The way mobile users share, interact, and consume information, both at home and at work, is changing, resulting in an explosion of mobile threats.
With the upsurge of mobile activity, there is a resulting greater focus on mobile platforms by cybercriminals. This criminal focus is reflected in a marked rise in mobile malware infections, which nearly doubled in the first half of 2016 compared to the second half of 2015, according to the latest stats from Nokia.
The malware infection rate hit an all-time high in April. Android mobile devices were the most targeted mobile platform by far, representing 74 percent of all mobile malware infections. Overall, the number of infected Android apps in Nokia’s malware database soared 75 percent, from 5.1 million in December 2015 to 8.9 million in July 2016.
In addition, malware is becoming increasingly more sophisticated, as new variations attempt to root the phone in order to provide complete control and establish a permanent presence on the device, posing a particularly severe risk for enterprises.
Data in the Nokia report is aggregated from deployments of the Nokia NetGuard Endpoint Security platform, covering more than 100 million devices, including mobile phones, laptops, notepads, and Internet of Things devices.
NIST’s catalog of threats
To help IT folks recognize mobile threats, the National Institute for Standards and Technology (NIST) released a draft report that provides a catalog of mobile threats and strategies to mitigate those threats.
The catalog lists mobile threats in many areas, including authentication, supply chains, physical access, payments, ecosystem and network protocols, technologies, and infrastructure. It also includes mobile security concerns involving GPS, WiFi, Bluetooth, and mobile payments, as well as mobile malware.
“Often IT shops or security managers will address or secure the apps on a phone and protect the operating system from potential threats,” NIST cybersecurity engineer Joshua Franklin said in releasing the catalog. “But there is a much wider range of threats that need to be addressed. For example, enterprise security teams often don’t focus on the cellular radios in smartphones, which, if not secured, can allow someone to eavesdrop on your CEO’s calls.”
For enterprise mobility management systems, in particular, NIST identified a number of mobile threats that IT shops need to watch out for, along with countermeasures they can take to lessen the risks to the corporate network:
Mobile Threat: Unauthorized access to enterprise mobility management/mobile device management (EMM/MDM) administrative console by exploiting vulnerabilities
Countermeasures: Ensure that strong authentication methods are enabled for access to the administrative console; require multifactor authentication for remote EMM/MDM administration; audit administrative actions within EMM/MDM systems to enable detection of unauthorized actions; employ application vetting processes on prospective EMM/MDM solutions to reduce the risk attackers can gain unauthorized access to administrative functions
Mobile Threat: Insecure handling of sensitive user data by EMM/MDM platform
Countermeasure: Employ application vetting mechanisms on prospective EMM/MDM platforms to reduce the risk that sensitive data processed is handled in an insecure fashion.
Mobile Threat: An attacker enrolls a mobile device into an EMM/MDM without authorization of the device’s owner, which allows further attacks against the device or tracking user behavior
Countermeasure: Consider EMM/MDM products that support enrollment procedures that require users to opt-in to management of their device, such as by issuing one-time enrollment tokens using an out-of-band channel or requiring enrollment be performed in person
Mobile Threat: End user privacy violations by an IT administrator or attacker with administrative access to the EMM/MDM administrative console
Countermeasures: Ensure that the EMM/MDM console provides privacy controls to limit the ability of IT administrators to access sensitive information; ensure that the EMM/MDM console provides the ability to audit access by administrators to privacy-sensitive information; configure EMM/MDM products to only audit and log privacy-related data as is minimally required to enforce other policies
Mobile Threat: Unauthorized or unintentional wiping of personal user data from devices
Countermeasures: Use EMM/MDM products that can be configured to require dual authorization (two administrative users) to trigger device wipe functions, or at a minimum, products for which wiping functions involve multiple steps to complete; permit encrypted backups to the native cloud service to enable restoration of personal and enterprise data, which may have been accidentally or maliciously deleted from an enrolled mobile device.
Mobile Threat: Enterprise data synchronized to unmanaged and potentially insecure third-party cloud services
Countermeasures: Use MDM profiles to prevent managed devices from using cloud-based file storage services or synchronization services (note: this may increase the risk of loss of availability in the event of unintentional device wipe or similarly destructive events, such as mobile ransomware); reduce the risk a loss of confidentiality for enterprise data stored by authorized cloud-based file storage or synchronization services by ensuring enterprise data is encrypted via an encrypted contained prior to synchronization.
Mobile Threat: Insecure internally developed enterprise app installed onto enrolled devices via mobile application management policy
Countermeasures: Ensure internally developed apps are evaluated with rigor, such as by using app-vetting services to establish confidence they present minimal risk to the enterprise and device users; employ container solutions, such as Android for Work, that can prevent launching of managed apps when the device user is not authenticated to the work-centric container, thus minimizing the risk those apps present to the user outside of a work context.
Users hold the mobile malware key
A recent report entitled Mobile Users at Risk by Allot Communications found that the way people behave with their mobile devices is one of the most important factors in whether they get infected with malware. Unfortunately, only about half of mobile users use security products on their devices.
Business users show the riskiest online behavior, with 79 percent of businessmen and 67 percent of businesswomen using potentially risky apps every day.
Young people are also at high risk, with close to two-thirds of them using potentially risky apps every day. While mobile app downloads are often protected, their use is not protected, making users vulnerable to malware threats.
To combat malware threats, Allot recommends safeguarding mobile users at the network level to protect against multiple types of mobile threats because the security measures can provide a protective umbrella for all online activity.
Malware isn’t the only threat posed by mobile devices, as can be seen by the mobile threats detailed by NIST. Insecure apps leaking data are also a big problem for enterprises.
To secure mobile apps from data leakage, enterprises should develop mobile apps using security best practices, test apps for security flaws using automated testing, and invest in mobile security for employees and systems.
Mobile security in the enterprise comes down to using best security practices and technology to stay one step ahead of cybercriminals.