As the world transitions into a digital age, an emerging trend is the increasing preference for digital payments. A recent study reveals that more and more people are starting to interact with their banks and manage their accounts through their smartphones. However, with this rise in online interactions and transactions also comes an alarming concern: the escalation of cybersecurity threats directed at mobile devices.
The Nature of Cyber Threats
Cyber threats are malicious acts intended to disrupt digital activities, damage data or purloin it. These encompass computer viruses, data breaches, Denial of Service (DoS) attacks, and other avenues of digital attacks.
Various Types of Cyber Threats
These threats can take many forms, including:
–Malware: Referring to malicious software, malware intends to harm computers, servers, or entire network systems. The term encapsulates a variety of harmful softwares, including ransomware, spyware, worms, viruses, and Trojans.
–Phishing: This method involves the use of fraudulent emails and websites to collect personal information.
–Denial of Service attacks: Denial-of-Service (DoS) attacks intend to incapacitate machines or networks, rendering them inaccessible to users by overwhelming them with traffic or information that results in a crash.
–Man-in-the-middle (MitM) attacks: Also known as eavesdropping attacks, these occur when attackers interject themselves into a two-party transaction to intercept, filter, and steal data.
–Social engineering: An attack which exploits human interaction, tricking users into breaking security protocols to acquire sensitive, typically protected information.
Cyber Threat Issues Concerning Mobile Banking
Mobile banking, which is increasingly becoming the preferred mode of banking, faces a rising number of cyberattacks, particularly on Android and iOS devices in the Asia Pacific (APAC) region, according to cybersecurity firm Kaspersky.
These attacks often deploy Trojans and malware disguised as legitimate apps to deceive users into installing them. This is followed by theft of money from users’ bank accounts. Multiple countries including Russia, Turkey, India, China, Colombia, France, Germany, the US, Denmark, and Vietnam have fallen victim to such campaigns.
Methodologies Employed for Cyber Attacks
Attackers use numerous techniques such as legitimate-looking and high-ranking malicious apps, phishing messages sent through SMS (smishing), and various types of mobile banking Trojans. DNS hijacking through smishing exploits to spread malicious code is another method used to target Android device users.
Payment Platforms and Interoperability Issues
Various payment platforms, including Google Pay, PaytM, PhonePe, Square, PayPal, and Alipay, operate in a closed-loop environment. In this setting, a transaction can only take place within the platform’s own network, like how Visa and Mastercard function. However, regulators are advocating for open, standardized platforms, prompting some countries to enforce interoperability between wallets.
The Issue of Security Experts Shortage
Regulatory changes coincide with a growing concern: the shortage of technology, engineering, data, and security experts in the banking industry. This shortage could potentially lead to more cyberattacks on user devices.
Lack of Adequate Cybersecurity Policy
Without proper cybersecurity measures and a pool of skilled professionals, the increase in cyberattacks on user devices is inevitable. Until the mismatch is rectified, it is crucial to exercise caution while using mobile devices for making payments.
Recommended Measures for Securing Mobile Banking
Practising digital hygiene, such as periodically updating phones and rebooting, can improve security. Users are advised to connect to a secure VPN when using their phones for banking, and iOS 16 users can activate Lockdown Mode to limit the device’s functionality and protect it from potential malware.
Relevant Exam Questions
In recent UPSC Civil Services Examinations, questions related to cybersecurity have been posed. For preliminary exams, a question was asked about ‘WannaCry, Petya and EternalBlue,’ which are ransomware forms of cyber threats. For main exams, candidates were asked to discuss potential cyber threats and the security framework to prevent them.
Last Modified: February 18, 2024