Security by Design: A Tech Imperative

The Escalating Threat of Cybercrime and Mobile Device Security

Cybercriminals are increasingly skilled at leveraging current events and popular trends to distribute malware and compromise the personal information of unsuspecting individuals.

Whether it involves applications linked to popular television programs, health advisories concerning COVID-19, or tracking delayed package deliveries, the outcome is frequently the same: compromised devices resulting in financial loss or identity theft.

The Role of the Secret Service and Cybersecurity Hygiene

While widely recognized for presidential protection, the U.S. Secret Service also has a crucial mandate to safeguard the nation’s financial infrastructure and payment systems.

This involves preserving the integrity of the economy against diverse financial and electronic crimes, including counterfeiting, bank fraud, illicit financing, identity theft, and cybercrimes.

Fundamental cybersecurity hygiene is paramount in defending devices against prevalent malware types.

However, inherent security measures within technology itself are also necessary to counter these advanced cyberattacks.

The Rise of Mobile Device Exploitation

The Department of Homeland Security (DHS) advises users – and mandates for enterprises – to avoid sideloading apps and utilizing unauthorized app stores.

The COVID-19 pandemic presented a significant opportunity for cybercriminals, allowing them to profit from our increased reliance on technology.

According to Paul Abbate, Deputy Director of the FBI, this period witnessed an “internet crime spree.”

The FBI’s Internet Crime Complaint Center (IC3) recorded 791,790 complaints in 2020, nearly doubling the previous year’s total and marking the largest year-over-year increase on record.

Specific Examples of Recent Cyberattacks

One particularly deceptive tactic involved text messages prompting users to download an app for vaccine appointments, which then deployed malware to contacts, potentially stealing personal or banking data.

The U.K.’s National Cyber Security Centre (NCSC) issued an alert regarding a new malware strain, FluBot, delivered via links promising package tracking updates.

FluBot compromised users’ bank and financial account details, with researchers noting “tens of thousands” of malicious SMS messages sent hourly.

Cybercriminals are even exploiting the popularity of the television show “Squid Game” by distributing malware through related mobile applications.

The Dominance of Mobile Access and Increased Targeting

Mobile devices have become the primary means of accessing the internet, accounting for 61% of all U.S. website visits in 2020.

This shift has led to increased targeting of mobile devices, with complaints of phishing and smishing attacks – malicious emails or SMS texts – more than doubling between 2019 and 2020.

As the holiday shopping season approaches, with over 55% of shoppers expected to make at least one mobile purchase, taking precautions is crucial.

Recommended Protective Measures

The NCSC recommends regular device backups, virus detection software, and installing apps only from manufacturer-recommended app stores.

The DHS echoes this advice, adding the importance of regularly updating operating systems, apps, and software, as well as adopting multifactor authentication.

These simple cyber hygiene practices create a layered defense, significantly reducing the risk of unauthorized access.

The Threat of Social Engineering Attacks

Despite the effectiveness of user actions, cybercriminals employ sophisticated techniques that exploit human psychology to deceive users and breach devices.

These social engineering attacks leverage human interaction and social skills to gain access to devices or systems, sometimes even convincing users to disable security features.

FluBot, fake vaccination sites, and malicious “Squid Game” apps are all examples of social engineering tactics.

Vulnerability Through Mobile Devices

According to the DHS’ Cybersecurity and Infrastructure Security Agency, mobile devices are particularly susceptible to social engineering attacks via text messages.

This is due to the integration of email, voice, text, and web browsing functionalities, increasing the likelihood of users falling victim to malicious activity.

The Need for Secure-by-Design Technology

The White House’s Cybersecurity Summit highlighted the need to move towards technology built with security as a default feature.

A senior White House official stated, “We need to know we’re buying secure tech.”

Secure-by-design mobile devices would integrate cyber hygiene protections directly into the device, minimizing the impact of human psychology on security.

Similar to how seat belts and airbags became mandatory car safety features, these protections could become standard.

Building a More Secure Future

Protections like multifactor authentication and restrictions on downloading apps from unofficial stores can be built into systems by design.

Devices with these inherent protections would be less vulnerable to social engineering, even for users interested in popular trends or concerned about current events.

While adhering to basic cyber hygiene recommendations is essential, we must also proactively counter sophisticated social engineering attacks and prioritize building robust security into the core design of our technology.