Cybercriminals are preferring to attack mobile devices, such as mobile phones and smartwatches, to steal people’s banking information and attack their businesses. It is one of the most notorious trends of 2019, according to a recent report by the computer security company that belongs to the Sonae Group, S21Sec, about the first six months of the year.
In the first trimester of 2019, were recorded more 61% of mobile attacks on Android devices to reach banking information than in the last three months of 2018. One of the most used methods in mobile attacks is to mix “Trojan horses”, a type of virus disguised as a legitimate program with social engineering tactics such as phishing, that consists on sending text messages or fake emails to steal credentials.
Svpeng, for example, is a virus that infects Android phones through Google’s advertising platform, AdSense. By accidentally clicking on an infected advertisement, the virus is installed on the used phone and gains access to contacts and history. This allows you to send counterfeit text messages on behalf of the bank or to block the device, a sort of “digital abduction”, in exchange for money or access credentials.
“The authors have been obligated to adapt and include more creative mechanisms to make fraudulent transfers”, explains, however, the S21Sec team. “In the old days, it was enough to steal access credentials. But verification of two factors, for example, requesting a code sent by mobile phone, implemented by different financial (entities), changed this”.
An example of this is BackSwap, a malicious program that doesn’t attempt to deceive the two-step verification system. Instead, it changes the container of bank transfers made by the hacked user, stealing money from the victims without having direct access to the account. This type of attack is known by the acronym MitB (Man in the Browser). MitB allows to modify what the victim sees and infects the Internet browser to modify and steal information.
S21Sec informs that the most common threats in 2019 are based on collecting companies data, obtained during the provision of security services, since the beginning of the year. They were compared with public information and other sources, for example, data from Kaspersky Cybersecurity company and the American National Institute of Standards and Technology. In total, 900,000 samples of malicious programs were counted.
Persistent threats
Among the analyzed cyberattacks, 50 persistent threats were found. These are sophisticated cyberattacks that often have the support of governmental entities and the main objective of these entities is mainly government espionage. Sometimes, there is also the intent to cause damage to the critical infrastructures of some nations like transport, energy, emergency services. “These are attacks that do not only affect the targeted companies and sectors, but also the whole society”, the report says.
In 2019, the French engineering company Altran and the aluminum production company Norsk Hydro were some of the affected. Both were affected after workers answered phone calls and downloaded files in fake emails by mistake. In extreme cases this kind of trouble makes whole cities “hostages of hackers”, that’s what happened at 2018 in Atlanta when city officials in the U.S. town were left without access to the email, the courts were paralyzed, and the inhabitants couldn’t pay the bills of various services.
S21Sec experts also found 7343 vulnerabilities hidden in electronic devices used on a daily basis by people. Devices and Operative Systems with the most vulnerabilities are iOS, iPhone, and Apple’s Watch OS. The following are Chrome OS and Android, both from Google.
Originally published in Portuguese in Público on the 12th of August of 2019 by Karla Pequenino