iPhone vibrates to signal the arrival of a new SMS message. I have received a notification of an online order that requires action. The online store, accelerated by the COVID-19 pandemic, has gained time for a wild package rally. There are so many messages about upcoming shipments, customs, and pickups from time to time that I cannot keep track of orders. This jungle of messages is easy for cybercriminals to infiltrate.

The SMS message is good Finnish. “[My Mail], you have a package that needs to be signed, check:  https://is.gd/CVAZ4Wpaketti-ID.3204

The phone number is Finnish, but the name of the link (URL) screams difficulties. In this case, we will find out quickly. There is a warning in the Security section of the Cyber Security Center. Unfortunately, many recipients fall for it, download the malware, spread it further, and unknowingly engage in criminal activity.

SMS message passes even the best protection

In the ICT area, we’ve learned how to protect against malware with PC antivirus software, network gateway solutions, strong detection, and spam filters. Over the past few years, these solutions have evolved significantly through artificial intelligence and cloud scalability. Investments in security in this attack do not help because they are cleverly bypassed.

An attacker uses the weakest link to spread malware: the operator’s SMS service, the pleasure of buying and packet arrival, and a smartphone.

  1.  The infected smartphone will send an SMS message to my phone. From the point of view of the operator’s SMS system, the sender of the message is a regular Finnish mobile subscription holder. SMS service does not check the content or danger of a message as e-mail services do. In Finland’s unlimited mobile subscription, messages are not charged separately, so the old SMS money maker is mainly a burden. There is hardly any money for the development of information security for this service. This is easy to take advantage of.
  2. The user will press the URL link, launch the browser and download the malware. In this case, the attacker uses a service that shortens the URL, hiding the original. This site is rated with almost all security products in the generic IT area, so the request goes through the Next Generation Firewall URL filters. If the mobile terminal device is 4G or 5G on a mobile network, there is no corporate URL filter either. The terminal device is outside the firewall. This, too, is easy to take advantage of.
  3. The malware will install. Few smartphones have anti-malware software at all or the software acquired is based on the capabilities and source of information of a single product. The ability of such software to detect and respond to a zero-day attack is non-existent. The user continues to pollute unknowingly. It’s a cybercrime’s payday.

Endpoint security products – “really stupid idea”

Nir Zuk, founder, and chief technology officer of Palo Alto Networks, called individual data sources, such as terminal security products, a “really stupid idea,” with an emphasis instead on a holistic approach in which each security component works together. There’s a bit of commercial thinking in the sentence, but I’m on the same page. As a solution for companies, individual antivirus software with single data sources is outdated.

Similarly, obsolete is the idea that using a different security technology provider on terminals and the network achieves a safer operating environment. In practice, the opposite is true, as Mr. Nir says. All antivirus products are equally good at identifying known malware and attacks. However, they do not provide an adequate picture of the situation.

The company should therefore focus on solutions that make it possible to respond to new unknown and targeted cyberattacks. This requires cooperation, artificial intelligence, and automation from all data sources.


Finding Best Product is becoming more and more challenging

Acquiring a new integrated entity cannot be based on the idea of choosing a “Best Product” security product to glue on based on tests. So far, no industry player has been able to credibly simulate and test the overall solution for targeted or new attacks in a multi-cloud and multi-device environment.

The buyer must trust the supplier, the entity to be acquired, and believe that technology and integrations will develop quickly enough. The old saying: “By choosing Cisco Systems products, you will not get fired” is topical again. I admit that their portfolio is one of the best, and the security of the mobile terminal device has not been forgotten either.


Hannu rokka, Senior Advisor

5Feet Neworks Oy