Due to mobile's relatively immature cyber security practices, today's cyber threat actors have the platform in their crosshairs.
As both enterprises and consumers increasingly rely on mobile services—and because mobile devices contain valuable personal information, frequently access sensitive corporate data, and are often not subject to corporate cyber security controls—it stands to reason that fraud and abuse in the mobile space will only get worse.
Examples are easy to find: RiskIQ's research team recently explored the evolution of scareware campaigns via mobile trojans in their encounter with Slempo, as well as the shady mobile traffic delivery tactics they're observing from antivirus vendors.
Cyber threat actors continue to leverage brand names to lure victims into unwittingly downloading malicious apps. It's quick and simple for them to get their software into app stores and onto user devices, and once installed, those apps can give cyber attackers full control of the device and access to a wealth of sensitive data.
The stakes are high, and anyone can be a victim. When RiskIQ ran an initial discovery for customer Publishers Clearing House, which made a significant investment in expanding their brand through free-to-play apps, they were surprised at the scope of the underground market for rogue apps and how often the PCH brand was being used to threaten their customers.
As the mobile marketplace continues to grow—Android is expected to grow in China and India's massive markets, and loyalty for iOS users is higher than ever—it's crucial to understand evolving brand abuse schemes and malware such as malvertising, browser locker, and ransomware, which are gaining popularity among cyber threat actors. That's why RiskIQ put together a report forecasting emerging trends in the mobile cyber threat landscape.