Cyber criminals’ next big target: mobile phones

K V Kurmanath Updated - December 01, 2014 at 09:43 PM.

Breaches can’t be prevented, firms must look at minimising impact

Mobile phones could become a soft target for cyber criminals in 2015. They could sneak in malware to lock important files and demand ransom to unlock the files.

FireEye, the US-based cyber security solution provider, has said that mobile phones will see sustained attacks by the cyber fraudsters in the New Year. Mobile attacks would deploy Cryptolocker solutions to lock files on your mobile devices, seeking a ransom. The firm said mobile ransomware will break into cloud accounts and encrypt the data.

“This model proved effective and easy for attackers on Windows computers and native users could be tricked into a similar strategy on their mobile device,” Ramsunder Papineni, Regional Director (India & SAARC), FireEye, said, while predicting the threat landscape for 2015.

The companies must learn from the massive breaches of 2014 and shift their cyber security strategy to account for the reality that a breach is inevitable and the focus should be on minimising the impact of being breached, the report said.

Ramsunder cited the example of Koler ransomware on Android platform that could lock the phones and show the message, saying that all the files were encrypted “due to viewing/storage and/or dissemination of banned pornography”. It, then, demands a few hundred dollars to unlock the files.

Cyber breaches

The cyber security breaches cost millions in fraud costs and shareholder value, loss of customer confidence and in some cases CEOs and CIOs losing their jobs.

“As we look forward to 2015, a changing geopolitical situation makes it difficult for government organisations to police the malicious activities that exist in cyber space while more devices and data move online,” he said.

Middle-layers

The fraudsters would target `middle layer’ targets like processors and companies that manage and maintain point of sales (PoS) devices for both large and mid-sized businesses. A single, successful intrusion in such businesses could provide access to pools of credit card data from many sources. “This data could rival the numbers we have seen stolen from single large victims thus far,” the report said.

Published on November 29, 2014 08:58