30 Jan The 4 Primary Cyber Threats for our phones and what to do
The biggest difference today for everyone in every organisation is when we look back to 5 or 6 years ago, is that we have all had to subconsciously embrace cyber threats without knowing it.
Six or seven years ago we all had one phone, one laptop, maybe just one connection or source to stream digital material. Now we all have not only multiple devices at home, and a laptop for work and a laptop for private use, but we have a PlayStation perhaps and multiple smart devices at home. But you also have everything from work and private use coming through your phone – for many of us our phones supply us news, texts, emails and music.
The phone: our primary device
The phone has now become the primary device secondary only to your laptop. Before, we used to just a little for things like Facebook or to look at images. Now everything goes through your phone – your business life, your personal life and maybe even your love life! Your food, your groceries, your healthcare, your prescriptions and if you want to get a vaccine? Go on the app. You want to book a restaurant, or a delivery? You go to the app. You want to find a partner? You go on an app. The phone has become the centre of your life.
What are the four primary threats as we use our phones more?
- Drive-by Threat means that just. Visiting a website and viewing it is enough to trigger a drive-by bug, so you only need to be lured onto a booby-trapped site to take a look. The crooks don’t need to lure you in and convince you to download and run a file, install a browser plugin or to enter loads of personal data into an online form you didn’t expect.
- Web-based Threat means that the attack can happen right inside your browser, despite all the sandboxing and other protection that is supposed to keep browsing safe.
- Zero-day Threat means that there were zero days that you could have patched in advance, because the crooks found and started exploiting the bug first, before a patch was available, and
- RCE means just what it says, namely remote code execution. Here the crooks get to run remotely supplied code of their choice, decided at the time you visit their booby-trapped website. Loosely speaking, RCE means not only that the crooks can inject and install malware onto your phone or computer without any warnings or popups that would otherwise tip you off, but also that they can vary their attack as they choose.
What to do?
Don’t delay and get updates today for your phone or other devices to avoid day-zero threats.
Even if the “in the wild” exploits for vulnerabilities are known only to selected crooks, who are keeping them carefully up their sleeves and using them only in highly targeted attack, it’s no reason to be complacent about updating.
After all, security holes that one lot of crooks already know about could just as well be rediscovered, or be bought, or get stolen, by someone else.
Don’t forget that the infamous ETERNALBLUE exploit, notoriously abused by the WannaCry virus, was apparently stolen from the US National Security Agency, even though the NSA had every reason to keep it to itself.
In other words, why stay one step behind known attackers and threats to using our phones and mobile devices when we could move ahead, is probably the best way to manage cyber threats today. We can help you with your cyber strategy and be sure to call us. We would be glad for you to speak with one our our clients and have them tell you how we do it better.