Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

10/23/2013
07:02 PM
50%
50%

Catching Mobile Malware In The Corporate Network

As more malicious mobile apps arrive, security firms roll out different methods of detecting the malware inside business networks

To developers, advertising frameworks may just be another way to make money from their free applications, but in at least one case -- dubbed "Vulna" by security firm FireEye -- the library has functionality that allows attackers to steal private data from a targeted phone and opens vulnerabilities that could be exploited by hackers.

The library, which FireEye has declined to name until its developer fixes the problems, underscores the dangers that mobile users and their companies will increasingly face. As smartphones and tablets become an essential part of information workers' tool sets, cybercriminals and digital spies have targeted the mobile devices to gain access to business data. Careful users who download mobile apps from well-vetted app stores are unlikely to encounter malware, but times are quickly changing, and targeted attackers will focus more heavily on mobile devices, says Manish Gupta, senior vice president of products for FireEye.

"Fundamentally, we believe that hackers have no restrictions on what they use for an infection vector -- they use what works, so mobile will be an increasing vector of choice," he says.

While malware has not become as pressing a threat on mobile devices as on personal computers, Vulna is not the only mobile vector that FireEye has found inside business networks. In another case, the company found a mobile application designed to access a device's calendar and turn on the phone's microphone during meetings, Gupta says.

To be ready for the inevitability of mobile malware, companies need to put limitations on their users, says Chet Wisniewski, senior security adviser for software security firm Sophos.

"When you allow those mobile devices to connect in, be very specific about what you are allowing them access to -- don't just throw them on the LAN with all your laptops and desktops," he says. "We have too much of a habit in our LANs to allow devices, once they are in, to access everything."

In addition, businesses should use mobile device management (MDM) software to limit users to only download apps from the major app stores. While the app stores, especially Google Play, have hosted malicious apps, Google, Apple, and others do a good job of taking down any malicious apps once they are found, Wisniewski says.

[Difficult times ahead for app markets as professional malware developers ramp their evasion techniques. See Distributing Malware Through Future App Stores.]

Companies should not stop at mobile device management either, says Patrick Foxhoven, chief technology officer of cloud-security firm Zscaler.

"If you want visibility into what apps are on the devices and what communications are coming from the devices, and you don't want to manage the device, then you need to do security through the network," he says.

Zscaler, which uses its security-proxy approach to detect malicious traffic, allows companies to avoid the sticky questions of trying to manage an employee-owned device and instead allows the business to focus on the part of the infrastructure that belongs to them: the network and the data.

Yet attackers can use encryption to get around such network-based defenses, says FireEye's Gupta. The company's virtual machine allows companies to analyze potentially malicious files and programs to catch malware. Rather than try to catch the attacks on the networks, FireEye -- which announced a new service aimed at mobile devices -- waits for the program to take a suspicious action. Companies need to find the threats, and that requires analyzing the applications that employees are downloading to their devices, he says.

In another malicious mobile app, for example, the user has to reach level 17 in a game before the malicious payload executes, says Gupta.

"You have to play the game," he says. "A static-analysis environment would not detect it, and if you are in dynamic-analysis mode, you would have to get it to execute the entire execution space."

Whichever approach a company decides to take, it should consider the question of mobile malware soon, he argues. While mobile attacks are just starting to take off, attackers will increasingly investigate the possibilities, and companies need to be prepared.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manju_i7
50%
50%
Manju_i7,
User Rank: Apprentice
11/2/2013 | 2:10:27 PM
re: Catching Mobile Malware In The Corporate Network
The way apps, OEMs, OS are increasing and the way mobile malware, intrusions and vulnerabilities are growing, you need a secure network gate to prevent any intrusions to enter the corporate network else the whole network will be held for ransom. It has been clearly proved that mRATs can easily bypass MDMs and secure containers and attacking corporate networks. A real BYOD specific network behavioral analysis, and a complete BYOD specific vulnerability scan and risk analysis are need of the hour as work moves more and more to BYOD. Considering all, will be great if the solution is done without touching the device.

Manjunath M Gowda, ceo i7 networks (i7nw.com)
moonali
50%
50%
moonali,
User Rank: Apprentice
10/30/2013 | 12:18:26 PM
re: Catching Mobile Malware In The Corporate Network
i want to be a hacker...
Chuck Brooks
50%
50%
Chuck Brooks,
User Rank: Apprentice
10/29/2013 | 12:21:26 AM
re: Catching Mobile Malware In The Corporate Network
As BYOD becomes more prevalent in both the corporate world and government, malware becomes a growing problem in mobility. Detection and patches are really not enough. a hardware/software endpoint mobile solution may be the best avenue to protect devices in the long run.
'Box Shield' Brings New Security Controls
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15498
PUBLISHED: 2019-08-23
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
CVE-2019-15499
PUBLISHED: 2019-08-23
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.
CVE-2019-13139
PUBLISHED: 2019-08-22
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the ...
CVE-2019-15325
PUBLISHED: 2019-08-22
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.
CVE-2019-15326
PUBLISHED: 2019-08-22
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.