Webcast: A Deep Dive Into the Mobile Malware Report Trends and Recommendations

Laptop With Mobile Threat Landscape Cover Image

A new webcast, “Threat Landscape: Mobile Malware,” delves into the challenges of securing mobile devices in light of their ubiquitous use in the workplace and by employees on and off your organization’s network. Join CrowdStrike® V.P. of Intelligence Adam Meyers as he delves into the types of adversaries targeting mobile devices, and the tactics, techniques and procedures (TTPs) these groups are employing. 

This webcast will discuss how the reliance of today’s workforce on mobile devices has made them an attractive target to a wide range of cybercriminal groups. They leverage mobile devices, via a variety of means, to gain access to the sensitive corporate, financial and personal data these devices hold, including client/customer information, intellectual property, financial records, network credentials and more.

You won’t want to miss this important discussion, which touches on some of the main themes presented in CrowdStrike’s recently published Mobile Threat Landscape Report. This webinar will identify the types of adversaries targeting mobile devices and illustrate modern mobile threats with real-world examples of adversary methods in action.

Some of the information you will hear includes the following.

Mobile Devices Attract a Range of Adversaries

Learn the range of different criminal and targeted intrusion adversaries that now have their sights on mobile devices. Some of these adversaries opt for a longer game of establishing persistence and gathering intelligence over an extended period of time. Others may try tactics like intercepting banking credentials for a faster route to financial gain. This webcast will offer insights into the adversaries Adam and his team have observed, what motivates these bad actors, what tools they rely on most, and how they target specific industries.

Banking Trojans Continue to Gain Traction

Banking Trojans continue to gain traction because so many users prefer the convenience of banking via their mobile devices. This is especially true in some Latin American countries where the cost-effectiveness of mobile devices makes them a more popular and effective way to do banking than via personal computers. 

Global cyber adversary groups have been quick to exploit this by developing and selling mobile banking Trojans on the darknet, and even complementing them with malware-as-a-service subscription models — which are proving to be increasingly lucrative for many eCrime groups. This trend shows no sign of dissipating because even as some Trojans fall out of favor, variants arise to fill the space. In fact, CrowdStrike Intelligence has frequently observed new families being introduced in underground criminal forums.

Mobile 2FA Increases Attack Surface

Another consequence of mobile devices in the workplace is that they are often used as the second factor in two-factor authentication (2FA) requirements. This marks mobile devices as a target of opportunity for bad actors seeking access to the accounts and services being protected. The built-in network connectivity of employee mobile devices increases the attack surface available to adversaries and as a result, many tools and methods for exploiting 2FA via mobile are being introduced by eCrime groups.

Ransomware on Mobile Offers Easy Gains

Ransomware attacks targeting mobile devices have also been on the rise. Because such attacks are relatively easy to implement, they provide malicious actors with the prospect of quick financial gain with a minimum of effort. The difference with mobile ransomware attacks, however, is that rather than encrypting files on the device, mobile ransomware strains are more likely to be PIN-lock variants that prevent access to the mobile device until a ransom is paid. 

The Mobile Threat Outlook Going Forward

Adam will also discuss the mobile threat outlook for the rest of the year and beyond, as observed by his intel team and covered in the report. Learn about the new infection vectors that are cropping up and what threat classes are continuing to evolve to better evade standard security measures. 

You’ll also learn about the impact of mobile threats on various geographic regions and what that can mean for your organization as you plan a security strategy that encompasses mobile devices across your global organization. Other topics such as remote access tools (RATs), cryptomining, and insider threats or accidental exposure will also be discussed.

Recommendations for Better Mobile Device Security

The webcast will also offer critical steps organizations can take to further secure the mobile devices accessing their networks. We will examine how following these guidelines can ensure your organization’s environment is protected against mobile threats. The following is a list of recommendations that will be discussed:

  • Most mobile malware is distributed by third-parties, so it’s important that users only download apps from trusted sources.
  • Users should be wary of email messages that could be phishing attempts – such as those asking them to install an app.
  • Promptly apply security patches to all mobile operating systems and installed apps.
  • Establish security around mobile device management (MDM) processes, which can serve as sources of opportunity for attackers.
  • Consider adding mobile endpoint detection and response (EDR) solutions such as Falcon for MobileTM to your security strategy.
  • Always ensure the physical security of mobile devices: Measures such as strong passwords, biometric authentication and ensuring devices aren’t left unattended can reduce risk.

Additional Resources

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial