STM has taken a closer look at cyber attacks carried out via mobile applications in its newly released Cyber Threat Status Report. Emphasizing that storing critical information in insecure environments paves the way for cyber attacks, STM drew attention to the fact that sensitive data should be protected with strong encryption algorithms instead of clear text.
STM, which has undertaken important projects and domestic products in the field of cybersecurity in Turkey, announced its new Cyber Threat Status Report covering the months of October-November-December 2024, through its Technological Thinking Center “ThinkTech”. The report, prepared by STM’s cybersecurity experts in order to raise awareness in the field of cybersecurity, includes 8 different topics. The report includes current and interesting topics such as what to watch out for in mobile application security, phishing attacks targeting NFT sales platform users, the latest developments in quantum computers, and the countries that have carried out the most cyberattacks recently.
The Cost of Neglect in Mobile Application Security
In recent days, mobile applications belonging to an insurance company and a fast-track system sent malicious notifications to users due to unauthorized access. In addition, bitcoins were requested to be sent to a specific wallet. In the examinations, it was determined that the applications were performing message notifications with the OneSignal library and that critical information (such as API Key, App ID) was stored insecurely.
STM drew attention to the points that should be given importance in mobile application security against such attacks. Accordingly, sensitive information should not be stored in clear text and strong encryption algorithms should be used. Data should not be stored on the device if possible, external storage should be avoided. All communication should be done over the HTTPS protocol. Systems should be implemented where users can only access data they are authorized to. Critical information should not be included in the source code, code mixing techniques should be used. Multi-factor authentication and strong password policies should be implemented. Outdated or vulnerable libraries should not be used.
Growing Threat to Digital Assets: Phishing Attacks on NFT Marketplaces
NFTs (Non-Fungible Tokens), which represent unique assets in the digital world and have become a major investment tool in recent years, continue to be the target of cyber attackers. Phishing attacks, in particular, aim to capture crypto wallet information by luring users into fake NFT marketplaces. Users are directed to fake sites created through fake emails or social media links, and they risk losing their crypto assets on these sites. In 2020, cyber attackers took over the Twitter accounts of famous names such as Barack Obama, Bill Gates, and Elon Musk and made fake posts. During this attack, $110.000 worth of Bitcoin was sent to the attackers' wallet address.
The report includes some tips to protect yourself from such threats. The source of emails and links should be carefully examined, even official-looking posts should be approached with caution, and the reliability of any link should be verified before clicking on it. Since situations such as the hacking of social media accounts can also lead to serious losses, being careful and suspicious at every step is of great importance for the security of digital assets.
Most Cyber Attacks Come from Estonia
Data from STM’s own Honeypot sensors also revealed the countries that have received the most cyber attacks worldwide. A total of 2024 million 1 thousand attacks were reflected on STM’s Honeypots (Honeypot-trap servers) during the months of October-November-December 551. The country that made the most attacks was Estonia with 270 thousand attacks, while Bulgaria came in second with 248 thousand attacks. These countries were followed by Russia, Romania, USA, India, Netherlands, Bolivia, Iran and Egypt, respectively.
