Mobile devices
We do a multitude of things on our mobile devices: texting, gaming, GPS, calendaring, emailing, web
browsing, social media, photo sharing, banking, streaming, even buying a home. The list goes on. With
the rise of portable devices that house all our information and online habits, so comes the rise of targeting
those devices. Mobile devices are more apt to be used as a hacker entry point due users clicking-without-
thinking and falling for phishing and social engineering schemes. If a person uses their phone for personal
and business use, which a majority of the population is known for, it becomes a juicier target for criminals
due to the increased opportunities to gain access to the device through personal and business activities.
Recently, there has been a rise in virtual worlds, live action gaming, and a pivot from console-based to
mobile-based gaming. While this innovation opens more doors for developers, it also opens up more
doors for hackers. STEM games have been a known vector for nation state actors for years, and now
with more games showing up in the app store, these games will become a gateway for cybercrime.
Greyware
Malware often hides in plain sight, disguised as legitimate apps, games or software – even available in
the official app stores waiting for unsuspecting users to download. When these programs are
downloaded and their terms and conditions are accepted, consumers are voluntarily - albeit, unwittingly
- giving these malicious programs access to read, write, modify and steal data from their phones. This is
the problem with “greyware” – it’s not black or white, or a per se violation of the rules. It finds a loophole
in the system and exploits it to evade policing. This is what cybercriminals do best. Use our own habits,
systems and blind trust against us.
Data itself is valuable. If an organization can gather info about consumers and their behavior – where
they go, what they do, and when they do it – that’s powerful information that can be used to influence
and manipulate them.
Persistent & patient cyber actors
The thing about cybercrime is that it doesn’t hit right away. Sometimes it’s a waiting game. Command-
and-control (C2), Advanced Persistent Threat groups (APT) and backdoor malware provide
cybercriminals access to devices and networks and the ability to exfiltrate data or initiate other later
attacks. They pursue their objective over months and sometimes years. They also adapt to defenses and
will most likely retarget victims.
Knowing that these factors can happen at any time, here are a few tips to help prevent cyber attacks:
- Think before clicking. Beware of phishing and social engineering in traditional channels (emails
and social media) and emerging channels (gaming). Behavioral-based detection & IDS/IPS
solutions (like Rubica) can help detect and block malicious sites and software, but educating your