A virus is a malicious software that is loaded unto a user’s device without his knowledge which upon execution, rapidly replicates itself by modifying other programs and inserting its own code. Subsequent to the successful replication, the affected areas are then said to be “infected” with a virus. It can spread can spread from one device to another and cause interference with operations. They are designed to infect your programs and files, alter the way a device operates or stop it from working altogether.

Typically, viruses were a big bother in the past- do they still exist? And with access to the internet previously prevalent on computers and laptops now moved to Android phones, how come there are no concerns about malicious software codes these days?

Some notable malicious codes (note what each of them does, check out the last one!) include:

• Rabbit Virus- developed to cause system disruptions that adversely affected overall system performance. This continued until complete system failure or crash was achieved.
• Jerusalem Virus- developed to destroy all files in an infected PCs on the thirteenth day that falls on a Friday
• Beast or RAT: capable of infecting all versions of Windows OS
• Zeus- infected used capture login credentials from banking web sites to commit financial fraud
• Cryptolocker- encrypts the files on an infected machine and demands a ransom to unlock the files
• Backoff- designed to compromise Point-of-Sale (POS) systems to steal credit card data.
• Emotet- delivered via malicious download links or attachment, it is a modular infostealer that downloads or drops banking trojans
• ZeuS- activated when the user visits a banking website, it is a modular banking trojan which uses keystroke logging to compromise victim credentials
• Dridex- disseminated via malspam campaigns, it is a malware banking variant that uses malicious macros in Microsoft Office with either malicious embedded links or attachments
• IcedID- is a modular banking Trojan propagated across a network by infecting terminal servers on unsuspectinig Banks, Payment card providers, and Payroll websites. It monitors a victim’s online activity by setting up local proxies for traffic tunneling, employing web injection and redirection attacks.
• Gh0st- a RAT used to control infected endpoints. It is dropped by other malware to create a backdoor into a device that allows an attacker to fully control the infected device
• Mirai is a malware botnet known to compromise Internet of Things devices in order to conduct large-scale Distributed Denial of Service attacks.
• Shamoon, Black Energy, Destover, ExPetr/Not Petya & Olympic Destroyer- are all wiper malwares with a singular purpose of destroying systems and/or data, usually causing great financial and reputational damage to casualty companies.
• Android/Filecoder.C (Ransomeware): Using victims’ contact lists, it spreads via SMS with malicious links which are sent to all contacts on the victim’s contact list. After sending out the batch of malicious SMSs, it encrypts most user files on the device and requests a ransom.

With the prevalence of Mobile phones over desk tops, the popularity of viruses seem to have waned (or has it?). In the subsequent sections, I will try to explain why it seems so.

A mobile phone is a computer with a specific form factor (size, power, expected speed and capacity, optimized for different purposes and business models) that has a cellular modem and access to cellular networks for data and voice call capabilities. Majority of application on mobile phones have an increased reliance on back-end servers on the network which do most of the heavy computational lifting, with some exceptions. They are generally used like a computer due to their ability to surf the Web and use computer software.

Mobile operating systems were built on what was Computer Operating Systems accomplished. Operating systems designed for computers and laptops are full-featured. Designed to take advantage of fast CPUs, large amounts of disk space, and high amounts of memory, they also utilize the features of modern chipsets that are not available on most mobile devices. Mobile operating systems (Android and iOS) are specialized for a specific set of devices. By default, they don’t provide complete access to a system hardware (Administrator or “root” access). They also have stricter hardware requirements because the ecosystem of mobile apps and devices is strongly connected to specific hardware features.

In the most basic form, a cell phone is essentially a two-way radio, consisting of a radio transmitter and a radio receiver. When you chat with your friend on your cell phone, your phone converts your voice into an electrical signal, which is then transmitted via radio waves to the nearest cell tower. The network of cell towers then relays the radio wave to your friend’s cell phone, which converts it to an electrical signal and then back to sound again. In the basic form, a cell phone works just like a walkie-talkie. In additional to the basic function of voice calls, most modern cell phones come with additional functions such as web surfing, taking pictures, playing games, sending text messages and playing music. More sophisticated smart phones can perform similar functions of a portable computer.

Cell phones use radio waves to communicate. Radio waves transport digitized voice or data in the form of oscillating electric and magnetic fields, called the electromagnetic field (EMF). The rate of oscillation is called frequency. Radio waves carry the information and travel in air at the speed of light.

The Android OS has around 75–80 percent of the worldwide smartphone market- this makes it not merely the world’s most popular mobile operating system.

Google has battled an ever-increasing number of malware apps on the app store. Partly because of the open nature of the platform, it’s an issue that will keep occurring. From counterfeit apps and games to copycat apps that silently serve adware on infected devices, Spyware to apps pushing ads to generate fraudulent revenue, Premium service abuse- where text messages are sent from infected phones to premium-rated telephone numbers without the consent or even knowledge of the user, to Sending personal information to unauthorized third parties, the gamut of threats on Android devices has vastly expanded in scope.

An Application Programme Interface (API) is a set of functions and procedures allowing the creation of applications that access the features or data of an operating system, application, or other service. It is a software intermediary that allows two applications to talk to each other. Each time an app like Facebook or WhatsApp is used to send an instant message, or check the weather…on a mobile phone, an API is in use. When an application is used on a mobile phone, the application connects to the Internet and sends data to a server. The server then retrieves that data, interprets it, performs the necessary actions and sends it back to the phone. The application then interprets that data and presents the user with the information requested for, in a readable way. APIs have become so valuable that they comprise a large part of many business’ revenue.

Smartphones typically access the internet & relate with their respective Telcos through Application Programming Interfaces (APIs), coincidentally rich targets for cyber criminals. Because they are not intended for human use, APIs are often set up to access any data within the application environment and permissions are used for making user requests and passing them on to the API- the BIG PROBLEM here is that these can be easily compromised by hackers who can bypass the user authentication process, going directly to the downstream app and because the API have unrestricted access, attacks through the API provide attackers with visibility into everything.

Various forms of attack can include: the use of URIs (uniform resource indicators), methods, headers and other parameters, typical web attacks, such as injection, credential brute force, parameter tampering, and session snooping can also work very easily. Earlier in 2018, Google discovered a vulnerability in an API for the company’s social networking effort Google+, which made it possible for third-party app developers to access data from the friends of the app users – echoing the major Facebook data scandal relating to Cambridge Analytica. Apparently, a bug with the site was providing outside developers with access to Google+ profile data between 2015 and March 2018, when the issues was fixed.

The Internet, the inexhaustible worldwide ecosystem of interconnected network has no centralized authority (or so some people think!). Is it safe to assume that at the country level, ISPs and Telcos are the exclusive entities providing access to the internet over transit, connectivity, and services on top, for servers, desktops, mobile phones and IoT devices. With this supposed unique positioning of Telcos, as the gatekeepers of internet in most African countries, all Telcos should have the means and the where with all to prevent malicious attack, malware & other possible attacks outlined earlier in the write up – unlike end users and SMEs who generally are not capable to have such resources.

Some recent issues include:

1.        A female hacker, Paige Thompson- accused of stealing personal information of 106 million customers (or one-third of America’s population!) across 30 different organizations!

2.     North Korea allegedly used 35 cyber attacks to steal $21 billion from foreign financial institutions and spent the money on its weapons programmes.

3.      Ransomware cases e.g. City Power- one of the companies that supplies electricity to South Africa’s biggest city Johannesburg. Leaving residents without power, the ransomware encrypted all their databases, applications and network. It also affected the company’s prepaid vending system, which has made it impossible for people to ‘refill’ their accounts and buy electricity units. Also, in Florida U.S.A., two communities have paid about $1 million to get their files decrypted- and this payments most likely would have been made via bitcoins over the dark web!

4.       The Starwood Hotels breach, which provided unauthorized access (had been occurring since 2014, but was just discovered in September 2018!), inadvertently exposed the names and private information of about 500 million of the hotel chain’s guests.

5.      About 2 million T-Mobile customers based in the US had their account details compromised by hackers who got away with names, email addresses, account numbers, billing information and encrypted passwords. The company servers were breached through an API

6.      Over 50 million accounts were exposed when a Cyber gang injected a credit card skimming code into the Newegg website and whenever a customer bought something online, that payment info went straight to the gang’s Command and Control server.

To mitigate these threats and others in this category, although most Telcos, ISPs & Commercial Banks have implemented 2-factor authentication for their customers and most apps are downloaded from the Google or Apple play stores, efforts should also be made to:

1. Create an inventory for their APIs and understand their implications to their architecture and failure modes
2. Require authentication for APIs; restrict permissions for APIs
3. Encrypt ALL API connections
4. Use API-specific tools such as proxies or firewalls
5. Test APIs using perimeter scans, vulnerability assessments, and penetration tests

JAVA APIs were used in developing the Android OS which has over 3 billion users worldwide- these users accessing the internet mainly through Telcos which have now become ISPs. Financial transactions constitute a large percentage of internet activity- which inadvertently occurs through Commercial Banking Apps, Online or other Payment Gateways. How prepared are Telcos & Commercial Banks of the inherent security risks posed by APIs?

Apart from the afore-mentioned companies, every other company is a target when it comes to cyberattacks, and there only needs to be a single vulnerability to enable a breach. While cybercriminals will always find new ways of gaining access, there are ways to reduce risk and minimize the loss of data.

From the above that malicious codes, previously popular Viruses, Trojans e.t.c. are gradually being overtaken by ransomware & attacks at the API level.

With the spate of apologies being made by firms who have been breached, do you think Telcos, Fintechs & Commercial Banks in Africa are ready to protect us… the users?

The post Are Viruses Dead on Mobile Phones…Are Telcos, Fintechs & Commercial Banks prepared for what is replacing them? appeared first on Innovation Village.