5 mobile security threats you should take seriously in 2018

IDGNS

Mobile security is at the top of every company's worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is $21,155 per day, according to a 2016 report by the Ponemon Institute.

While it's easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world — with your odds of being infected significantly less than your odds of being struck by lightning, according to one estimate. That's thanks to both the nature of mobile malware and the inherent protections built into mobile operating systems.

The more realistic mobile security hazards lie in some easily overlooked areas, all of which are only expected to become more pressing in the coming year:

1. Data leakage

It may sound like a diagnosis from the robot urologist, but data leakage is widely seen as being one of the most worrisome threats to enterprise security as we head into 2018. What makes the issue especially vexing is that it often isn't nefarious by nature; rather, it's a matter of users inadvertently making ill-advised decisions about which apps are able to see and transfer their information.

"The main challenge is how to implement an app vetting process that does not overwhelm the administrator and does not frustrate the users," says Dionisio Zumerle, research director for mobile security at Gartner. He suggests turning to mobile threat defense (MTD) solutions — products like Symantec's Endpoint Protection Mobile, CheckPoint's SandBlast Mobile, and Zimperium's zIPS Protection. Such utilities scan apps for "leaky behavior," Zumerle says, and can automate the blocking of problematic processes.

Of course, even that won't always cover leakage that happens as a result of overt user error — something as simple as transferring company files onto a public cloud storage service, pasting confidential info in the wrong place, or forwarding an email to an unintended recipient. That's a challenge the healthcare industry is currently struggling to overcome: According to specialist insurance provider Beazley, "unintended disclosure" was responsible for a full 41 percent of data breaches reported by healthcare organizations in the first three quarters of 2017 — more than double the next highest cause.

For that type of leakage, data loss prevention (DLP) tools may be the most effective form of protection. Such software is designed explicitly to prevent the exposure of sensitive information, including in accidental scenarios.

2. Social engineering

The tried-and-true tactic of trickery is just as troubling on the mobile front as it is on desktops. Despite the ease with which one would think social engineeringcons could be avoided, they remain astonishingly effective.

A staggering 90 percent of data breaches observed by Verizon's Enterprise Solutions division are the result of phishing, according to the company's 2017 Data Breach Investigations Report. While only 7 percent of users fall for phishing attempts, Verizon says, those gullible guys and gals tend to be repeat offenders: The company estimates that in a typical organization, 15 percent of users who are successfully phished will be phished at least one more time within the same year.

What's more, numerous bits of research suggest users are more vulnerable to phishing from mobile devices than desktops — by as much as three times, according to an IBM study, in part because a phone is where people are most likely to first see a message. "We do see a general rise in mobile susceptibility driven by increases in mobile computing overall [and] the continued growth of BYOD work environments," says John "Lex" Robinson, information security and anti-phishing strategist at PhishMe — a firm that uses real-world simulations to train workers on recognizing and responding to phishing attempts.

Robinson notes that the line between work and personal computing is also continuing to blur. More and more workers are viewing multiple inboxes — connected to a combination of work and personal accounts — together on a smartphone, he notes, and almost everyone conducts some sort of personal business online during the workday. Consequently, the notion of receiving what appears to be a personal email alongside work-related messages doesn't seem at all unusual on the surface, even if it may in fact be a ruse.

3. Wi-Fi interference

A mobile device is only as secure as the network through which it's transmitting data. In an era where we're all constantly connecting to public Wi-Fi networks, that means our info often isn't as secure as we might assume.

Just how significant of a concern is this? According to new research being released by enterprise security firm Wandera this week, corporate mobile devices use Wi-Fi almost three times as much as they use cellular data. Nearly a quarter of devices have connected to open and potentially insecure Wi-Fi networks, and 4 percent of devices have encountered a man-in-the-middle attack — in which someone maliciously intercepts communication between two parties — within the most recent month.

"These days, it's not difficult to encrypt traffic," says Kevin Du, a computer science professor at Syracuse University who specializes in smartphone security. "If you don't have a VPN, you're leaving a lot of doors on your perimeters open."

Selecting the right enterprise-class VPN, however, isn't so easy. As with most security-related considerations, a tradeoff is almost always required. "The delivery of VPNs needs to be smarter with mobile devices, as minimizing the consumption of resources — mainly battery —  is paramount," Gartner's Zumerle points out. An effective VPN should know to activate only when absolutely necessary, he says, not when a user is accessing a news site, for instance, or when a user is working within an app that's known to be trustworthy and secure.

4. Out-of-date devices

Smartphones, tablets and smaller connected devices — commonly known as the internet of things (IoT) — pose a new risk to enterprise security in that unlike traditional work devices, they generally don't come with guarantees of timely and ongoing software updates. This is true particularly on the Android front, where the vast majority of manufacturers are embarrassingly ineffective at keeping their products up to date — both with operating system (OS) updates and the smaller monthly security patches between them — as well as with IoT devices, many of which aren't even designed to get updates in the first place.

"Many of them don't even have a patching mechanism built in, and that's becoming more and more of a threat these days," Du says.

Again, a strong policy goes a long way. There are Android devices that do receive timely and reliable ongoing updates. Until the IoT landscape becomes less of a wild west, it falls upon a company to create its own security net around them.

5. Physical device breaches

Last but not least is something that seems silly but remains a disturbingly realistic threat: A lost or unattended device can be a major security risk, especially if it doesn't have a strong PIN or password and full data encryption.

Consider the following: In a 2016 Ponemon Institute study, 35 percent of professionals indicated their work devices had no mandated measures in place to secure accessible corporate data. Worse yet, nearly half of those surveyed said they had no password, PIN, or biometric security guarding their devices — and about two-thirds said they didn't use encryption. Sixty-eight percent of respondents indicated they sometimes shared passwords across personal and work accounts accessed via their mobile devices.

The take-home message is simple: Leaving the responsibility in users' hands isn't enough. Don't make assumptions; make policies. You'll thank yourself later.

via CSO

Read more »

SURVEILLANCE MALWARE APPS MANAGE TO INFILTRATE GOOGLE PLAY STORE

Google’s Play Store has become home to some of the over a thousand malicious apps, known as ‘SonicSpy’, which have been deployed since February.

Of the large number of spyware apps, believed to have come out of Iraq, at least three versions of the malware have appeared in the Play Store in the last six months, according to mobile security company Lookout.

The malicious app most recently found on the Play Store was called Soniac – which was marketed as a customised version of cloud-based instant messaging service Telegram. However, it contained capabilities to silently record audio, takes photos, make outbound calls, send text messages to specific numbers, and retrieve information such as call logs, contacts and information about wi-fi access points. The app has since been removed by Google.

Two other samples of SonicSpy on the Play Store were called Hulk Messenger and Troy Chat – though both are no longer live. It is not clear, however, if Google stepped in and removed the apps, or if they were removed by the people behind the spyware to avoid detection.

Despite the Play Store being seemingly clear of SonicSpy, Lookout warns that we are unlikely to have seen the back of the family of malicious apps.

“The actors behind this family have shown that they're capable of getting their spyware into the official app store and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future,” said Michael Flossman, security research services tech lead at Lookout.

via MobileMarketing

Read more »

Routers don't keep you safe from hackers

Many people assume that their router will keep them safe from hackers. It couldn't be further from the truth. There are a few things that routers offer, but they aren't enough.

Port blocking isn't enough because hackers can get in through other ports.

Unless you have an enterprise level router, the hardware is too weak to do much. 90% of people just have the router their ISP provides. It just doesn't have enough horsepower to do any meaningful analysis of traffic or any intelligent threat detection.

Routers have static security measures that are outdated the moment they leave the factory. Hackers are constantly updating their tactics. This is why CUJO has security features that are intelligent and adapt to new threats. CUJO is constantly learning and updating every second.

To use an analogy, your typical router protects you as much as having a nice white picket fence around your house. Don't have a false sense of security, get a guard dog like CUJO :)

Right now CUJO doing a limited time offer: you can get a CUJO with a $0 subscription for only $249. Click here to add it to your cart.

Read more »

25 Scariest Things You Didn't Know About Using Public Wi-Fi

Read more »

‘AVALANCHE’ NETWORK DISMANTLED IN INTERNATIONAL CYBER OPERATION

On 30 November 2016, after more than four years of investigation, the Public Prosecutor’s Office Verden and the Lüneburg Police (Germany) in close cooperation with the United States Attorney’s Office for the Western District of Pennsylvania, the Department of Justice and the FBI, Europol, Eurojust and global partners, dismantled an international criminal infrastructure platform known as ‘Avalanche’.

The Avalanche network was used as a delivery platform to launch and manage mass global malware attacks and money mule recruiting campaigns. It has caused an estimated EUR 6 million in damages in concentrated cyberattacks on online banking systems in Germany alone. In addition, the monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of euros worldwide, although exact calculations are difficult due to the high number of malware families managed through the platform.
The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, 5 individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. Also, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing[1] to combat botnet[2] infrastructures and is unprecedented in its scale, with over 800 000 domains seized, sinkholed or blocked.

On the action day, Europol hosted a command post at its headquarters in The Hague. From there, representatives of the involved countries worked together with Europol’s European Cybercrime Centre (EC3) and Eurojust officials to ensure the success of such a large-scale operation.

In addition Europol supported the German authorities throughout the entire investigation by assisting with the identification of the suspects and the exchange of information with other law enforcement authorities. Europol’s cybercrime experts produced and delivered analytical products.

Eurojust’s Seconded National Expert for Cybercrime assisted by clarifying difficult legal issues that arose during the course of the investigation. Several operational and coordination meetings were also held at both Europol and Eurojust.

Julian King, European Commissioner for the Security Union, said: "Avalanche shows that we can only be successful in combating cybercrime when we work closely together, across sectors and across borders. Cybersecurity and law enforcement authorities need to work hand in hand with the private sector to tackle continuously evolving criminal methods.  The EU helps by ensuring that the right legal frameworks are in place to enable such cooperation on a daily basis".

Rob Wainwright, Europol Director, said: “Avalanche has been a highly significant operation involving international law enforcement, prosecutors and industry resources to tackle the global nature of cybercrime. The complex trans-national nature of cyber investigations requires international cooperation between public and private organisations at an unprecedented level to successfully impact on top-level cybercriminals. Avalanche has shown that through this cooperation we can collectively make the internet a safer place for our businesses and citizens”.

Michèle Coninsx, President of Eurojust, said: “Today marks a significant moment in the fight against serious organised cybercrime, and exemplifies the practical and strategic importance of Eurojust in fostering international cooperation. Together with the German and US authorities, our EU and international partners, and with support from Eurojust and EC3, Avalanche, one of the world’s largest and most malicious botnet infrastructures, has been decisively neutralised in one of the biggest takedowns to date.”

The criminal groups have been using the Avalanche infrastructure since 2009 for conducting malware, phishing and spam activities. They sent more than 1 million e-mails with damaging attachments or links every week to unsuspecting victims.

The investigations commenced in 2012 in Germany, after an encryption ransomware[3] (the so-called Windows Encryption Trojan), infected a substantial number of computer systems, blocking users’ access. Millions of private and business computer systems were also infected with malware, enabling the criminals operating the network to harvest bank and e-mail passwords.

With this information, the criminals were able to perform bank transfers from the victims’ accounts. The proceeds were then redirected to the criminals through a similar double fast flux[4]infrastructure, which was specifically created to secure the proceeds of the criminal activity.

The loss of some of the network’s components was avoided with the help of its sophisticated infrastructure, by redistributing the tasks of disrupted components to still-active computer servers. The Avalanche network was estimated to involve as many as 500,000 infected computers worldwide on a daily basis.

What made the ’Avalanche’ infrastructure special was the use of the so-called double fast flux technique. The complex setup of the Avalanche network was popular amongst cybercriminals, because of the double fast flux technique offering enhanced resilience to takedowns and law enforcement action.

Malware campaigns that were distributed through this network include around 20 different malware families such as goznym, marcher, matsnu, urlzone, xswkit, and pandabanker. The money mule schemes operating over Avalanche involved highly organised networks of “mules” that purchased goods with stolen funds, enabling cyber-criminals to launder the money they acquired through the malware attacks or other illegal means.

In preparation for this joint action, the German Federal Office for Information Security (BSI) and the Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie (FKIE) analysed over 130 TB of captured data and identified the server structure of the botnet, allowing for the shut-down of thousands of servers and, effectively, the collapse of the entire criminal network.

The successful takedown of this server infrastructure was supported by INTERPOL, the Shadowserver Foundation, Registrar of Last Resort, ICANN and domain registries involved in the takedown phase. INTERPOL has also facilitated the cooperation with domain registries. Several antivirus partners provided support concerning victim remediation.

Computer users should note that this law enforcement action will NOT clean malware off any infected computers – it will merely deny the Avalanche users’ ability to communicate with infected victims’ computers. Avalanche victims’ computers will still be infected, but shielded from criminal control.

Victims of malware operating over the Avalanche network may use the following webpages created for assistance in removing the malware:

• www.bsi-fuer-buerger.de/botnetz and www.bsi-fuer-buerger.de/avalanche, in German;
• www.bsi-fuer-buerger.de/EN/botnetz and www.bsi-fuer-buerger.de/EN/avalanche, in English;
• https://us-cert.gov/avalanche;
• www.nationalcrimeagency.gov.uk/news/962-avalanche-takedown;
• www.getsafeonline.org/news/avalanche;
• www.actionfraud.police.uk/news-police-takedown-computer-network-used-to-infect-millions-of-devices-dec16;
• www.cyberaware.gov.uk/blog

The Shadowserver Foundation have supported this operation and will be making the sinkhole data available globally to responsible bodies via their free daily remediation feeds. More information can be found in their blog article.

[1] Sinkholing is an action whereby traffic between infected computers and a criminal infrastructure is redirected to servers controlled by law enforcement authorities and/or an IT security company. This may be done by assuming control of the domains used by the criminals or IP addresses. When employed at a 100% scale, infected computers can no longer reach the criminal command and control computer systems and so criminals can no longer control the infected computers. The sinkholing infrastructure captures victims’ IP addresses, which can subsequently be used for notification and follow-up through dissemination to National CERTs and Network Owners.

[2] Botnets are networks of computers infected with malware, which are under the control of a cybercriminal. Botnets allow criminals to harvest sensitive information from infected computers, such as online banking credentials and credit card information. A criminal can also use a botnet to perform cyberattacks on other computer systems, such as denial-of-service attacks.

[3] Ransomware is a type of malware that infects the victim’s PC and encrypts the victim’s files, so that the victim is unable to access them. The criminal behind the ransomware then uses intimidation and misinformation to force the victim to pay a sum of money in exchange for the password that unlocks the encrypted files. Even if a password is eventually provided, it does not always work.

[4] Fast flux technique is an evasion technique used by botnet operators to quickly move a fully qualified domain name (a domain that points to one specific Internet resource such as www. domain .com) from one or more computers connected to the Internet to a different set of computers. Its aim is to delay or evade the detection of criminal infrastructure. In the double fast flux setup, both the domain location and the name server queried for this location are changed.

Read more »

iOS still does app privacy better than Android

There's not a lot new in Android 6.0 Marshmallow, which is now slowly making its way onto Android smartphones and tablets. Google characterizes Marshmallow more as an under-the-hood effort to improve system performance and stability. But one of the key new features for users is the ability to manage the privacy settings of applications.

How do Marshmallow's privacy controls compare to iOS's?

[ Looking to run office productivity apps on the go? Check out InfoWorld's comparisons of office apps for the iPad and office apps for Android devices. | If you're editing in the cloud, check out our comparison of cloud office suites. | Keep up on key mobile developments and insights with the Mobile Tech Report newsletter. ]

For several versions, Android has shown users what data and services an app wants to use when the app is installed, but you could only accept or reject them all. Also, you could not deactivate permissions (such as to your contacts or camera) later.

There's not a lot new in Android 6.0 Marshmallow, which is now slowly making its way onto Android smartphones and tablets. Google characterizes Marshmallow more as an under-the-hood effort to improve system performance and stability. But one of the key new features for users is the ability to manage the privacy settings of applications.

How do Marshmallow's privacy controls compare to iOS's?

[ Looking to run office productivity apps on the go? Check out InfoWorld's comparisons of office apps for the iPad and office apps for Android devices. | If you're editing in the cloud, check out our comparison of cloud office suites. | Keep up on key mobile developments and insights with the Mobile Tech Report newsletter. ]

For several versions, Android has shown users what data and services an app wants to use when the app is installed, but you could only accept or reject them all. Also, you could not deactivate permissions (such as to your contacts or camera) later.

If you want to see all the apps that use a specific type of data or resource, here's how: In the Settings app, tap App, then tap the Settings icon (the gear) to open the Configure Apps screen. Normally, you use the More menu (via the ... icon) in Android for accessing additional features, but in this case you use Settings. In the Configure Apps screen, tap App Permissions to get a screen that shows each permission. Tap a permission, as you would in iOS's equivalent but more accessible screen, to see and manage which apps use those permissions. It shouldn't be that hard to find.

Of course, a diligent user will eventually find that obtuse path or go into each app's settings in Android Marshmallow and check into every permission. (iOS lets you work that way too; if you tap an app in Settings, you can see its privacy permissions and adjust them.) But Android's approach is also more apt to let apps get more access to your private data and system services than you'd like or realize.

via infoworld

Read more »

5 Ways to Stay Away from Malware on a Smartphone

A malware is some software specially designed to harm your computer or smartphone, or to get your personal information for various anti-social purposes (let’s say spying on you). It may be a virus, a spyware, worm, or a Trojan, but their sole purpose is to harm you. Nowadays, since smartphones are more in use, these malwares are aimed mostly at them. So here are some precautions that you can adopt to stay away from them:

1. Download Stuff From Trusted Sources

While you download stuff (songs, pictures etc.) into your mobile, be sure that you don’t download anything but what you want to download. Sometimes, rather most of the times, a file that you want to download is accompanied with a malicious software, that drains out your personal information out of your phones and can be used for anything, and the worst part is that you’d never know. One such unwanted application is Mobogenie that automatically gets downloaded onto Android phones and can cause serious troubles. Don’t believe messages on your browsers that say anything about your phone slowing down or those that offer you “hot pics”.

2. Don’t Cache Passwords

Well, it must be very annoying to type your password again and again onto your device, but this is the key area where most of the spywares attack. They phish out the cache from browsers and hence, can gain access to your private accounts. So the only foolproof method to avoid this is to not save these passwords. Oh, and while you’re at it, turn on the 2-step verification to be extra safe. Click here to know more about two-step verification.

3. Don’t Fall Into Traps Of Spams

You might have come across emails claiming that you’ve won a billion dollars in some lottery you never signed up for, or something like this:

Never click on these links, unless you’ve subscribed or signed up for them as they may contain software that can get installed on your smartphones without your consent.

4. Be Extra Cautious If You’ve Got Root Access

This point is exclusive for Android devices.When you root your smartphone, you allow the apps to gain ‘root access,’ and once a malware gets this access, it has the rights to do almost anything on your device, without your knowledge. That doesn’t mean you shouldn’t root your phones. Just be careful while you grant Superuser privileges, and don’t grant these permissions to non-trusted software downloaded from non-trusted sources. Though we recommend not to download such softwares, but even if you do, don’t grant them Superuser permissions.

5. Install An Anti-Malware Program

Though these apps aren’t enough for keeping the malwares away, they do help to some extent. There are a plenty of such applications out there, most of them free. The best rated ones include Lookout, AVG, or Avast. Mostly, they check installed apps, and watch out for malicious codes.

Read more »