With the World Economic Forum in Davos being at the center, Kaspersky Lab specialists warn of the risk of digital espionage through malware targeting mobile devices. Many of the digital espionage teams that have been revealed by Kaspersky Lab specialists in recent years have been found to use sophisticated malware that can "pollute" portable devices and seize valuable information.
Major events such as the World Economic Forum provide a platform for important discussions and attract high-level visitors from around the world. But at the same time, such a large gathering of important personalities in one place also attracts the interest of digital criminals, who consider such events a good opportunity to gather information, with the help of targeted malicious programs.
According to Kaspersky Lab statistics, at least five of the most sophisticated digital espionage campaigns that have been revealed in recent years have been using malicious tools capable of "infecting" portable devices.
Sometimes, these malicious programs developed on demand and spread during the implementation of a digital espionage campaign, as was observed in the Red October, Cloud Atlas and Sofacy campaigns. In other cases, malware tends to use so-called "commercial" malware, a specific set of "aggressive" tools sold by commercial organizations such as Hacking Team (whose tool is called RCS), Gamma International (FinSpy ) and others.
The data που έχουν υποκλαπεί με τη βοήθεια αυτών των εργαλείων (π.χ. πληροφόρηση για τις κινήσεις του ανταγωνισμού) έχουν τεράστια αξία για τους ψηφιακούς κατασκόπους. Πολλοί οργανισμοί πιστεύουν ότι η τυπική κρυπτογράφηση PGP είναι επαρκής για την προστασία των φορητών επικοινωνιών ηλεκτρονικού ταχυδρομείου, αλλά αυτό δεν είναι πάντα ο κανόνας.
"This measure does not provide a solution to the main problem. From a technical point of view, the original architecture used in e-mail messages allows metadata to be read as plain text, both in incoming and outgoing messages. Metadata includes the details of the sender and recipient, the date αποστολής/ παράδοσης, το θέμα και το μέγεθος του μηνύματος, τα συνημμένα (όπου υπάρχουν), καθώς και τον email client που χρησιμοποιείται για να στείλει το μήνυμα, μεταξύ άλλων. Για κάποιον που υλοποιεί μια στοχευμένη επίθεση, οι πληροφορίες αυτές είναι αρκετές για να ανακατασκευάσει το χρονοδιάγραμμα των συνομιλιών, να μάθει πότε οι άνθρωποι επικοινωνούν μεταξύ τους, για ποιο πράγμα μιλούν και πόσο συχνά επικοινωνούν. Με τον τρόπο αυτό, οι κακόβουλοι φορείς είναι σε θέση να μάθουν αρκετά για τους στόχους τους», δήλωσε ο Dmitry Bestuzhev, ειδικός της Παγκόσμιας Ομάδας Έρευνας και Ανάλυσης της Kaspersky Lab.
To overcome this problem, many "sensitive" talks are now done via mobile devices, using secure applications and end-to-end encryption, which ensure either that no metadata is generated or that the metadata is de-identified.
"This development has led digital spies to develop new weapons capable of spying on both the digital and real life of their goals. Once the mobile malicious program is installed on the target device, it can spy on all "secure messages" and secretly turn on the camera and microphone of the device. This allows malicious players to gain access to the most "sensitive" conversations, even those made off-the-record and / or "face-to-face," added Dmitry Bestuzhev.
However, there are additional measures that could help protect private mobile communications from third party access. In this context, Dmitry Bestuzhev recommends:
- Always use VPN to connect to the Internet. This ensures that network traffic can not easily be intercepted, and the "sensitivity" to malicious programs, which can be "injected" directly into a lawful application that can be "downloaded" from the Internet
- Avoid charging mobile devices using a USB port connected to computers, as this can lead to "infections" through special malware installed on a computer. Using a charger is the most appropriate option
- Use an anti-malware program for mobile devices. Today, it appears that the future of these solutions lies precisely in the same technologies that are already being used for the security of computers (eg defaultdeny and whitelisting solutions)
- Please use a password to protect mobile devices, not a PIN. If the PIN is found, cyber-attackers can get physical access to the mobile device and install malicious software without the user's knowledge
- Να αξιοποιούνται λύσεις κρυπτογράφησης στις μνήμες αποθήκευσης δεδομένων των φορητών συσκευών. Αυτό είναι ιδιαίτερα σημαντικό για συσκευές που επιτρέπουν την export memory cards/discs. If attackers can extract your memory by connecting it to another device, they will be able to manipulate the operating system and data in general
- Do not jailbreak on mobile devices, especially if someone is unaware or uncertain of how this will affect a device
- Do not use second-hand mobile phones as they may have pre-installed malware
- In any case, "conventional conversations" in a physical environment are always safer than those conducted by electronic means.
More information about the dangers of mobile malware and data protection from these threats is available at Dmitry Bestuzhev's website Securelist.com.
The products Kaspersky Lab detects and blocks successfully all known malware for mobile devices.