Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Mobile Threats Shouldn't be Overlooked

    Stu Sjouwerman | Jan 8, 2020

    Closeup of hands of young man in checkered shirt using mobile phone while his partners arguingPhishing attacks against mobile devices can be just as damaging to an organization as attacks targeting workstations and laptops, according to a market report by Cyber Security Hub. Employees are increasingly using their mobile devices for work, and attackers have expanded their focus accordingly.

    Jim Livermore, CDM Smith’s Principal & Director of Global Information Security, told Cyber Security Hub that ad and click fraud is one of the most common threats facing mobile devices, and it’s particularly damaging when it’s used to surreptitiously install malware. Another infection vector comes through legitimate and third-party app stores.

    “Hackers can also create malicious apps that look legitimate and have them approved for download in the phone’s app stores,” Livermore said. “Users then download them thinking they are good apps and in turn download malicious code to their phones.”

    Attackers also use drive-by downloads to compromise mobile devices. These are achieved by tricking mobile users into visiting a website and knowingly or unknowingly authorizing a download.

    “The drive-by consists of a piece of malware hidden within a website that appears innocuous,” Cyber Security Hub explains. “The hope is that a weakness in the user’s computer or device will allow for a click and subsequent infection. To do this, hackers typically use exploit kits that sniff out vulnerable websites. Once the site gets the go-ahead by an unsuspecting visitor, the malware is downloaded on the user’s device. It then contacts another computer to initiate further coding to access the device.”

    It’s important to note that almost all mobile malware campaigns involve an element of social engineering. Users can prevent these attacks by being careful about what they click on or install on their phones, and by staying up to date on the latest attack techniques. Organizations should start approaching mobile devices with the same type of vigilance they would extend to any other computer. New-school security awareness training can create a culture of security within your organization so that every threat is treated with an appropriate level of caution.

    Cyber Security Hub has the story: https://www.cshub.com/mobile/articles/email-phishing-overshadows-risk-of-mobile-malware

    Topics: Phishing Security Awareness Training

    See KnowBe4 Security Awareness Training in Action

    See how you can efficiently safeguard your organization from sophisticated social engineering threats.

    Request a Demo

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All