New data from intelligence network security firm SonicWALL reveals that cybercriminals are seeking to exploit employees who are connecting to corporate networks via mobile devices and their rising use of social media. This means that your business could be at risk of a cyberattack simply because you and your employees are using smartphones and tablets.
Over the last six months, according to the mid-year cyber-threat intelligence bulletin from SonicWALL, some of the most dangerous threats include advanced persistent threats that come in through clicked links, lie hidden for an indefinite period of time and become active at a predefined time. Also highly dangerous are institutional database breaches, which expose a wealth of data for criminal use by correlating data from more than one source, providing the basis for sophisticated attacks such as spear phishing (targeted phishing) and threats to SCADA-based systems.
However, some of the most widespread threats include FakeAV, which uses the latest trends and news stories to target a large user base, serving OS-specific and location-specific malware. Spam continues to be widespread, with large flows of emails carrying virus-laden attachments; pitches for weight loss products, wristwatches, and pornographic services and products; “nuisance” spam that has no content other than three or four random characters; and image-only spam.
The cybersecurity threats that are on the rise, according to the bulletin, are mobile-based threats (particularly the mobile malware on Android phones) and threats resulting from the use of social media. Ed Cohen, Vice President of Corporate Development for SonicWALL, offers these four tips on how to protect yourself and your business from these cybercriminals:
1) Use caution when downloading apps that aren’t endorsed by a big name or appear to be well tested. This obviously isn’t a complete guarantee, but it should help your chances by working with the law of large numbers.
2) Remember that you can have a malware-free Android device, but you can still be at risk by visiting precarious websites on your Android device. Hackers can use popular social media sites, bank sites, recent news, search term poisoning, etc. to lure users to seemingly innocuous looking websites (especially when rendered on a mobile device) that can redirect devices, trick users into revealing confidential information, etc. Do your best to make sure that the websites you’re visiting appear legitimate and exercise caution when entering secure data into a mobile device.
3) Even if you can have a clean phone with no malware and no malicious websites, but you load it up with tons of sensitive data, then your phone is stolen or left in a taxi, you’re vulnerable. Use a password and remote data wiping capabilities.
4) If you’re using your device to enter a corporate network, make sure your network administrator is allowing you to use secure technology (e.g., SSL VPN) to encrypt traffic and potentially remediate devices that don’t fit your company’s security policy.