveals that nearly half of all phishing cyber attack attempts try to steal a company’s login credentials. Other findings include that about 20 percent of mobile banking customers have trojan apps on their devices. When trying to log into their personal mobile banking account.
Table of Contents
Mobile Cyber attacks rise sharply.
Despite a 50 percent increase. Cyber attacks in mobile device management (MDM) adoption from 2019 to 2020, average quarterly phishing exposure increased by 125 percent. Exposure to the risk of malware and applications increased by more than 400 percent.
Seven months after the release of iOS 14 and Android 11, 21 percent of iOS devices still use iOS 13 or older. And 32 percent of Android devices still use Android 9 or older. The delay of users updating their mobile PHONES devices creates a window of opportunity for Cyber Attack actors. It also threatened to gain access to the organization’s infrastructure and steal data, according to the report.
“Malicious cyber attack sent through socially engineered phishing campaigns will always be a problem that attacker security teams have to deal with knowing that they can target individuals through HP’s private channels such as SMS, third-party messaging platforms, social media, and even dating apps. to make connections and build trust,” Hank Schless, senior manager for security solutions at Lookout, told TechNewsWorld.
Higher Security Risks, More Mobile Users
This digital environment has exposed businesses and their customer data to new risks. Because the data is now moving to where it needs to be. The financial services industry is accelerating its digital transformation.
Even before the pandemic forced organizations to embrace cloud services and mobile devices, the financial industry experienced a 71 percent increase in phone mobile app adoption in 2019. Tablets, Chromebooks, and smartphones are now key components of how financial institutions operate.
Regular mobile users include employees who work at home or customers who manage their finances with the app. Considering the incredible rise of Chromebooks. As one of the leading mobile device purchases for education and enterprise over the past 18 months
While many organizations turn to MDM to stay in control, it’s not enough. Managing devices doesn’t secure them from complex mobile cyber attack threats, Lookout stressed in its report.
When employees are forced to work remotely almost overnight, they have to turn to their smartphones and tablets to stay productive. Cyber attackers recognized these changes and began targeting individuals more with mobile-specific malware and phishing attacks, Schless explained.
“This overnight change also forced security and IT teams to make sudden changes to their strategies and policies. To maintain similar control over mobile access to the company’s infrastructure. The security team expanded their enterprise VPN capacity and rolled out MDM to more mobile users.”
A Rather Futile Effort
Despite the shift to mobile device management, a significant spike in exposure to mobile threats is still occurring, Schless said.
“This proves that MDM should only be used to manage devices, not secure them. This solution cannot secure devices from cyber threats such as mobile phishing,” he said.
Financial organizations must embrace modern security technologies and strategies to stay safe, competitive, and relevant. on devices most frequently used by employees and customers from Cyber Attack, urges Lookout researchers.
Lookout found a 125 percent increase in average quarterly exposure rates to mobile phishing cyber attack was significantly higher than in other industries. The first problem is that MDM cannot secure mobile devices. VPNs also don’t check if there’s a threat on a device before allowing it access to the company’s resources and infrastructure, according to Schless.
“Attackers get smart very quickly. They create malware and phishing campaigns that can easily circumvent the basic management policies proposed by MDM solutions. This is why we continue to see increased exposure to mobile threats even though organizations are leveraging MDM more,” he said.
The only way to protect against these attacks is to implement an actual integrated endpoint-to-cloud security solution, he suggested. Such solutions can validate the risk posture of devices and users to ensure no malware or unauthorized users gain access to infrastructure.
Businesses Must Act On Security
To prevent fraud and account takeovers, financial organizations and other businesses should consider how to secure a mobile app experience for their customers, the researchers warn. When building a consumer application, security must be integrated from the ground up.
By integrating the service into the mobile app development process, mobile security capabilities are natively conveyed to customers without asking them to install additional software.
“When targeting financial services, cyber criminals can go after employees and customers. This means the security team must cover a very broad threat landscape. Therefore, it’s never too surprising to see financial services listed as one of the most targeted industries,” said Schless of Lookout.
Why Phishing Traps Victims
Phishing emails often contain personal information and look very authentic. Often, they seem like legitimate services from well-known vendors, said Joseph Carson, CISO chief security and Advisory scientist at ThycoticCentrify.
“Phishing email messages almost always appear as urgent messages from authorities that require quick action, such as clicking on links or opening attached files to avoid further problems, late fees, and so on. These emails usually contain multiple hyperlinks — some of which are legitimate to disguise one malicious link between them,” he told TechNewsWorld.
Some phishing emails target you personally, by pretending to be from someone you know and trust, such as a friend, colleague, or boss. This email contains hyperlinks or attachments, such as PDFs, Word documents, Excel spreadsheets, or PowerPoint presentations.
The most frequent spear-phishing attacks seem to come from your company’s executive management team or someone in authority who asks you to take an important action — either opening an attachment or in some cases an urgent money transfer to a link in an email, Carson explained.
See Attack Attempts Cyber
Limit what you share on social media and enable privacy and security settings on Facebook, Twitter, or other social accounts, according to Carson’s recommendations as safety standards.
“Don’t accept a friend’s request unless you know the person well.”
Just as you would do with known spam, mark the sender of an email suspected of being phishing as junk or spam. Then report it immediately to your IT security department if it appears directly in your work inbox.
Another security tactic is never to forward phishing emails. Also, ensure you have taken basic steps to protect your device and scan your system and email from malware.
“Unusually high mobile data and internet usage can indicate that the device has been milked and that data is being extracted and stolen. Review your monthly internet usage trends, usually available from your internet service provider or home router, for downloads and uploads to monitor your monthly internet activity.”
You can usually set usage limits that will alert you to suspicious levels. When this alarm is triggered, immediately review your usage level.