Advertisment

Major political and economic events are hot favorites of cyber snoopers!

Many of the cyber-snoopers in recent years were found to make use of sophisticated mobile malware, capable of infecting a range of mobile devices and stealing all kinds of valuable information.

author-image
Soma Tah
New Update
Loreal image courtesy audfriday at freedigitalphotos e

BANGALORE, INDIA: Significant events, like the World Economic Forum, such as the upcoming World Economic Forum in Davos which serve as a hub for important conversations and attract high-profile visitors from all over the world-also attracts malicious cyber-espionage groups and snoopers.

Advertisment

Many of the cyber-espionage groups in recent years were found to make use of sophisticated mobile malware, capable of infecting a range of mobile devices and stealing all kinds of valuable information.

The data stolen with help of such tools, such as competitive intelligence, is of immense value to cyber-snoopers. Many organizations believe that standard PGP encryption is sufficient to protect mobile email communications, but this is not always the case.

"This measure doesn’t solve the core problem. From a technical perspective, the original architectural design used in emails allows for metadata to be read as plain text on both sent and received messages. This metadata includes details of the sender and the recipient as well as the sent/receipt date, subject, message size, whether there are attachments, and the email client used to send out the message, among other things. This information is enough for someone undertaking a targeted attack to reconstruct the timeline of conversations, learn when people communicate with one another, what they talk about, and how often they communicate. In this way, the threat actors are able to learn enough about their targets," said Dmitry Bestuzhev, security expert at Global Research and Analysis Team, Kaspersky Lab.

Advertisment

To overcome this, many sensitive conversations now take place over mobile devices using secure applications and end-to-end encryption with almost no metadata or where metadata is basically impersonal.

“This development has led cyber-spies to develop new weapons capable of spying on both the digital and actual lives of their targets. Once mobile malware is installed on the target’s device it can spy on all secure messages and also secretly and invisibly activate the device’s camera and microphone. This allows the threat actors to gain access to the most sensitive conversations taking place, even those which take place off-the-record and face-to-face,” added Bestuzhev.

However, there are additional measures that could help to protect private mobile communications from third party access. In his article, Dmitry Bestuzhev recommends the following:

  • Always use a VPN connection to connect to the Internet. This helps to ensure that your network traffic cannot easily be intercepted and reduces its susceptibility to malware that can be been injected directly into a legitimate application being downloaded from the Internet.
  • Do not charge your mobile devices using a USB port connected to a computer, as it could be infected with special malware installed on the PC. The best thing you can do is to plug your phone directly into the AC power adapter.
  • Use a mobile anti-malware program. It has to be the best one. It seems that the future of these solutions lies precisely in the same technologies already implemented for desktop security: Default Deny and Whitelisting.
  • Protect your devices with a password, not a PIN. If the PIN is found, the cyber-attackers may gain physical access to your mobile device and install the malware implant without your knowledge.
  • Use encryption in the data storage memories that come with your mobile devices. This advice is especially topical for devices that allow for the extraction of memory disks. If attackers can extract your memory by connecting it to another device, they'll be able to easily manipulate your operating system and your data in general.
  • Do NOT Jailbreak your device, especially if you're not sure how it will impact your device.
  • Don't use second-hand cell phones that may come with pre-installed malware. This advice is especially important if your cell phone comes from someone you don’t know well.
  • Finally, bear in mind that, conventional conversations in a natural environment are always safer than those carried out electronically.
cyber-security tech-news security