Cloud

2/2/2018
10:30 AM
Paul Martini
Paul Martini
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

3 Ways Hackers Steal Your Company's Mobile Data

The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.

It's the unfortunate reality of the cybersecurity threat landscape today that malicious actors are advancing their tactics at a breakneck pace, finding new vulnerabilities in network defenses to execute attacks faster than IT teams can keep up.

This is especially true in the context of the modern distributed organization, where employees leverage an array of mobile devices — and access private networks from almost any location outside of headquarters — to conduct their work. This is a boon for business in that workers can enjoy flexible hours and not be tied to their desks to complete tasks, which can boost employee satisfaction and performance. But it also puts an increased burden on IT teams and network administrators, as they now are tasked with managing a practically borderless network with higher traffic volumes than ever before.

In fact, according to a recent survey of IT teams at major US organizations conducted by Researchscape for iboss, 80% of IT executives weren't confident in their ability to secure mobile traffic in the future, while only 56% of their superiors in the C-suite accepted the same reality.

This is compounded by the increased adoption of cloud services such as Office 365, Dropbox, and other off-premises storage providers, making it harder than ever for corporations to monitor the data leaving their network. Criminals are increasingly able to hide within encrypted traffic, exit the network, and slowly siphon out sensitive data without IT administrators immediately noticing.

While understanding the flaws in network defenses is valuable in planning for the future, it's also critical to know when and how sensitive data leaves the network, especially in expanding, high-stakes mobile breach scenarios. Here are three ways that cybercriminals can gain access to corporate systems through mobile devices and exfiltrate data.

Tor: Free Data Encryption
First developed in 2002 as "The Onion Router," the Tor project directs traffic through a free volunteer overlay network that employs more than 7,000 relays to conceal information about users from network monitoring teams. Tor can be implemented in the application layer of a communication protocol stack that's nested like an onion — hence the original name — encrypting data, including the next destination IP address, repeatedly, before it goes through a virtual circuit comprising successive, randomly selected Tor relays.

Because the routing of communication is partially hidden at every port in the Tor circuit, traffic source and destination are hidden from the view of network administrators at every stop. This makes it increasingly difficult for IT and security professionals to determine whether traffic is legitimately exiting the network or if the activity indicates data exfiltration.

Hiding Within Legitimate Traffic
Sensitive data may also be hidden within files or documents that wouldn't normally be tagged as malicious content by traditional network security monitors. A hacker who may already have crossed the perimeter might hide sensitive data within Word documents or .zip files, for instance, that feature familiar naming protocols and size characteristics.

If security protocols at the gateway aren't taking a detailed approach to vetting content as it exits the network — that is, taking a layered approach to evaluating entire files that goes beyond adhering to proxy settings or standard decryption — hackers can funnel data out of the network for weeks, months, or years before administrators even notice.

Leveraging Cloud Storage Applications
The problem with many cloud applications is that they usually require users to send content into a data center shared by multiple customers, where many users and corporations leverage the same storage capacity and bandwidth. Cloud providers are also a third-party service, which means that data is potentially at risk of being mishandled by the provider if they aren't a proven, trusted partner, or if their security protocols aren't up to snuff.

File encryption and strong passwords can go a long way toward protecting corporate data housed in the cloud. But the most effective way to prevent data exfiltration is a defense-in-depth strategy that is as vigorous in vetting traffic entering the network as it does leaving it, by looking at data packets individually to determine the true intent of the content. For example, this could include sandboxing features that allow documents to play out in a simulated network environment that tests for malicious inclinations once the document crosses the network perimeter. Putting data about to leave the network through the same proxies and firewalls as incoming traffic is another possible solution.

This approach is especially critical for mobile devices accessing network data via remote channels and public Wi-Fi. With the increasing mobility of employees who frequently and easily access cloud services from coffee shops and airports, companies need to make sure that all their active user and device directories remain up-to-date, and that the network is constantly monitored to ensure all users are following best practices. This requires taking regular inventory of the devices and users accessing the network — quarterly, monthly, or even weekly — to ensure that unverified traffic is easy to spot on a rolling basis. The more rigorous that security teams are in making sure their reference points are up-to-date, the more effective their use of leading cybersecurity tools will be in preventing data exfiltration.

Related Content:

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.