With the World Economic Forum in Davos being at the center, Kaspersky Lab specialists warn of the risk of digital espionage through malware targeting mobile devices. Many of the digital espionage teams that have been revealed by Kaspersky Lab specialists in recent years have been found to use sophisticated malware that can "pollute" portable devices and seize valuable information.
Major events such as the World Economic Forum provide a platform for important discussions and attract high-level visitors from around the world. But at the same time, such a large gathering of important personalities in one place also attracts the interest of digital criminals, who consider such events a good opportunity to gather information, with the help of targeted malicious programs.
According to Kaspersky Lab statistics, at least five of the most sophisticated digital espionage campaigns that have been revealed in recent years have been using malicious tools capable of "infecting" portable devices.
Μερικές φορές, αυτά τα κακόβουλα προγράμματα αναπτύχθηκαν κατά παραγγελία και εξαπλώθηκαν κατά την περίοδο υλοποίησης μιας εκστρατείας ψηφιακής κατασκοπείας, όπως παρατηρήθηκε στις εκστρατείες Red October, Cloud Atlas και Sofacy. Σε άλλες περιπτώσεις, οι κακόβουλοι φορείς τείνουν να χρησιμοποιούν το λεγόμενο «εμπορικό» κακόβουλο software, that is, a special set of "offensive" tools sold by commercial organizations, such as Hacking Team (whose tool is called RCS), Gamma International (FinSpy) and others.
Data that has been intercepted by these tools (eg, information on competition moves) is of enormous value for digital spies. Many organizations believe that standard PGP encryption is sufficient to protect mobile e-mail, but this is not always the rule.
"This measure does not solve the basic problem. From a technical point of view, the original architecture used in emails allows reading of metadata as plain text, both in incoming and outgoing messages. Metadata includes sender and recipient details, delivery / delivery date, subject and message size, attachments (where applicable), and the email client used to send the message, among others. For someone who implements a targeted attack, this information is enough to reconstruct the timing of conversations, to know when people communicate with each other, what they are talking about and how often they communicate. In this way, malicious players are able to learn enough about their goals, "said Dmitry Bestuzhev, a specialist of Kaspersky Lab's Worldwide Research and Analysis Group.
To overcome this problem, many "sensitive" conversations are now being made through handheld devices that use secure applications and integrated encryption to ensure that no metadata is produced or that medata is represented.
"This development has led digital spies to develop new weapons capable of spying on both digital and real life of their goals. Once the mobile malware is installed on the target's device, it can spy on all "secure messages" as well as secretly activate the device's camera and microphone. This allows malicious actors to gain access to the most "sensitive" conversations, even those that take place off-the-record and/or "face-to-face," Dmitry Bestuzhev added.
However, there are additional measures that could help protect private mobile communications from third party access. In this context, Dmitry Bestuzhev recommends:
- Always use a VPN to connect to the Internet. This ensures that network traffic cannot be easily intercepted, while also reducing "susceptibility" to malicious programs that can be "injected" directly into a legitimate application which one can "download" from the Internet
- Avoid charging mobile devices using a USB port connected to computers, as this can lead to "infections" through special malware installed on a computer. Using a charger is the most appropriate option
- Use an anti-malware program for mobile devices. Today, it appears that the future of these solutions lies precisely in the same technologies that are already being used for better safety of computers (eg defaultdeny and whitelisting solutions)
- To be used code access code to protect mobile devices rather than a PIN number. If the PIN is found, cyber attackers can gain physical access to the mobile device and install malware without the user's knowledge
- Make use of encryption solutions in mobile data storage. This is particularly important for devices that allow card / memory card extraction. If attackers can export your memory by linking it to another device, they will be able to treat the operating system and the data in general
- Do not jailbreak on mobile devices, especially if someone is unaware or uncertain of how this will affect a device
- Do not use second-hand mobile phones as they may have pre-installed malware
- In any case, "conventional conversations" in a physical environment are always safer than those conducted by electronic means.
More information about the dangers of mobile malware and data protection from these threats is available at Dmitry Bestuzhev's website Securelist.com.
The products Kaspersky Lab detects and blocks successfully all known malware for mobile devices.