How cybercriminals are stealing and manipulating mobile data

By Karin Kelley

| Healthcare

Today, cybercriminals are not only trying to steal your data, but they’re also trying to alter it for nefarious purposes — and mobility is only widening the attack footprint. According to a survey conducted by Crowd Research Partners, 39 percent of the 800 respondents reported that personally owned devices used in the BYOD model or corporate-owned devices have downloaded malware at some point, compromising mobile data security within the organization. Nevertheless, most businesses are implementing BYOD programs to increase employee productivity and satisfaction, requiring them to rethink their mobile security strategies.

Mobile data and device threats are on the rise

There are several ways cybercriminals gain access to mobile devices and mobile data, whether the intention is to sell that data or to manipulate it in some way for extortion or other malicious purposes. For instance, mobile apps are often the weak point when it comes to data linkage. Unwitting users may download an app from an official app store and give it sweeping permissions without checking for security features, which leaves data vulnerable. Data leakage can also happen from malware-infected mobile apps that use the native distribution code of mobile operating systems such as iOS and Android to covertly spread data across corporate networks.

Cybercriminals also gain access to unsecured wifi networks through network spoofing, phishing attacks, known vulnerabilities in cryptography algorithms, spyware and improper session or authentication practices. Other vulnerabilities lay within the mobile OS itself. For example, consider the issue of Android fragmentation. With so many variations and customized interfaces that carriers and device manufacturers incorporate into their devices, critical security patching and OS updates can be a significant challenge, leaving mobile data and devices wide open for cybercriminals to compromise.

New focus on manipulating mobile data

It’s no secret cybercriminals steal corporate or personal data to sell or expose to the public, but a disturbing new trend that is emerging is black-hat hackers actually manipulating that data. The most notable example was the Stuxnet worm that altered instructions sent to programmable logic controllers in Iran’s uranium enrichment facilities. According to The New York Times, this worm ultimately destroyed one-fifth of Iran’s nuclear centrifuges.

The following are some other examples of data integrity manipulations:

  • Financial
    Though criminals have been stealing credit card numbers for a long time, they are now having a hard time making money from stolen credit card numbers. Today, more sophisticated malicious hackers are also manipulating credit scores to get better rates on loans and ultimately make more money from transactions.
  • Corporate competition
    While corporate espionage is already well documented, cybercriminals are also manipulating data to gain a competitive advantage in new ways. For example, in the healthcare industry, a firm could use black-hat hackers to infiltrate an organ donor database to manipulate patient data and ultimately get its patients higher on the list.
  • IoT
    Devices are getting smarter and more connected, which presents a huge opportunity for cybercriminals to manipulate data and take down entire networks. Major cities around the world are going “smart” with things such as sensor-based traffic control systems. Criminals can infiltrate these systems and stop traffic, causing major mayhem.
  • Intellectual property
    Companies that are developing competing products can use hackers to infiltrate research and development and intellectual property systems and then tweak the code to break it or seriously hamper development, thereby gaining an advantage in the market.
  • Information and identity
    Malicious hackers that gain access to authentication and identity management systems can alter permissions for inside users, either by taking control of a user’s identity or by preventing authorized users from accessing business-critical systems and data. Cybercriminals also target news organizations and social media websites by publishing fake articles that can compromise the reputation of a person or organization. They could also spread misinformation for some politically motivated or malicious purpose.

Though the entire IT landscape is fair game to increasingly sophisticated cybercriminals, the new focus is on manipulating the data that has been compromised. With the rise of mobility in a hyperconnected world, largely unsecured mobile data and devices are only increasing the attack footprint.

Written By

Karin Kelley

Independent Analyst & Writer

Karin is an independent industry analyst and writer, with over 10 years experience in information technology. She focuses on cloud infrastructure, hosted applications and services, end user computing and related systems management software and services. She spent nearly eight years…

Other Articles by Karin Kelley
See All Posts