Although I wasn’t exactly surprised by the alleged Saudi hack of Amazon CEO Jeff Bezos, it’s unusual that one of my annual New Year’s prognostications is so quickly proven accurate. On January 1, I wrote that mobile threat detection and response would become a major concern for organizations in 2020, expanding upon BlackBerry Cylance research that found state-sponsored APT groups exploiting mobile devices with impunity to surveil foreign individuals of interest. Of course, I had little idea then that such a high-profile figure would be among those individuals impacted, nor that Saudi Arabia, a U.S. ally unnamed in the BlackBerry report, would sit at the center of the burgeoning controversy.

The cyberattack against Bezos is a malicious (and digital) case of the classic steganography in which a message is concealed within another communication. In this case, Saudi Crown Prince Mohammed bin Salman is alleged to have sent Bezos a seemingly innocuous WhatsApp video concealing mobile spyware. Almost immediately, data egress from Bezos’ phone increased by nearly 30,000 percent and spiked over the following months to rates as high as 100 million percent of the pre-video baseline. Although speculation that the Saudis leaked damaging information to The National Enquirer appears incorrect, Bezos would be an obvious target for Saudi cyber groups because of the Washington Post’s support for murdered Saudi journalist Jamal Khashoggi. And regardless of actual damage, the incident provides a chilling reminder of the danger potentially posed by nation-state actors.

Gartner estimates that today, just 30 percent of organizations have Mobile Threat Defense (MTD) in place, and so, it’s naïve to think that Bezos is the only well-known individual that has been or will be successfully targeted by mobile malware attacks. It’s past time, then, that organizations, public and private, invest significantly in mobile threat detection and response. What should this investment look like?

  1. Integrated defense.
    1. Built-in capabilities so that end users are not required to install or manage third-party applications/certifications.
    2. Works with Bring Your Own Device (BYOD) and company endpoints.
    3. Central management for consistent and continuous protection.
  2. Automated and continuous monitoring.
    1. Continuous monitoring means anomalies are detected immediately and raised for remediation. For example, spiking data egress rates would quickly raise an alarm.
    2. Proactive identification of security vulnerabilities through monitoring of OS updates, system parameters, device configurations and system libraries.
  3. AI-driven detection and remediation.
    1. AI identifies and blocks both known and unknown malware from running on mobile endpoints and from within applications.

 Whether Saudi Arabia is responsible for the Bezos hack or not – and it should be noted some questions remain unanswered – the scenario is a potent reminder of the dangers associated with mobile devices. While we often treat mobile as ancillary to cybersecurity strategies, it should really sit at the core of a holistic defense. Unless this is both understood and acted upon, Bezos isn’t likely the first public victim of mobile malware, nor will he be the last.