Threats to mobile devices continue to increase in number and complexity as mobile devices become more critical to our everyday lives. What started out as a limited attack surface has grown into a vast landscape of devices. Mobile devices are prime for exploitation by attackers because they provide a quick, all-in-one means to acquire sensitive data from targets.
Mobile devices can offer access to user location, contacts, email, texts, and instant messaging, as well as encrypted communication applications and business files. And mobile devices also often bridge the gap between a target’s professional and personal lives, especially given the sharp increase in employees working from home following the COVID-19 pandemic.
BlackBerry researchers recently revealed that Advanced Persistent Threat (APT) groups known to have well-established cyber capabilities long ago adapted to and have exploited the mobile threat landscape for a decade or more. The report, Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform, details how mobile malware is not a new or niche effort, but a longstanding part of a cross-platform strategy integrated with traditional desktop malware in diverse ways across the geopolitical sphere.
The research provides a detailed survey of the strategic and tactical use of mobile malware by various adversaries. It also fills in gaps left by earlier research about mobile malware.
Securing Mobile Devices
What happens on mobile devices can easily bleed over to the enterprise, especially when best practices are not adhered to or applications are employed without understanding how they can impact security both inside the home and inside the corporate firewall.
Remote workers need to take the necessary steps to secure their mobile devices, use applications responsibly, and lock down their devices – both for their own security and for that of the corporate systems they will likely be connecting to each day.
The Zero Trust Guide to Remote Worker Security white paper provides remote workers with tips on a wide range of security issues they should be aware of when working remotely. A central theme running through this guide is that users need to take precautions in regard to what activities they engage in on their devices to reduce the risk of falling victim to an attack – a key strategy in applying a Zero Trust model of thinking. This includes enabling auto-timeouts, the use of strong passwords and password managers; opting for multi-factor authentication (MFA); disabling Wi-Fi, Bluetooth, and NFC when not in use; making sure all mobile devices are running a next-gen antivirus (AV) solution, and more.
Take a Page from the Zero Trust Playbook
The Zero Trust security model trusts nothing and no one by default. Under a Zero Trust security model, every user, device, and network are assumed to be hostile until they can be validated, and they are continuously validated to prevent a security lapse. Remote workers can apply the Zero Trust concept of assuming everything is a potential attack or avenue to compromise until they can verify that it is not.
The Zero Trust Guide to Remote Worker Security serves as a starting point for remote workers to take some simple steps to improve their security posture when working remotely – download this valuable resource today.