The sudden increase in remote work that many companies have instituted over the past couple of months introduced a new set of cybersecurity risks to organizations. The fundamental problem: Communication that is entirely online makes it much easier for bad actors to use deception to gain access to systems. This type of hack, generally known as social engineering, relies on con artistry rather than code.
Cybercriminals typically try to take advantage of crises such as the coronavirus outbreak or other events with mass media coverage to spread malware for a variety of reasons, primarily for short- or long-term gains
There are malicious applications, masquerading as innocuous Coronavirus apps, that are designed to take control of Android devices. Once the malicious application is installed, a hacker takes intrusive control of the device via a remote shell, accessing a person’s calls, SMS, calendar, files, contacts, microphone and camera, in addition to write, add and send privileges.
The malicious applications are not found on Google Play Store, but are discovered in new Coronavirus-related domains, which researchers believed to be created specifically for the intention to deceive the masses by leveraging the fear circling Coronavirus. Most frightening is the speed and ease of which these device takeover apps can be created, and who can create it.
The origins of some of the malicious applications were crafted via Metasploit, a free-penetration testing framework that makes hacking simple. Using Metasploit, anyone with basic computer knowledge can craft the same malicious applications in just 15 minutes.
Some of additional advices I have for mobile users are:
- Be cautious with signing into apps with social network accounts. Some apps are integrated with social network sites in these cases,the app can collect information from your social network account and vice versa.
- Ensure you are comfortable with this type of information sharing before you sign into an app via your social network account.
- Watch out for scams and phishing attempts on your phone, either by SMS or email. Be cautious about clicking on links or opening e-mail attachments from untrusted sources, as they may be from a fraudulent source masquerading as a friend or legitimate company.
- Many apps request users to save the password in order to prevent them from repeatedly entering the login credentials. This is an unsafe practice, in an event of mobile theft, these passwords can be harvested to gain access to personal information.
- Public Wi-Fi networks present an opportunity for attackers to intercept sensitive information. When using a public or unsecured wireless connection, avoid using apps and websites that require personal information like a username and password. Additionally, turn off the Bluetooth setting on your devices when not in use.
- Avoid jailbreaking or tampering with mobile device factory security settings as it makes the phone more susceptible to attacks.
- Also, be cautious while charging your phone and avoid connecting it to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library.