As the World Economic Forum in Davos approaches, experts are warning attendees about the risk of cyber-espionage attacks which use malware designed for mobile devices. Many of the cyber-espionage groups investigated by Kaspersky Lab in recent years were found to make use of sophisticated mobile malware, capable of infecting a range of mobile devices and stealing all kinds of valuable information.
Significant events, like the World Economic Forum, serve as a hub for important conversations and attract high-profile visitors from all over the world. But a high concentration of important people in one place also attracts malicious cyber-attackers, who consider public events a good opportunity to gather intelligence with the help of targeted malware.
According to Kaspersky Lab statistics, at least five of the sophisticated cyber-espionage campaigns discovered in recent years have made use of malicious tools capable of infecting mobile devices. Sometimes these are custom-made malicious programs, created and propagated during a given cyber-espionage campaign, as was seen in the Red October, Cloud Atlas and Sofacy campaigns. In other cases, the malicious actors tend to use so-called commercial malware: a special set of offensive tools sold by commercial organisations like HackingTeam (whose tool is called RCS), Gamma International (FinSpy) and others.
The data stolen with help of these tools, such as competitive intelligence, is of immense value to cyber-spies. Many organisations believe that standard PGP encryption is sufficient to protect mobile email communications, but this is not always the case.
This measure doesn’t solve the core problem. From a technical perspective, the original architectural design used in emails allows for metadata to be read as plain text on both sent and received messages. This metadata includes details of the sender and the recipient as well as the sent/receipt date, subject, message size, whether there are attachments, and the email client used to send out the message, among other things. This information is enough for someone undertaking a targeted attack to reconstruct the timeline of conversations, learn when people communicate with one another, what they talk about, and how often they communicate. In this way, the threat actors are able to learn enough about their targets.
To overcome this, many sensitive conversations now take place over mobile devices using secure applications and end-to-end encryption with almost no metadata or where metadata is basically impersonal.
This development has led cyber-spies to develop new weapons capable of spying on both the digital and actual lives of their targets. Once mobile malware is installed on the target’s device it can spy on all secure messages and also secretly and invisibly activate the device’s camera and microphone. This allows the threat actors to gain access to the most sensitive conversations taking place, even those which take place off-the-record and face-to-face.
However, there are additional measures that could help to protect private mobile communications from third party access:
- Always use a VPN connection to connect to the Internet. This helps to ensure that your network traffic cannot easily be intercepted and reduces its susceptibility to malware that can be been injected directly into a legitimate application being downloaded from the Internet.
- Do not charge your mobile devices using a USB port connected to a computer, as it could be infected with special malware installed on the PC. The best thing you can do is to plug your phone directly into the AC power adapter.
- Use a mobile anti-malware program. It has to be the best one. It seems that the future of these solutions lies precisely in the same technologies already implemented for desktop security: Default Deny and Whitelisting.
- Protect your devices with a password, not a PIN. If the PIN is found, the cyberattackers may gain physical access to your mobile device and install the malware implant without your knowledge.
- Use encryption in the data storage memories that come with your mobile devices. This advice is especially topical for devices that allow for the extraction of memory disks. If attackers can extract your memory by connecting it to another device, they'll be able to easily manipulate your operating system and your data in general.
- Do NOT Jailbreak your device, especially if you're not sure how it will impact your device.
- Don't use second-hand cell phones that may come with pre-installed malware. This advice is especially important if your cell phone comes from someone you don’t know well.
- Finally, bear in mind that, conventional conversations in a natural environment are always safer than those carried out electronically.
By Dmitry Bestuzhev, security expert at Global Research and Analysis Team, Kaspersky Lab