If you think surfing the web on your smartphone is safer than doing it on your PC, you’re wrong. Symantec has just released a handy infographic highlighting the different threats that’s been targeting smartphones lately, and it ain’t pretty. Malware is on the rise, as well as socially engineered attacks with no sign of tapering off soon. We’ve included the text that accompanied the infographic so you can better grasp the dangers that are targeting your smartphone.
- Web-based and network-based attacks: These attacks are typically launched by malicious websites or compromised legitimate websites. The attacking website sends malformed network content to the victim’s browser, causing the browser to run malicious logic of the attacker’s choosing.
- Malware: Malware can be broken up into three high-level categories: traditional computer viruses, computer worms, and Trojan horse programs. Traditional computer viruses work by attaching themselves to legitimate host programs; computer worms spread from device to device over a network while Trojan horse programs don’t self-replicate, but instead perform malicious actions, including compromising the confidentiality, integrity, or availability of the device or using its resources for malicious purposes.
- Social Engineering Attacks: Social engineering attacks, such as phishing, leverage social engineering to trick the user into disclosing sensitive information. Social engineering attacks can also be used to entice a user to install malware on a mobile device.
- Resource Abuse: The goal of many attacks is to misuse the network, computing, or identity resources of a device for unsanctioned purposes. The two most common such abuses are the sending of spam emails from compromised devices and the use of compromised devices to launch denial of service attacks on either third-party websites or perhaps on the mobile carrier’s voice or data network.
- Data Loss: Data loss occurs when an employee or hacker exfiltrates sensitive information from a protected device or network. This loss can be either unintentional or malicious in nature. In one scenario, an enterprise employee might access their work calendar or contact list from a mobile device. If they then synchronize this device with their home PC, for example, to add music or other multimedia content to the device, the enterprise data may be unknowingly backed up onto the user’s unmanaged home computer and become a target for hackers. In an alternative scenario, a user may access a sensitive enterprise email attachment on their mobile device, and then have their device stolen. In some instances, an attacker may be able to access this sensitive attachment simply by extracting the built-in SD flash memory card from the device.
- Data Integrity Threats: In a data integrity attack, the attacker attempts to corrupt or modify data without the permission of the data’s owner. Attackers may attempt to launch such attacks in order to disrupt the operations of an enterprise or potentially for financial gain (for example, to encrypt the user’s data until the user pays a ransom fee). In addition to such intentional attacks, data may also be corrupted or modified by natural forces (for example, by random data corruption).