Mobile devices – pervasive in the workplace, heavily used, and often unregulated – present a wealth of opportunity to cybercriminals aiming to access employees' sensitive information.
The mobile threat landscape is always shifting, says Jordan Herman, researcher at RiskIQ, which recently published its "Mobile Threat Landscape Q1 2019" report. Researchers scanned more than 120 app stores and nearly 2 billion resources to detect mobile apps in the wild. In the past four quarters, RiskIQ has categorized 8 million mobile apps, of which 217,982 were blacklisted.
A rush of apps continues to flood mobile marketplaces. In the first quarter of 2019, RiskIQ saw 2.26 million new apps, nearly 6% more than the fourth quarter of 2018. Given the sheer size, scope, and complexity of the global app ecosystem, it's tough for organizations to monitor their mobile presence and protect customers and employees from an evolving range of threats.
"The fact that it changes from quarter to quarter goes to show how many different ways there are to attack mobile," Herman says. "Mobile is so ubiquitous and so ingrained in our day-to-day lives that threat actors can target users in hundreds of ways and keep trying until something works." Threats range from fake antivirus apps to phishing attempts to Magecart incidents.
As Herman points out, there are several ways to develop and distribute malicious apps. Some may sign up the user for paid subscription services without the user's knowledge, granting the developer monetary gain. Others may steal personal data that can be used for identity theft. Some may try to disguise themselves as popular apps, while yet others may appear benign (a flashlight app, for example) but request excessive permissions to steal data stored on th ..
Support the originator by clicking the read the rest link below.
