Anjoum ., profile picture
Uploaded byAnjoum .
819 views

Evolutionand impactofhiddenmobilethreats wandera

This document discusses the evolution of hidden mobile threats and why organizations need multi-level security solutions. It outlines six common mobile threats: vulnerable legitimate apps, jailbreaking, outdated operating systems, malware/malicious apps, compromised Wi-Fi hotspots, and phishing. The document recommends a predictive, multi-level approach to mobile security to address threats, protect corporate data on devices, and educate users on risks.

Embed presentation

Download to read offline
The Evolution and Impact of Hidden Mobile Threats: Why Your Organization Needs a Multi-Level Security Solution
THE EVOLUTION AND IMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 2 Table of Contents Introduction 3 Common Mobile Threats and the Affects on your Business 3 Vulnerable Legitimate Apps 3 Jailbreaking 4 Outdated OS 4 Malware and Malicious Apps 4 Compromised Wi-Fi Hotspots 5 Phishing 5 Threat Correlation 5 Solution: A Multi-level Predictive Approach to Security 6 Conclusion 7
THE EVOLUTION AND IMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 3 Introduction Mobile attacks, which were rare only a few years ago, are growing exponentially, and they are in many ways different from those in a PC-world. This whitepaper highlights these differences, explains in detail six common mobile threats and discusses the merits and limitations of the security solutions available today. There are two main reasons for the rampant growth in mobile attacks: firstly your employees’ insecure mobile devices can be exploited to gain access into your corporate network; secondly and more importantly, compromising the mobile device itself can be highly lucrative for cyber criminals. It is likely that your organization is already victim of multiple instances of stealing data, intercepting requests or gaining control over individual mobile devices. It is also likely that IT Administrators in your organization are unaware of such attacks. Individually each attack may not result in large financial and public relations costs, making them harder to detect and perhaps a lower priority to address. However, cumulatively they bear significant financial cost to your organization, and make it susceptible to further organized attacks in the future. Detecting and remediating these hidden mobile threats should be a priority for your organization. The mobile threat landscape has other unique characteristics that further complicate the challenge facing mobile security professionals: §§ Risky user behavior - Whether it’s the effect of Apple’s walled-garden approach, or the relative nascence of the mobile threat landscape, end users have a false sense of security when it comes to their mobile devices. Unsuspecting end users can grant apps widespread permissions and even provide root-level access by jailbreaking their phone, whilst relying on their device for sensitive tasks such as online banking. Employers need to educate their employees on these threats and provide best practices to prevent mobile attacks. A recent poll of over 2,000 end users, conducted by Wandera, uncovered that only 7% of employees have been given any form of security guidance on using apps and smartphones in general. §§ Threat from mobile applications – Over 75% of popular apps on iOS and Android official stores can access user data and 29% of these legitimate apps leak data inadvertently or even purposefully by sharing the data with ad networks . The sheer volume of apps downloaded makes it easy for malicious apps to get on the device. Research shows that 24% of IT professionals have seen malware on work smartphones. §§ Business and personal on one device – 70% of employees access corporate data from a personal smartphone or tablet. The security challenge of protecting corporate data is not limited to BYOD devices. Employees are using corporate-owned devices for personal use and want control over the device. §§ New types of threats – Mobile devices are open to completely new types of attacks. For example, criminals use malicious mobile apps to send text messages to premium mobile phone numbers or take control of infected devices. §§ Threats are highly correlated - A mobile device with malware or other vulnerabilities is significantly more likely to suffer from other mobile attacks. This results in exponentially growing risks and associated costs for your organization. Let’s now look at six common mobile threats, and the risks they pose to your organization. Common Mobile Threats and the Affects on your Business Vulnerable Legitimate Apps Mobile users face significant threats from legitimate apps that are downloaded from official app stores. Over 75% of the top iOS and Android apps have permissions to access user data . Poor programming often results in apps inadvertently leaking this sensitive user information. They do this by passing plain-text data in transport or storing data on the device without the necessary security measures. Gartner has predicted that by 2017, 75% of mobile security breaches will be the result of mobile application misconfigurations. Since advertising is a primary source of revenue for most free and even paid apps, data is also often shared with ad networks.
THE EVOLUTION AND IMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 4 As an example of a vulnerable legitimate app, a recent version of the popular Starbucks iOS app, which is used to make payments and accrue rewards, transmitted user data in the clear. It exposed customers’ usernames, e-mail addresses, passwords, and certain location data. Similarly, research done in January 2014 by IO Active Labs discovered that, of the 40 home banking apps from the top banks in the world, 20% were vulnerable to man-in-the-middle (MiTM) attacks and 40% leaked sensitive information like activation codes through plain-text requests, or exposing data through the device logs. These results were surprising 75% of mobile security breaches will be the result of mobile application misconfigurations according to Gartner given the size and resources of the financial institutions and the focus from cyber criminals on mobile banking malware. Jailbreaking It is never safe to have a jailbroken device in your corporate network. Jailbreaking, or rooting is the process of removing the security limitations imposed by the Operating System vendor. Jailbreaking permits root access to the OS file system allowing the download of applications, which are not permitted through the official app stores. Jailbreaking also provides all apps, including malicious ones, with access to data owned by other applications. End users often jailbreak a device in order to gain access to a capability or app that is not officially supported, or to unlock their phone so that it can be used with other carriers. It is possible that the employee may not even know that their device has been jailbroken. As an example, Pangu is a jailbreak for iOS 7.1 that uses an expired enterprise certificate, and can potentially be injected without the user’s knowledge. Outdated OS In the cat and mouse game of OS vendor patching of known vulnerabilities whilst hackers race to exploit them, a device running an outdated OS is by definition vulnerable and presents a significant risk of being compromised. There are more than 11,000 different combinations of Android devices and Android Operating Systems in existence. This fragmentation creates a management headache and a security issue whereby many devices remain with outdated OSs. This is also a challenge on the iOS platform. Evidence suggests that 24% of iPhone users were on an older OS, even 5 months after the release of the new iOS7 . In an enterprise setting, IT departments sometimes choose to implement a phased approach to OS upgrades for their mobile device fleets to keep in step with releases to their MDMs and this staggered approach also creates devices with outdated OSs. Malware and Malicious Apps Mobile malware is malicious software designed to steal personal information stored on the 55% of adults use the device or gain control over the device. Most mobile malware spreads via malicious apps same password for that persist on the device and gain extensive permissions. most web services Google’s Android platform is most vulnerable to malware due to the level of control the platform provides developers and the ability to download apps from 3rd party stores that are not vetted by Google. However, the iOS platform is not completely worry-free either. For example, a flaw found recently in Apple’s iOS allowed hackers to intercept email and other communications that were meant to be encrypted. Other techniques that hackers employ on the iOS platform are malicious profiles or rogue certificates. A malicious profile can overwrite system functionality such as MDM software or mobile carrier settings, and be used to bypass various security measures and potentially intercept all data packets. Hackers can also gain access to a developer certificate or enterprise certificate, allowing a malicious app to be installed directly without going through Apple’s app store. Finally, as discussed earlier, a jailbroken iOS device removes all the security limitations imposed by Apple making it extremely vulnerable to malware attacks. The top categories in mobile malware include: §§ Premium Service Abuser – Sends text messages to premium mobile phone numbers, racking up unauthorized charges. §§ Information Theft – Similar to adware and some legitimate apps, this type of malware leaks sensitive information. The intent is almost always to find sensitive information that can be sold or exploited for other attacks such as phishing or mobile banking fraud. §§ Malicious Downloader – Downloads malicious apps and files, its main objective is to download more malware. Numerous malicious apps contain multiple types of threats and mechanisms for spreading. As an example, a Trojan named Obad sends messages to premium rate numbers, downloads and installs other malware, and uses Bluetooth to install itself on other devices.
THE EVOLUTION AND IMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 5 Compromised Wi-Fi Hotspots With over 5.8 million hotspots expected by the end of 2015 , free Wi-Fi has become ubiquitous and convenient, but also a prime target for exploitation. The attacker may create a spoofed Wi-Fi network (e.g. ‘Free-Starbucks’) or simply connect to the same legitimate Wi-Fi that the victim is using with tools like Droidsheep. Either way all communications end up passing through the attacker-controlled network device. They can easily intercept passwords, credit card details and other sensitive information that can lead to identity theft, financial compromises or access to your corporate network. Even websites with SSL encryption are not bulletproof. Hackers can modify the encrypted (SSL) network’s communication by using spoofed certificates, or by downgrading the communication link, so that it’s un-encrypted and completely open to the attacker. In these scenarios any data such as email passwords, banking details and other valuable information can be intercepted and stolen. In a recent poll conducted by Ofcom, it was discovered that 55% of adults used the same password for most web services. This is an important aspect of user behavior. Even if hackers exploit just a single innocuous site or app, it will provide them with access to multiple other high value assets. Phishing Phishing is one of the oldest means of Internet attack. Authentic-looking emails or websites are presented on the device, and vulnerable users are deceived into volunteering sensitive information such as their as username, password and credit number to the hackers. Smartphone users are three times more likely to share their various account login and password credentials on malicious phishing sites . This is due to the fact that users are constantly checking email accounts on their mobile device, often multi-tasking and so not paying full attention. Furthermore the mobile device screen real estate is too small for users to accurately determine the legitimacy of a URL. On mobile, phishing attempts can be delivered over SMS as well as email. In addition to fake websites, employees are also being targeted by apps designed to impersonate popular apps. A type of phishing attack known as spear-phishing targets specific organizations to gain unauthorized access to confidential data, rather than a generic phishing attempt to large group of people. The larger the organization, the greater the risk of a spear-phishing attack. One in 2.3 companies with over 2,500 employees were targeted in at least one spear-phishing attempt, whereas one in five small or medium businesses were targeted. Threat Correlation The compounding effect of mobile threats further stresses the need to proactively address these vulnerabilities before they reach an inflection point where impact and cost start to snowball. Unlike the PC-platform, mobile threats are highly correlated. A user with an infected device is more likely to suffer from other mobile attacks. This is often because: §§ Users who grant widespread permission to legitimate apps are most likely to download malicious apps. §§ Malicious apps generally exhibit multiple bad behaviors and are designed to spread to other devices by gaining access to the address book. §§ Jailbroken phones are more susceptible to malware. §§ A device with malware is most at risk of being exploited if there is a password or data leak by a legitimate app. §§ A user whose device leaks information like an email address is an easy target for phishing. Detecting and remediating these mobile threats should be a priority for your organization. The compounding effect of mobile threats further stresses the need to proactively address these vulnerabilities before they reach an inflection point where impact and cost start to snowball.
THE EVOLUTION AND IMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 6 Solution: A Multi-level Predictive Approach to Security We have addressed the challenges to businesses when it comes to mobile security in detail. Now let’s discuss possible solutions. Several fragmented security solutions exist to address the different mobile threats that enterprises face today. App reputation lists provide information on the risks associated with apps on your employees’ devices. However, with the constantly changing landscape of both mobile threats and the frequent updating of legitimate apps, a list-based approach has limitations in detecting the latest threats. Similarly, anti-virus (AV) solutions and malware scanners are reactive to the latest attacks and cannot adapt to the changing and interconnected threat landscape. App wrappers and enterprise app stores adopt a whitelist approach allowing employees to only download pre-approved apps. These ‘locked-down’ solutions are typically not feasible for BYOD devices. Employees also expect more control over corporate-owned devices and a whitelist approach can result in a negative experience. On average, smartphone users are downloading 15 apps each quarter . Not all apps are compatible with these approaches and it’s inefficient to maintain lists that require IT managers to decide what apps to approve and go through manual steps to add and remove those apps. Secure containers that provide full auditing and true SSO are quite effective in protecting some corporate data, but do not provide any protection outside of the container and typically also result in a negative user experience. With weaknesses evident in current solutions, the most effective security solutions today should utilize algorithms to detect patterns that signal malicious or risky behavior. Wandera Secure offers such a predictive solution, with two key differentiators that ensure the most comprehensive and reliable threat detection: §§ Multi-level: Wandera’s cloud gateway sits in the path of mobile data in between employee devices and the Internet, and scans all the data in the network in real time. This data is combined with heartbeats (device configurations, apps, events and logs) from the mobile device as well as databases of malicious sites and rogue apps. This approach provides maximum visibility into various type of malware, risks and data leaks. §§ Correlation: Wandera’s proprietary algorithms correlate data processed from these multiple sources to determine severity and deliver a recommended remediation plan for each identified threat. Machine learning is an important aspect of data processing, as it allows for the detection of unanticipated correlations, which are predictive of malicious or risky behavior. It also identifies and signals outliers and anomalies. Let’s take a look at concrete examples where data from the network and on the device are correlated in order to identify malicious behavior: §§ Malware: Anomalous behavior such as launch of a backdoor VPN to a suspect IP address is detected on a device. In parallel, network traffic identifies a specific app being used at the time, and correlates these two incidents to identify the app as malicious. §§ Leaky apps: Multiple data leak attributes can be detected such as password, userid, corporate email, geolocation, credit card, social security number, date of birth, contact book upload, and device UDID. §§ Outdated OS: Records the Operating System version on the device intermittently. You can set policies that prohibit or restrict network access as well as actively monitoring the device and the network for known vulnerabilities specific to the version of the Operating System on the device.
THE EVOLUTION AND IMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 7 Conclusion To summarize, we have reviewed in detail the cost and impact of new mobile device attacks, with an analysis of the unique characteristics of the emerging threat landscape. We have gone on to describe six commonly used mobile threats and considered the impact on today’s interconnected and always-on organizations from these hidden risks. Your organization faces a real risk from hackers stealing data or gaining control over employee mobile devices. Preventing these attacks should be a top priority, however we can see they present a unique set of challenges. This paper has investigated the impacts and interdependencies of threat correlations, which can reach an inflection point and snowball, causing very significant damage to your company, its staff and its reputation. Lastly we have looked at the rigid security solutions available in today’s market to combat these threats and advocated a security solution that is multi-level (looking at multiple data sources) and also relies on correlation technologies (to identify increasingly complex threats). These two approaches should be incorporated as standard for any mobile security solution to be able to combat the evolving, high impact and hidden threats in today’s mobile environments. About Wandera Wandera is the world’s first Mobile Data Gateway, ensuring a secure and productive mobile Internet experience for businesses. Founded in 2012 and headquartered in San Francisco and London, Wandera is backed by leading venture capitalists Bessemer Venture Partners. For more information visit www.wandera.com Wandera US 180 Sansome Street, San Francisco, CA 94104 T +1 (415) 275 0636 E info@wandera.com Wandera UK 55 Bryanston Street, London, W1H 7AA T +44 (0) 203 301 2660 E info@wandera.com

More Related Content

PDF
Article on Mobile Security
byTharaka Mahadewa
 
PDF
Report on Mobile security
byKavita Rastogi
 
PDF
OS-Project-Report-Team-8
byshriram suryanarayanan
 
PDF
BETTER- Threat Whitepaper- PoS
byPurna Bhat
 
PDF
Pocket virus threat
byAli J
 
PDF
2012 nq mobile_security_report
byIsnur Rochmad
 
PDF
Security News bytes October 2013
byn|u - The Open Security Community
 
PDF
RSA Monthly Online Fraud Report -- February 2014
byEMC
 
Article on Mobile Security
byTharaka Mahadewa
 
Report on Mobile security
byKavita Rastogi
 
OS-Project-Report-Team-8
byshriram suryanarayanan
 
BETTER- Threat Whitepaper- PoS
byPurna Bhat
 
Pocket virus threat
byAli J
 
2012 nq mobile_security_report
byIsnur Rochmad
 
Security News bytes October 2013
byn|u - The Open Security Community
 
RSA Monthly Online Fraud Report -- February 2014
byEMC
 

What's hot

PDF
5 Ways to Protect your Mobile Security
byLookout
 
PPTX
220715_Cybersecurity: What's at stake?
bySpire Research and Consulting
 
PPTX
Mobile security
byhome
 
PDF
Rapport X force 2014
byPatrick Bouillaud
 
PDF
Sholove cyren web security - technical datasheet2
bySHOLOVE INTERNATIONAL LLC
 
PDF
Blue Coat 2013 Systems Mobile Malware Report
byContent Rules, Inc.
 
PDF
10940 img sytr12_mobile_malware
bySytelReplyUK
 
PDF
Mobile malware and enterprise security v 1.2_0
byJavier Gonzalez
 
PDF
Mobility, Security and the Enterprise: The Equation to Solve
byIcomm Technologies
 
PDF
4514ijmnct01
byijmnct
 
PPTX
IQT 2010 - The App Does That!?
byTyler Shields
 
PDF
Trojan horseofbyod2
byStephanie Vanroelen
 
PDF
A Joint Study by National University of Singapore and IDC
byMicrosoft Asia
 
PDF
2015 Cybersecurity Predictions
byLookout
 
PDF
Report on Rogue Security Software: a summary
bySymantec Italia
 
PDF
Rpt repeating-history
byAnatoliy Tkachev
 
PDF
Feds: You have a BYOD program whether you like it or not
byLookout
 
PDF
How to tell if that pop-up window is offering you a rogue anti-malware product
byGFI Software
 
PDF
New trends in Payments Security: NFC & Mobile
bySISA Information Security Pvt.Ltd
 
5 Ways to Protect your Mobile Security
byLookout
 
220715_Cybersecurity: What's at stake?
bySpire Research and Consulting
 
Mobile security
byhome
 
Rapport X force 2014
byPatrick Bouillaud
 
Sholove cyren web security - technical datasheet2
bySHOLOVE INTERNATIONAL LLC
 
Blue Coat 2013 Systems Mobile Malware Report
byContent Rules, Inc.
 
10940 img sytr12_mobile_malware
bySytelReplyUK
 
Mobile malware and enterprise security v 1.2_0
byJavier Gonzalez
 
Mobility, Security and the Enterprise: The Equation to Solve
byIcomm Technologies
 
4514ijmnct01
byijmnct
 
IQT 2010 - The App Does That!?
byTyler Shields
 
Trojan horseofbyod2
byStephanie Vanroelen
 
A Joint Study by National University of Singapore and IDC
byMicrosoft Asia
 
2015 Cybersecurity Predictions
byLookout
 
Report on Rogue Security Software: a summary
bySymantec Italia
 
Rpt repeating-history
byAnatoliy Tkachev
 
Feds: You have a BYOD program whether you like it or not
byLookout
 
How to tell if that pop-up window is offering you a rogue anti-malware product
byGFI Software
 
New trends in Payments Security: NFC & Mobile
bySISA Information Security Pvt.Ltd
 

Viewers also liked

PPTX
Sec 270 02 sect 01v1
bywchend
 
PDF
Business Excellence
byAnjoum .
 
PPTX
Sec 270 02 sect 01av1
bywchend
 
PPT
All
byprogrammermag
 
PPT
Six Sigma For Managers 185
byAnjoum .
 
PDF
提高扩展能力的常用模式——黄东
byprogrammermag
 
PPT
Slideshare Bedrijfspresentatie Connect It V1.0
byprijke
 
PPTX
Tbc career meeting 02 2012 linked in-2
bywchend
 
PPTX
Tbc career meeting 02 2012 linked in-1
bywchend
 
Sec 270 02 sect 01v1
bywchend
 
Business Excellence
byAnjoum .
 
Sec 270 02 sect 01av1
bywchend
 
All
byprogrammermag
 
Six Sigma For Managers 185
byAnjoum .
 
提高扩展能力的常用模式——黄东
byprogrammermag
 
Slideshare Bedrijfspresentatie Connect It V1.0
byprijke
 
Tbc career meeting 02 2012 linked in-2
bywchend
 
Tbc career meeting 02 2012 linked in-1
bywchend
 

Similar to Evolutionand impactofhiddenmobilethreats wandera

PDF
Mobile Apps and Security Attacks: An Introduction
byNagarro
 
PDF
Tips of Mobile Application Security
byMarie Weaver
 
PDF
Mobile Security for Smartphones and Tablets
byVince Verbeke
 
PDF
Top 6-Security-Threats-on-iOS
byInnovation Network Technologies: InNet
 
PDF
Can You Steal From Me Now? Mobile and BYOD Security Risks
byMichael Davis
 
PDF
Symantec Mobile Security Whitepaper June 2011
bySymantec
 
PDF
Whitepaper - CISO Guide_6pp
byEric Zhuo
 
PDF
Mobile security article
byKulani Mahadewa
 
PDF
Cn35499502
byIJERA Editor
 
PPTX
Ms810 assignment viruses and malware affecting moblie devices
byrebelreg
 
PDF
Securing mobile devices in the business environment
byIBM Software India
 
PDF
11 Reasons Why Your Company Could Be In Danger
byCopper Mobile, Inc.
 
PDF
IRJET- Android Device Attacks and Threats
byIRJET Journal
 
PDF
ISACA CACS 2012 - Mobile Device Security and Privacy
byMichael Davis
 
PPTX
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
PDF
M86 security predictions 2011
bysubramanian K
 
PPTX
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
byMasha Geller
 
PDF
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
PPTX
Defending Behind the Mobile Device
byTyler Shields
 
PDF
The New Mobile Landscape - OWASP Ireland
byTyler Shields
 
Mobile Apps and Security Attacks: An Introduction
byNagarro
 
Tips of Mobile Application Security
byMarie Weaver
 
Mobile Security for Smartphones and Tablets
byVince Verbeke
 
Top 6-Security-Threats-on-iOS
byInnovation Network Technologies: InNet
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
byMichael Davis
 
Symantec Mobile Security Whitepaper June 2011
bySymantec
 
Whitepaper - CISO Guide_6pp
byEric Zhuo
 
Mobile security article
byKulani Mahadewa
 
Cn35499502
byIJERA Editor
 
Ms810 assignment viruses and malware affecting moblie devices
byrebelreg
 
Securing mobile devices in the business environment
byIBM Software India
 
11 Reasons Why Your Company Could Be In Danger
byCopper Mobile, Inc.
 
IRJET- Android Device Attacks and Threats
byIRJET Journal
 
ISACA CACS 2012 - Mobile Device Security and Privacy
byMichael Davis
 
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
M86 security predictions 2011
bysubramanian K
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
byMasha Geller
 
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
Defending Behind the Mobile Device
byTyler Shields
 
The New Mobile Landscape - OWASP Ireland
byTyler Shields
 

More from Anjoum .

PDF
Istr19 en
byAnjoum .
 
PPTX
10 mistakes managers make managing people
byAnjoum .
 
PDF
Business Excellence
byAnjoum .
 
PDF
Ema report -_ibm_security_q_radar_incident_forensics_vs_other_industry_tools
byAnjoum .
 
PPT
Cloud Computing Ppt
byAnjoum .
 
PDF
Labtech 0013-service desk-best_practices
byAnjoum .
 
Istr19 en
byAnjoum .
 
10 mistakes managers make managing people
byAnjoum .
 
Business Excellence
byAnjoum .
 
Ema report -_ibm_security_q_radar_incident_forensics_vs_other_industry_tools
byAnjoum .
 
Cloud Computing Ppt
byAnjoum .
 
Labtech 0013-service desk-best_practices
byAnjoum .
 

Evolutionand impactofhiddenmobilethreats wandera

  • 1.
    The Evolution andImpact of Hidden Mobile Threats: Why Your Organization Needs a Multi-Level Security Solution
  • 2.
    THE EVOLUTION ANDIMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 2 Table of Contents Introduction 3 Common Mobile Threats and the Affects on your Business 3 Vulnerable Legitimate Apps 3 Jailbreaking 4 Outdated OS 4 Malware and Malicious Apps 4 Compromised Wi-Fi Hotspots 5 Phishing 5 Threat Correlation 5 Solution: A Multi-level Predictive Approach to Security 6 Conclusion 7
  • 3.
    THE EVOLUTION ANDIMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 3 Introduction Mobile attacks, which were rare only a few years ago, are growing exponentially, and they are in many ways different from those in a PC-world. This whitepaper highlights these differences, explains in detail six common mobile threats and discusses the merits and limitations of the security solutions available today. There are two main reasons for the rampant growth in mobile attacks: firstly your employees’ insecure mobile devices can be exploited to gain access into your corporate network; secondly and more importantly, compromising the mobile device itself can be highly lucrative for cyber criminals. It is likely that your organization is already victim of multiple instances of stealing data, intercepting requests or gaining control over individual mobile devices. It is also likely that IT Administrators in your organization are unaware of such attacks. Individually each attack may not result in large financial and public relations costs, making them harder to detect and perhaps a lower priority to address. However, cumulatively they bear significant financial cost to your organization, and make it susceptible to further organized attacks in the future. Detecting and remediating these hidden mobile threats should be a priority for your organization. The mobile threat landscape has other unique characteristics that further complicate the challenge facing mobile security professionals: §§ Risky user behavior - Whether it’s the effect of Apple’s walled-garden approach, or the relative nascence of the mobile threat landscape, end users have a false sense of security when it comes to their mobile devices. Unsuspecting end users can grant apps widespread permissions and even provide root-level access by jailbreaking their phone, whilst relying on their device for sensitive tasks such as online banking. Employers need to educate their employees on these threats and provide best practices to prevent mobile attacks. A recent poll of over 2,000 end users, conducted by Wandera, uncovered that only 7% of employees have been given any form of security guidance on using apps and smartphones in general. §§ Threat from mobile applications – Over 75% of popular apps on iOS and Android official stores can access user data and 29% of these legitimate apps leak data inadvertently or even purposefully by sharing the data with ad networks . The sheer volume of apps downloaded makes it easy for malicious apps to get on the device. Research shows that 24% of IT professionals have seen malware on work smartphones. §§ Business and personal on one device – 70% of employees access corporate data from a personal smartphone or tablet. The security challenge of protecting corporate data is not limited to BYOD devices. Employees are using corporate-owned devices for personal use and want control over the device. §§ New types of threats – Mobile devices are open to completely new types of attacks. For example, criminals use malicious mobile apps to send text messages to premium mobile phone numbers or take control of infected devices. §§ Threats are highly correlated - A mobile device with malware or other vulnerabilities is significantly more likely to suffer from other mobile attacks. This results in exponentially growing risks and associated costs for your organization. Let’s now look at six common mobile threats, and the risks they pose to your organization. Common Mobile Threats and the Affects on your Business Vulnerable Legitimate Apps Mobile users face significant threats from legitimate apps that are downloaded from official app stores. Over 75% of the top iOS and Android apps have permissions to access user data . Poor programming often results in apps inadvertently leaking this sensitive user information. They do this by passing plain-text data in transport or storing data on the device without the necessary security measures. Gartner has predicted that by 2017, 75% of mobile security breaches will be the result of mobile application misconfigurations. Since advertising is a primary source of revenue for most free and even paid apps, data is also often shared with ad networks.
  • 4.
    THE EVOLUTION ANDIMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 4 As an example of a vulnerable legitimate app, a recent version of the popular Starbucks iOS app, which is used to make payments and accrue rewards, transmitted user data in the clear. It exposed customers’ usernames, e-mail addresses, passwords, and certain location data. Similarly, research done in January 2014 by IO Active Labs discovered that, of the 40 home banking apps from the top banks in the world, 20% were vulnerable to man-in-the-middle (MiTM) attacks and 40% leaked sensitive information like activation codes through plain-text requests, or exposing data through the device logs. These results were surprising 75% of mobile security breaches will be the result of mobile application misconfigurations according to Gartner given the size and resources of the financial institutions and the focus from cyber criminals on mobile banking malware. Jailbreaking It is never safe to have a jailbroken device in your corporate network. Jailbreaking, or rooting is the process of removing the security limitations imposed by the Operating System vendor. Jailbreaking permits root access to the OS file system allowing the download of applications, which are not permitted through the official app stores. Jailbreaking also provides all apps, including malicious ones, with access to data owned by other applications. End users often jailbreak a device in order to gain access to a capability or app that is not officially supported, or to unlock their phone so that it can be used with other carriers. It is possible that the employee may not even know that their device has been jailbroken. As an example, Pangu is a jailbreak for iOS 7.1 that uses an expired enterprise certificate, and can potentially be injected without the user’s knowledge. Outdated OS In the cat and mouse game of OS vendor patching of known vulnerabilities whilst hackers race to exploit them, a device running an outdated OS is by definition vulnerable and presents a significant risk of being compromised. There are more than 11,000 different combinations of Android devices and Android Operating Systems in existence. This fragmentation creates a management headache and a security issue whereby many devices remain with outdated OSs. This is also a challenge on the iOS platform. Evidence suggests that 24% of iPhone users were on an older OS, even 5 months after the release of the new iOS7 . In an enterprise setting, IT departments sometimes choose to implement a phased approach to OS upgrades for their mobile device fleets to keep in step with releases to their MDMs and this staggered approach also creates devices with outdated OSs. Malware and Malicious Apps Mobile malware is malicious software designed to steal personal information stored on the 55% of adults use the device or gain control over the device. Most mobile malware spreads via malicious apps same password for that persist on the device and gain extensive permissions. most web services Google’s Android platform is most vulnerable to malware due to the level of control the platform provides developers and the ability to download apps from 3rd party stores that are not vetted by Google. However, the iOS platform is not completely worry-free either. For example, a flaw found recently in Apple’s iOS allowed hackers to intercept email and other communications that were meant to be encrypted. Other techniques that hackers employ on the iOS platform are malicious profiles or rogue certificates. A malicious profile can overwrite system functionality such as MDM software or mobile carrier settings, and be used to bypass various security measures and potentially intercept all data packets. Hackers can also gain access to a developer certificate or enterprise certificate, allowing a malicious app to be installed directly without going through Apple’s app store. Finally, as discussed earlier, a jailbroken iOS device removes all the security limitations imposed by Apple making it extremely vulnerable to malware attacks. The top categories in mobile malware include: §§ Premium Service Abuser – Sends text messages to premium mobile phone numbers, racking up unauthorized charges. §§ Information Theft – Similar to adware and some legitimate apps, this type of malware leaks sensitive information. The intent is almost always to find sensitive information that can be sold or exploited for other attacks such as phishing or mobile banking fraud. §§ Malicious Downloader – Downloads malicious apps and files, its main objective is to download more malware. Numerous malicious apps contain multiple types of threats and mechanisms for spreading. As an example, a Trojan named Obad sends messages to premium rate numbers, downloads and installs other malware, and uses Bluetooth to install itself on other devices.
  • 5.
    THE EVOLUTION ANDIMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 5 Compromised Wi-Fi Hotspots With over 5.8 million hotspots expected by the end of 2015 , free Wi-Fi has become ubiquitous and convenient, but also a prime target for exploitation. The attacker may create a spoofed Wi-Fi network (e.g. ‘Free-Starbucks’) or simply connect to the same legitimate Wi-Fi that the victim is using with tools like Droidsheep. Either way all communications end up passing through the attacker-controlled network device. They can easily intercept passwords, credit card details and other sensitive information that can lead to identity theft, financial compromises or access to your corporate network. Even websites with SSL encryption are not bulletproof. Hackers can modify the encrypted (SSL) network’s communication by using spoofed certificates, or by downgrading the communication link, so that it’s un-encrypted and completely open to the attacker. In these scenarios any data such as email passwords, banking details and other valuable information can be intercepted and stolen. In a recent poll conducted by Ofcom, it was discovered that 55% of adults used the same password for most web services. This is an important aspect of user behavior. Even if hackers exploit just a single innocuous site or app, it will provide them with access to multiple other high value assets. Phishing Phishing is one of the oldest means of Internet attack. Authentic-looking emails or websites are presented on the device, and vulnerable users are deceived into volunteering sensitive information such as their as username, password and credit number to the hackers. Smartphone users are three times more likely to share their various account login and password credentials on malicious phishing sites . This is due to the fact that users are constantly checking email accounts on their mobile device, often multi-tasking and so not paying full attention. Furthermore the mobile device screen real estate is too small for users to accurately determine the legitimacy of a URL. On mobile, phishing attempts can be delivered over SMS as well as email. In addition to fake websites, employees are also being targeted by apps designed to impersonate popular apps. A type of phishing attack known as spear-phishing targets specific organizations to gain unauthorized access to confidential data, rather than a generic phishing attempt to large group of people. The larger the organization, the greater the risk of a spear-phishing attack. One in 2.3 companies with over 2,500 employees were targeted in at least one spear-phishing attempt, whereas one in five small or medium businesses were targeted. Threat Correlation The compounding effect of mobile threats further stresses the need to proactively address these vulnerabilities before they reach an inflection point where impact and cost start to snowball. Unlike the PC-platform, mobile threats are highly correlated. A user with an infected device is more likely to suffer from other mobile attacks. This is often because: §§ Users who grant widespread permission to legitimate apps are most likely to download malicious apps. §§ Malicious apps generally exhibit multiple bad behaviors and are designed to spread to other devices by gaining access to the address book. §§ Jailbroken phones are more susceptible to malware. §§ A device with malware is most at risk of being exploited if there is a password or data leak by a legitimate app. §§ A user whose device leaks information like an email address is an easy target for phishing. Detecting and remediating these mobile threats should be a priority for your organization. The compounding effect of mobile threats further stresses the need to proactively address these vulnerabilities before they reach an inflection point where impact and cost start to snowball.
  • 6.
    THE EVOLUTION ANDIMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 6 Solution: A Multi-level Predictive Approach to Security We have addressed the challenges to businesses when it comes to mobile security in detail. Now let’s discuss possible solutions. Several fragmented security solutions exist to address the different mobile threats that enterprises face today. App reputation lists provide information on the risks associated with apps on your employees’ devices. However, with the constantly changing landscape of both mobile threats and the frequent updating of legitimate apps, a list-based approach has limitations in detecting the latest threats. Similarly, anti-virus (AV) solutions and malware scanners are reactive to the latest attacks and cannot adapt to the changing and interconnected threat landscape. App wrappers and enterprise app stores adopt a whitelist approach allowing employees to only download pre-approved apps. These ‘locked-down’ solutions are typically not feasible for BYOD devices. Employees also expect more control over corporate-owned devices and a whitelist approach can result in a negative experience. On average, smartphone users are downloading 15 apps each quarter . Not all apps are compatible with these approaches and it’s inefficient to maintain lists that require IT managers to decide what apps to approve and go through manual steps to add and remove those apps. Secure containers that provide full auditing and true SSO are quite effective in protecting some corporate data, but do not provide any protection outside of the container and typically also result in a negative user experience. With weaknesses evident in current solutions, the most effective security solutions today should utilize algorithms to detect patterns that signal malicious or risky behavior. Wandera Secure offers such a predictive solution, with two key differentiators that ensure the most comprehensive and reliable threat detection: §§ Multi-level: Wandera’s cloud gateway sits in the path of mobile data in between employee devices and the Internet, and scans all the data in the network in real time. This data is combined with heartbeats (device configurations, apps, events and logs) from the mobile device as well as databases of malicious sites and rogue apps. This approach provides maximum visibility into various type of malware, risks and data leaks. §§ Correlation: Wandera’s proprietary algorithms correlate data processed from these multiple sources to determine severity and deliver a recommended remediation plan for each identified threat. Machine learning is an important aspect of data processing, as it allows for the detection of unanticipated correlations, which are predictive of malicious or risky behavior. It also identifies and signals outliers and anomalies. Let’s take a look at concrete examples where data from the network and on the device are correlated in order to identify malicious behavior: §§ Malware: Anomalous behavior such as launch of a backdoor VPN to a suspect IP address is detected on a device. In parallel, network traffic identifies a specific app being used at the time, and correlates these two incidents to identify the app as malicious. §§ Leaky apps: Multiple data leak attributes can be detected such as password, userid, corporate email, geolocation, credit card, social security number, date of birth, contact book upload, and device UDID. §§ Outdated OS: Records the Operating System version on the device intermittently. You can set policies that prohibit or restrict network access as well as actively monitoring the device and the network for known vulnerabilities specific to the version of the Operating System on the device.
  • 7.
    THE EVOLUTION ANDIMPACT OF HIDDEN MOBILE THREATS: WHY YOUR ORGANIZATION NEEDS A MULTI-LEVEL SECURITY SOLUTION PAGE 7 Conclusion To summarize, we have reviewed in detail the cost and impact of new mobile device attacks, with an analysis of the unique characteristics of the emerging threat landscape. We have gone on to describe six commonly used mobile threats and considered the impact on today’s interconnected and always-on organizations from these hidden risks. Your organization faces a real risk from hackers stealing data or gaining control over employee mobile devices. Preventing these attacks should be a top priority, however we can see they present a unique set of challenges. This paper has investigated the impacts and interdependencies of threat correlations, which can reach an inflection point and snowball, causing very significant damage to your company, its staff and its reputation. Lastly we have looked at the rigid security solutions available in today’s market to combat these threats and advocated a security solution that is multi-level (looking at multiple data sources) and also relies on correlation technologies (to identify increasingly complex threats). These two approaches should be incorporated as standard for any mobile security solution to be able to combat the evolving, high impact and hidden threats in today’s mobile environments. About Wandera Wandera is the world’s first Mobile Data Gateway, ensuring a secure and productive mobile Internet experience for businesses. Founded in 2012 and headquartered in San Francisco and London, Wandera is backed by leading venture capitalists Bessemer Venture Partners. For more information visit www.wandera.com Wandera US 180 Sansome Street, San Francisco, CA 94104 T +1 (415) 275 0636 E info@wandera.com Wandera UK 55 Bryanston Street, London, W1H 7AA T +44 (0) 203 301 2660 E info@wandera.com