News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Cyber spies target mobile devices to steal information

Many of the cyber espionage groups investigated by Kaspersky Lab experts in recent years were found to make use of sophisticated mobile malware, capable of infecting a range of mobile devices and stealing valuable information.
Cyber spies target mobile devices to steal information
©Tyler Olson via 123RF

Significant events, like the World Economic Forum in Davos, serve as a hub for important conversations and attract high-profile visitors from all over the world. But a high concentration of important people in one place also attracts malicious cyber attackers, who consider public events a good opportunity to gather intelligence with the help of targeted malware.

According to Kaspersky Lab statistics, at least five of the sophisticated cyber espionage campaigns discovered in recent years have made use of malicious tools capable of infecting mobile devices. Sometimes these are custom-made malicious programs, created and propagated during a given cyber espionage campaign, as was seen in the Red October, Cloud Atlas and Sofacy campaigns.

In other cases, the malicious actors tend to use so-called commercial malware - a special set of offensive tools sold by commercial organisations like HackingTeam (whose tool is called RCS), Gamma International (FinSpy) and others.

PGP encryption

The data stolen with help of such tools, such as competitive intelligence, is of immense value to cyber spies. Many organisations believe that standard PGP encryption is sufficient to protect mobile email communications, but this is not always the case.

"This measure doesn't solve the core problem. From a technical perspective, the original architectural design used in emails allows for metadata to be read as plain text on both sent and received messages," said Dmitry Bestuzhev, security expert at global research and analysis team, Kaspersky Lab. "This metadata includes details of the sender and the recipient as well as the sent/receipt date, subject, message size, whether there are attachments, and the email client used to send out the message, among other things.

"This information is enough for someone undertaking a targeted attack to reconstruct the time-line of conversations, learn when people communicate with one another, what they talk about, and how often they communicate. In this way, the threat actors are able to learn enough about their targets."

To overcome this, many sensitive conversations now take place over mobile devices using secure applications and end-to-end encryption with almost no metadata or where metadata is basically impersonal.

New weapons

"This development has led cyber spies to develop new weapons capable of spying on both the digital and actual lives of their targets. Once mobile malware is installed on the target's device it can spy on all secure messages and also secretly and invisibly activate the device's camera and microphone. This allows the threat actors to gain access to the most sensitive conversations taking place, even those which take place off-the-record and face-to-face," added Bestuzhev.

However, there are additional measures that could help to protect private mobile communications from third party access. Bestuzhev recommends the following:

• Always use a VPN connection to connect to the internet. This helps to ensure that your network traffic cannot easily be intercepted and reduces its susceptibility to malware that can be been injected directly into a legitimate application being downloaded from the internet.

• Do not charge your mobile devices using a USB port connected to a computer, as it could be infected with special malware installed on the PC. The best thing you can do is to plug your phone directly into the AC power adapter.

• Use a mobile anti-malware program. It has to be the best one. It seems that the future of these solutions lies precisely in the same technologies already implemented for desktop security: Default Deny and Whitelisting.

• Protect your devices with a password, not a PIN. If the PIN is found, the cyber attackers may gain physical access to your mobile device and install the malware implant without your knowledge.

• Use encryption in the data storage memories that come with your mobile devices. This advice is especially topical for devices that allow for the extraction of memory disks. If attackers can extract your memory by connecting it to another device, they'll be able to easily manipulate your operating system and your data in general.

• Do not Jailbreak your device, especially if you're not sure how it will impact your device.

• Don't use second-hand cellphones that may come with pre-installed malware. This advice is especially important if your cellphone comes from someone you don't know well.

• Finally, bear in mind that conventional conversations in a natural environment are always safer than those carried out electronically.

Let's do Biz