coding on screen

Are companies looking hard within to spot mobile security challenges?

Listen to this article

Editor’s brief: As businesses embrace WFH (work from home) and WFA (work from anywhere) on top of slowly getting back to WFO (work from office), the IT or CISO challenge of managing assets that may be employees’ own devices at homes, or anywhere in cafes and even parks, the crux of cybersecurity comes to the fore. According to one of the cybersecurity stalwarts Check Point Software, the numbers are stacking up for businesses since 2020 when the pandemic hit businesses hard. For example, according to their report, nearly half of businesses had at least one employee download a malicious mobile app, and 97% of businesses in 2020 faced threat actor attempts on mobile devices. Read more below.

SINGAPORECheck Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, has published its 2021 Mobile Security Report. The report examines the latest emerging threats targeting enterprise mobile devices, and gives a comprehensive overview of the major trends in mobile malware, device vulnerabilities, and in nation-state cyber-attacks. It also shows how organisations can protect themselves against today’s and tomorrow’s complex mobile threats and how these threats are likely to be evolving.

The move to mass remote working during the COVID-19 pandemic saw the mobile attack surface expand dramatically, resulting in 97% of organisations facing mobile threats from several attack vectors. With 60% of workers forecast to be mobile by 2024, mobile security needs to be a priority for all organisations. Highlights of the Check Point Research Mobile Security Report 2021 include:

  • All enterprises at risk from mobile attacks:  Almost every organisation experienced at least one mobile malware attack in 2020. Ninety three percent of these attacks originated in a device network, which attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.
  • Nearly half of organisations impacted by malicious mobile apps:  Forty six percent of organisations had at least one employee download a malicious mobile application that threatened their organisation’s networks and data in 2020.
  • Four in ten mobiles globally are vulnerable:  Check Point’s Achilles research showed that at least 40% of the world’s mobile devices are inherently vulnerable to cyberattacks due to flaws in their chipsets, and need urgent patching.
  • Mobile malware on the rise:  In 2020, Check Point found a 15% increase in banking Trojan activity, where users’ mobile banking credentials are at risk of being stolen.  Threat actors have been spreading mobile malware, including Mobile Remote Access Trojans (MRATs), banking trojans, and premium dialers, often hiding the malware in apps that claim to offer COVID-19 related information.
  • APT groups target mobile devices:  Individuals’ mobiles are a very attractive target for various APT groups, such as Iran’s Rampant Kitten, which has conducted elaborate and sophisticated targeted attacks to spy on users and steal sensitive data

“As we have seen in 2020, the mobile threat landscape has continued to expand with almost every organisation now having experienced an attack,” said Neatsun Ziv, VP Threat Prevention at Check Point Software. “And there are more complex threats on the horizon. Cybercriminals are continuing to evolve and adapt their techniques to exploit our growing reliance on mobiles. Enterprises need to adopt mobile security solutions which seamlessly protect devices from today’s advanced cyber threats, and users should be careful to use only apps from official app stores to minimise their risk.”

During 2020, Check Point discovered a new and highly significant attack, in which threat actors used a large international corporation’s Mobile Device Management (MDM) system to distribute malware to more than 75% of its managed mobile devices – exploiting the solution, which is intended to control how mobiles are used within the enterprise.

Check Point’s 2021 Mobile Security Report is based on data that was collected from January 1st, 2020 through December 31st, 2020, from 1,800 organisations that use Check Point Harmony Mobile, Check Point’s mobile threat defence solution. It also draws on data from Check Point’s ThreatCloud intelligence, the largest collaborative network for fighting cybercrime, which delivers threat data and attack trends from a global network of threat sensors; from Check Point Research´s (CPR) investigations over the last 12 months and on recent survey reports from external organisations.