News

Most businesses have a strong focus on maintaining a clean and safe working environment, especially in critical sectors. No medical practitioner who values the lives of their patients would take a shortcut on handwashing and surface sterilization protocols. No one working with hazardous materials who values their own life would skip out on protective equipment. Even in sectors like education and retail, hygiene is still a top priority.

Yet in the same environments where clinical hygiene is maintained, cyber hygiene is often left to chance, especially when it comes to mobile device security.

Mobile devices are no longer just simple communication tools, they are now seen as essential to frontline operations. This means they are also a priority target for cybercriminals searching for weak points to breach corporate networks.

As the mobile threat grows, cybersecurity hygiene needs to be held to the same standard as physical workplace hygiene. It must be routine, deeply embedded, and intolerant of shortcuts - not an afterthought.

Mobile devices such as smartphones, tablets and wearables are considered mission-critical in many sectors. From healthcare to education to energy, workers are increasingly relying on mobile for core operations.

Healthcare clinicians access patient health records via mobile apps, teachers engage their classes through interactive displays, and field engineers manage critical infrastructure through connected devices.

However, while this raft of mobile devices brings more agility and efficiency, it’s also greatly expanding the attack surface of these sectors – and cybercriminals have noticed. The risk facing mobile devices has grown dramatically in recent years, both in volume and sophistication.

Over 33.8 million mobile-specific attacks were detected globally in a single year - a figure that continues to rise as threat actors capitalize on mobile’s expanding footprint in enterprise environments.

These attacks exploit the lapses in cyber hygiene that persist across mobile fleets. Devices are frequently assumed to be safe by default or dismissed as low risk. Mobile devices running outdated operating systems, unpatched applications or lacking endpoint protection are commonplace. Password reuse and the absence of multi-factor authentication (MFA) further elevate the risk.

In many cases, mobile endpoints have become the soft underbelly of the corporate network - widely used, minimally monitored, and inconsistently secured. Just as unwashed hands can carry invisible pathogens, mobile devices can harbor unseen threats. And when routine protections are skipped, exposure becomes inevitable.

Despite their ubiquity, mobile devices are still perceived as fundamentally different from traditional endpoints.

Most workers have internalized a cautious approach to browsing, installing apps, and clicking incoming files and links when using their desktop and laptop devices, perhaps due to their association with a formal working environment.

However, for many users, mobile is seen as a more personal experience. This encourages a more relaxed attitude, adding to the idea that they’re somehow less “exploitable” than other endpoints.

This perception encourages complacency, with less consideration about potential threats like malicious attachments and applications. Further, mobile devices are often used interchangeably for personal and business tasks, blurring the lines between secure and vulnerable environments.

Threat actors actively exploit this mindset, especially with phishing, which remains the most common and effective method of compromise.

Mobile-specific variants, such as smishing (SMS phishing) and malicious app prompts, are particularly successful due to shortened URLs, limited screen space, and the absence of familiar desktop visual cues. These tactics are often paired with spyware, adware and data-harvesting malware that can linger undetected for long periods.

Organizations can inadvertently reinforce this risky mindset by failing to include mobile in core security strategies. Policies and protections that are standard on other endpoints, from patch management to access controls, may be absent or inconsistently applied on mobile.

This operational divide would never be tolerated in physical settings where protective measures are standardized and enforced across every tool and surface. It’s time for mobile cybersecurity to adopt the same attitude - no exceptions, no assumptions.

Many of the vulnerabilities exploited in mobile attacks stem from lapses in basic cyber hygiene - failures entirely preventable with consistent, well-enforced practices. Addressing these gaps doesn’t require breakthrough technology, but rather a disciplined approach to configuration, maintenance, and user behavior.

Mobile devices should be fully integrated into enterprise risk management frameworks, with the same diligence applied to laptops, and servers. That includes vulnerability assessments, asset inventory, incident response planning, and compliance checks.

At a minimum, all mobile devices should be kept up to date with the latest operating system and application patches. This is frequently overlooked, particularly in BYOD environments, where IT has limited visibility or control.

Mobile device management (MDM) or unified endpoint management (UEM) platforms can help organizations enforce policies around software updates, encryption and app whitelisting across every device.

Credential hygiene is equally critical. Strong passwords, enforced MFA, and discouraging reuse across services, all help reduce account-based compromise. Endpoint protection tools that scan for malicious links or payloads should extend beyond desktops and laptops to mobile devices as standard.

User education is an essential component alongside the right tools and policies. Employees must understand how to recognize phishing attempts, avoid unauthorized app installations, and report suspicious activity. Organizations can dramatically reduce their mobile risk exposure when people and policy align.

Physical hygiene is upheld as a system-wide discipline in the workplace. It is embedded in training, processes and culture, because the alternative is unacceptable risk. That same principle should govern how we approach mobile security.

Mobile devices now sit at the intersection of convenience and criticality, and treating their security as secondary is no longer viable. These devices are full-fledged endpoints, with access to sensitive systems and information, and they deserve to be treated accordingly.

Like any surgical instrument or critical tool, mobile assets must be kept clean, controlled, and protected, without exception.

We list the best small and medium business (SMB) firewall software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

We’re living in a world of relentless uncertainty. For compliance teams, this uncertainty normally only means one thing - cybersecurity risk. Against this backdrop, you might think that the volatility of the global economic landscape would be the primary cause of compliance issues for firms this year. But does this environment in fact increase the danger of other risks?

In March this year, our report gauged the opinions of 300 regulatory leaders from around the world on global trends involving market abuse and trade surveillance. One of the key findings was that the majority (64%) of regulatory professionals said cybersecurity risks were most likely to cause compliance issues in the next year. Next up was, unsurprisingly, global economic uncertainty (58%), followed by increasing regulatory complexity.

Given that a lot has happened already this year, does this ranking remain the same? Or are other market drivers playing a bigger role than expected?

AI, of course, lies at the heart of tech-driven risks. It has become both compliance’s enemy and ally. While AI trading models are designed to optimize for profit and increase efficiency, their rapidly accelerating sophistication means that they have the potential to become increasingly unpredictable. As AI-driven trading strategies interact with one another, market movements become harder to control and forecast. This is just one of the reasons why the benefits of AI tools also bring significant risks.

These dangers explain why proprietary trading firms, who rely on high-frequency, algorithmic trading strategies, were especially concerned by tech-driven risks, with 70% of respondents picking it as a key issue for this year.

Simultaneously, however, AI is becoming a great aide to compliance teams. Effective surveillance now depends on machine learning and AI to detect nuanced and initially obscure connections between instruments, firms or markets. These insights can support compliance professionals in detecting increasingly sophisticated forms of market abuse, while also reducing false positive alerts – a major resource-drain on monitoring teams.

Of course tech-driven risks aren’t just limited to AI. Off-channel electronic communications (eComms), where employees communicate via unmonitored apps like WhatsApp or Signal, present major compliance risks, while the increase in regulatory clarity around digital assets, such as the second part of EU’s MiCA regulation which came into force in December 2024, means their journey towards the mainstream is only likely to accelerate.

What’s true, however, is that global uncertainty heightens these risks.

Global economic unpredictability has undoubtedly been the story of 2025 so far. US trade tariffs, geopolitical conflicts, supply chain disruption and economic volatility have created a trading environment where the next move can be impossible to ascertain. But it’s also the case that this uncertainty is becoming more accepted, with regulators and firms adapting to ensure they are set up to withstand any unexpected twists and turns in the market.

So how do firms mitigate against this uncertainty from a regulatory perspective? One approach is to ensure you have stringent and robust trade surveillance controls in place. Over the last few years, instead of predominantly levying fines for abuse, regulators have been focusing on insufficient eComms recordkeeping and trade surveillance systems and controls.

Our report illustrated how trade and eComms surveillance fines accounted for over three quarters ($1.4 billion) of total enforcement action in 2024. There has also been a widening of who global regulators have been targeting, with firms of all sizes – not just the tier one banks – being handed stiff financial penalties.

Some events are impossible to predict. Global uncertainty is always a factor, so robust controls are needed to mitigate risk and maintain compliance. Current compliance technology is already advancing to manage this rising range of risks, with features such as conditional parameters that can adapt to market volatility and liquidity, or sandbox environments to test new configurations in a controlled, low-risk setting. These developments are a crucial step in building systems that can respond to the complexities of risk in today’s markets and ensure firms can keep on top of regulatory requirements.

With eComms and trade surveillance coming under particularly intense regulatory scrutiny, the compliance strategies that integrate trade and eComms data together are the ones best placed to manage risks this year. While trade data offers quantifiable evidence of suspicious activity, the intent behind it often lies in communications data. By adopting such an integrated approach, compliance teams can spot abuse that might not otherwise be apparent and build comprehensive cases.

It’s too early to call what risks are causing the most compliance issues this year. But there is no question the three areas highlighted by regulatory professionals in our report align with the current compliance reality. Rather than weighting one risk above another, however, what compliance strategy calls for more and more is the need for an integrated and holistic approach that accounts for the relationships between these risks.

Of course, it is necessary to have an awareness of what risks are a particular problem at a given time. But an integrated approach can bring to light risks that would otherwise remain hidden. Above all, what it comes down to is control: when outside events are deeply unpredictable, regulatory processes and systems that are robust, well designed and executed efficiently are worth their weight in gold.

We list the best IT Automation software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Three zero-day flaws in Ivanti CSA solutions were abused to grab login credentials
• The group likely sold the access to French government devices
• Researchers are attributing the attacks to Chinese state-sponsored miscreants

In late 2024, Chinese state-sponsored threat actors abused multiple zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices to access French government agencies, as well as numerous commercial entities such as telcos, finance, and transportation organizations.

The news was recently confirmed by the French National Agency for the Security of Information Systems (ANSSI), which noted threat actors were abusing three security vulnerabilities in Ivanti CSA devices: CVE-2024-8963, CVE-2024-9380, and CVE-2024-8190.

All three were zero-days at the time, and all were used to steal login credentials and establish persistence on target endpoints. Apparently, the miscreants were deploying PHP web shells, modifying existing PHP scripts to inject web shell capabilities, and installing kernel modules that served as a rootkit.

Get 55% off Incogni's Data Removal service with code TECHRADAR

Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.View Deal

The attacks were attributed to a group tracked as Houken which, in the past, was seen actively exploiting vulnerabilities in SAP NetWeaver to drop a variant of GoReShell backdoors called GOREVERSE.

This group, the researchers claim, bears many similarities to an entity tracked by Google’s Mandiant team as UNC5174.

"While its operators use zero-day vulnerabilities and a sophisticated rootkit, they also leverage a wide number of open-source tools mostly crafted by Chinese-speaking developers," French researchers said. "Houken's attack infrastructure is made up of diverse elements -- including commercial VPNs and dedicated servers."

Apparently, Houken isn’t exclusively focused on western targets. In the past, it was observed targeting a wide range of government and education organizations in Southeast Asia, China, Hong Kong, and Macau.

For Western targets, they were mostly focused on government, defense, education, media, and telecommunications.

It is also worth mentioning that in the French case, it is likely that there were multiple threat actors involved, with one group acting as an initial access broker, and a separate group purchasing that access to hunt for valuable intelligence and other sensitive data.

Via The Hacker News

• Critical Ivanti Cloud Service Appliance flaw exploited in the wild
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers