Call Me, Beep Me if You Wanna Reach Me (And Steal My Data): Malvertising in the Mobile Device Landscape

Awhile back I had made a prediction in the blog ‘Palm Reading: How Hackers Steal Data from the Palm of your Hand Via Mobile Applications’ that mobile applications will become hacker’s target of choice in 2017.I decided based on some further research that it is not just mobile applications that are at risk, but mobile devices in their entirety that are in danger.Mobile devices are the target because of their many nuances. Hackers can gain access to app data, and can also manipulate the microphone, camera, text history, and call history. This causes smartphones to be the device where your most sensitive data lives.Recently, Gartner published its “Predicts 2017: Endpoint and Mobile Security” report. One of the highlights was that their data points to an increase in mobile attacks and vulnerabilities, which seems like an obvious trend.“There are still two main causes of data loss on mobile devices: physical device loss and misuse of apps. What has changed is the severity of the consequences,” stated Gartner’s research director Dionisio Zumerle.But some reasons that mobile attacks could be even further on the rise are due to the fact that your phone has so many uses- chances are it’s your mobile wallet, your GPS, your email hub and your social media dashboard. That said, more data could equate to more danger.I have noted that the top three reasons for mobile security incidents include lost/stolen devices, mobile malware, and employees disabling security features. Mobile malware is quickly becoming a growing concern, up 19% from 2012. Since there is a much stronger personal connection to mobile devices, people are utilizing their devices for work purposes in addition to personal use. When that occurs, employers have little control over the security of these devices, as you know. What was initially a personally problem has now become an issue on the organizational level as well.Likewise, threats themselves in the mobile device landscape have escalated to be more sophisticated.On sophisticated type of attack involves Malvertising. 

Malvertising (Malicious Advertising) attacks involve the use of online advertising channels to infiltrate malware into the computers of unsuspecting users by embedding malicious code within legitimate advertisements on trusted websites.”

Often involving the exploitation of trustworthy companies, malvertising attempts to spread malicious ads through ‘clean’ advertisements on trustworthy sites first in order to gain a good reputation. Later they "insert a virus or spyware in the code behind the ad, and after a mass virus infection is produced, they remove the virus,” infecting all visitors of the site during that time period.The identities of those responsible are often hard to trace because the "ad network infrastructure is very complex with many linked connections between ads and click-through destinations.”

Mobile ad spending will double between 2016 and 2019, reaching 195 billion dollars, accounting for 70.1% of digital ad spend.”

As you can see from a volume standpoint, the issue is critical.According to ecoedge.com, “A study with a focus on the digital advertising sector found that malvertising, piracy, and invalid traffic joined forces to comprise the bulk of malicious factors that costs the industry $8.2 billion a year. Malvertising alone accounted for $1.1 billion in lost revenue.”And in an earlier study from the Nokia Threat Intelligence Report, details of mobile threats are shared, the report stating “Smartphone malware infections increased by 96% over the year to April 2016; smartphones account for 78% of all mobile infections; and the number of infected mobile devices peaked at 1.06% in April 2016.”To get to the heart of the issue, your mobile device is the gateway to your data; without it your daily life would be much more complicated. The ability to integrate your device into various aspects of your life, including work, has become both a benefit and a challenge.A large part of this challenge is the fact that mobile devices present so many vulnerabilities that hackers are taking advantage of on a daily basis, and their attacks are becoming more intense with the use of sophisticated means such as malvertising.Tactics like the one described will only become more prevalent with the continued rise of digital advertising.So, what can be do to protect ourselves?Many blogs will tell you, and I’ll agree- educate yourself on mobile device security. This is information everyone with a mobile device should know, from teenagers to your Grandma. Learning what to look out for and implementing preventative measures is much easier than you think.Especially with the Mobile Device Security Fundamentals Skill Certification Test on Cybrary. I took the test for my own personal use and found it incredibly helpful. It teaches troubleshooting knowledge, as well as how to securely deliver updates and applications to mobile devices.With new devices and applications being developed daily, it is critical to stay informed of these emerging technologies. It is also imperative to utilize troubleshooting methods from both the perspective of people and servers if you’re in an IT role.For a limited time, use code MOBILEFUN to take this test for FREE and protect you and your family’s devices.Olivia Lynch (Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog