As the World Economic Forum in Davos approaches, Kaspersky Lab experts want to warn attendees about the risk of cyber-espionage attacks using malware designed for mobile devices. Many of the cyber-espionage groups investigated by Kaspersky Lab experts in recent years were found to make use of sophisticated mobile malware, capable of infecting a range of mobile devices and stealing all kinds of valuable information.
Significant events, like the World Economic Forum, serve as a hub for important conversations and attract high-profile visitors from all over the world. But a high concentration of important people in one place also attracts malicious cyber-attackers, who consider public events a good opportunity to gather intelligence with the help of targeted malware.
According to Kaspersky Lab statistics, at least five of the sophisticated cyber-espionage campaigns discovered in recent years have made use of malicious tools capable of infecting mobile devices. Sometimes these are custom-made malicious programs, created and propagated during a given cyberespionage campaign, as was seen in the Red October, Cloud Atlas and Sofacy campaigns. In other cases, the malicious actors tend to use so-called commercial malware: a special set of offensive tools sold by commercial organizations like HackingTeam (whose tool is called RCS), Gamma International (FinSpy) and others.
The data stolen with help of such tools, such as competitive intelligence, is of immense value to cyber-spies. Many organizations believe that standard PGP encryption is sufficient to protect mobile email communications, but this is not always the case.
"This measure doesn’t solve the core problem. From a technical perspective, the original architectural design used in emails allows for metadata to be read as plain text on both sent and received messages. This metadata includes details of the sender and the recipient as well as the sent/receipt date, subject, message size, whether there are attachments, and the email client used to send out the message, among other things. This information is enough for someone undertaking a targeted attack to reconstruct the timeline of conversations, learn when people communicate with one another, what they talk about, and how often they communicate. In this way, the threat actors are able to learn enough about their targets," - said Dmitry Bestuzhev, security expert at Global Research and Analysis Team, Kaspersky Lab.
To overcome this, many sensitive conversations now take place over mobile devices using secure applications and end-to-end encryption with almost no metadata or where metadata is basically impersonal.
“This development has led cyber-spies to develop new weapons capable of spying on both the digital and actual lives of their targets. Once mobile malware is installed on the target’s device it can spy on all secure messages and also secretly and invisibly activate the device’s camera and microphone. This allows the threat actors to gain access to the most sensitive conversations taking place, even those which take place off-the-record and face-to-face,” – added Dmitry Bestuzhev.
However, there are additional measures that could help to protect private mobile communications from third party access. In his article, Dmitry Bestuzhev recommends the following:
Read more about the risks that mobile malware implants bring to the users of mobile devices and how to protect data from such threats, in the article by Dmitry Bestuzhev on Securelist.com.
Kaspersky Lab’s products successfully detect and block all known mobile malware implants.