2017 Watch List: Mobile Device Security
In a survey conducted last year, nearly one in five organizations said they experienced a mobile security breach in 2016. As these threats become more sophisticated, businesses will need to evaluate their mobile device plans and consider performing an enterprise-wide phishing assessment to prepare for more advanced attacks. Here’s what to watch for:
- One of the most sophisticated threats of 2016 is called Pegasus, but the damage it causes is no myth. The targeted iOS spyware has allowed hackers to access private information and other sensitive data in text messages, emails, voice communications and applications, such as Gmail, Facebook, and Skype. It utilizes strong encryption to remain undetected and, if discovered, can trigger a self-destruction mechanism that wipes infected devices of all data.
- Malware has been around for years, but that doesn’t mean it’s become any less effective. Last year, users on the Google Play store downloaded LevelDropper, a seemingly innocent app that turned out to be autorooting malware. Once downloaded, LevelDropper roots the device and installs additional applications without alerting the user.
- Ransomware, known as a threat to only networked computers until the past decade, has become a more prevalent — and dangerous — means of hacking on mobile devices. In 2016, Hollywood Presbyterian Medical Center paid $17,000 to hackers after malware called “Locky” infected a corporate laptop, locked the hospital’s electronic medical records, and effectively halted patient care for a week until the ransom was paid.