3 minute read
Test and measurement
Making a date with malware
Mobile internet use is believed to be at or around only 49% in Africa – but take-up is growing fast. This, however, could have major security implications, as Lehan van den Heever, enterprise cyber security advisor, Kaspersky in Africa, tells Ron Murphy.
MOBILE INTERNET HAS a clear appeal in all regions, but in Africa, where access to fixed line communications is not the norm, mobile could eventually be the dominant platform for internet access. Does that mean we should be considering the security implications of widespread mobile internet use?
Lehan van den Heever, enterprise cyber security advisor with cybersecurity company Kaspersky in Africa, suggests education is the key. “If people are not aware of the cyberthreats in the mobile internet landscape, they cannot be expected to defend themselves against them,” he says. And of course, given the potential for mobile internet growth on the continent, Africa will become an attractive target for cyberattacks.
Thus, he suggests, the mobile threat trends of 2019 in major markets – including malware, stalkerware and accessibility services exploitation – will turn their focus on the African continent. He warns, “In the rush to embrace the mobile internet and all the associated advantages it brings such as online banking, shopping, accessing streaming content and the like, care must be taken to not ignore cybersecurity foundations and best practices. Much of this comes down to applying common sense – such as not installing apps from unknown sources, checking the permissions of apps, and using difficult-to-guess passwords to log in to online accounts.”
As for how well informed end users are in Africa, when a previously disconnected population gets access to mobile internet many people may not understand what constitutes good cybersecurity practice. Van den Heever suggests, “Service providers must take responsibility for education, but, for their part, users must be open to embrace this and learn from it.”
Users should therefore consider getting training on how best to use the mobile internet. “A lot of this education is freely available online. However, it comes down to understanding why there is a need for it and then practically applying learnings to online experiences,” says van den Heever, adding, “Having a cybersecurity solution installed on devices helps to mitigate against some of the risks, but it is not a silver bullet that guarantees safety against all possible cyberthreats.”
Learning procedures have their ups and downs, of course. As van den Heever says, “Free security awareness training on remote working from Kaspersky and [adaptive learning company] Area9 Lyceum has seen participants enact correct responses 66% of the time. However, even when learners were wrong, they mostly remained confident in their competences. The most difficult learning objectives proved to be virtual machines, updates, and reasons why people should use corporate IT resources even while working outside the office.” There’s also a broader concern around hackers continually leveraging newsworthy events –such as Covid-19, the US presidential elections and major sporting events – to distribute malicious software. There’s also adult content. “Kaspersky research has shown that even though fewer tags were used to spread threats disguised as porn in 2019 (as opposed to the year before), the number of users attacked by mobile porn-related threats and potentially unwanted applications doubled – reaching 42,973 users attacked compared to 19,699 in 2018.”
Potentially unwanted applications (PUAs) are another growing threat to mobile internet users. “Not only are PUAs increasingly widespread, but they are also more potent than traditional malware. This can partly be attributed to how these applications are more difficult to notice. Even when they are detected, the creators are likely not considered to be cybercriminals. End users are not always aware that they consented to the installation of these applications in the first place. In some instances, these are used as decoys to hide malware downloads.” Again he advises that users try to install cybersecurity solutions that can detect the presence of these PUAs, their impact on the device, and their activity levels.
A growing number of mobile threat trends are now focusing on the African continent.
