It is an accepted fact that, since the beginning of this decade, cyber-attacks on mobile devices have been growing rapidly, with no signs of slowing down. In fact the prevalence of Mobile-malware designed to infect smartphone operating systems and applications, grew over 300% in 2016.
And yet, in the mindset of the consumer, attacks on PCs differ from attacks on mobile devices. We are all used to installing anti-virus software on our PCs and laptops but not on our mobile devices. There, the illusion of ‘ignorance is bliss’ still prevails and it is this ignorance that leaves our precious devices highly vulnerable to hackers.
One of the main culprits of mobile attacks today is ransomware, a type of malware that prevents or limits users from accessing their system by locking the system’s screen or users’ files until a ransom is paid. Crypto-ransomware is the more modern version: files are encrypted on infected systems and users are forced to pay the ransom through online payment methods like bitcoin to get the decryption key. More anonymity, less chance of being caught.
Born in 2014, this kind of threat had been limited to computers. Since 2015, however, it extended to mobile phones as Internet access via mobile phones became increasingly common. Vodafone Spain recently reported that one in every 100 Spanish mobile phones falls victim to ‘cyber-hijacking’ today. Cyber thieves lock people’s phones and demand ransoms between €100 and €200. Thanks to consumerization and the growth in the use of applications, consumers are more dependent on mobile devices and store sensitive data about their health, finances, contacts and pictures on them. Therefore they are more likely to pay a ransom to decrypt or unlock their devices if they are targeted. Multiply each individual payment with hundreds of successful attacks and you can hit a ‘jackpot’. In 2015, the FBI reported receiving just under 2,500 individual complaints about ransomware attacks, which amounted to a staggering combined loss of more than $24 million for the victims.
So how can consumers protect themselves? In a recent Allot MobileTrends Survey we found that 61% of consumers are likely to purchase mobile security from their service provider. Why is this? The simple answer is that consumers just don’t want to deal with security. It is perceived to be more of a hindrance than an enabler, sapping power from the smartphone and generally slowing things down. Furthermore, they don’t know what they need or what security products are best for themselves. Should they purchase a premium app or are the free versions enough? From their perspective, maybe it’s better to have an expert decide, and it’s even better if the consumer doesn’t have to install anything.
Just theory? No. Vodafone’s response is Secure Net, the carrier’s network-based antivirus service. In the first nine months of 2016, the service blocked 50,000 ransomware attacks to four million Spanish subscribers who use the service. This service stands out above the rest for the simple reason that it is delivered by the network as a value-added service to the connectivity that it provides and it requires zero effort on behalf of the customer besides an agreement to apply the service.
Though ransomware is perhaps the most devious and personal type of mobile malware, the golden age for hackers is not restricted to ransomware and neither is Vodafone’s Secure Net. Phishing – a method that involves posing as a trusted source to illegally obtain users’ personal information (such as passwords and credit card numbers) – – plus malicious software, where the attack occurs while the software is downloading, are also used frequently to scam mobile consumers.
In response to these threats, a technological solution is not enough to protect mobile consumers. Our mindset must change to acknowledge that EVERY device connecting to the Internet or to other devices requires protection. Vodafone is disclosing the staggering number of attacks they successfully thwarted to encourage their customers to subscribe to the service – and to inform existing subscribers about how much benefit they can derive from the service.
A service that ensures the continuous use of my mobile device and the privacy of my personal data? Sounds ‘blissful’ to me.