Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

10/23/2013
07:02 PM
50%
50%

Catching Mobile Malware In The Corporate Network

As more malicious mobile apps arrive, security firms roll out different methods of detecting the malware inside business networks

To developers, advertising frameworks may just be another way to make money from their free applications, but in at least one case -- dubbed "Vulna" by security firm FireEye -- the library has functionality that allows attackers to steal private data from a targeted phone and opens vulnerabilities that could be exploited by hackers.

The library, which FireEye has declined to name until its developer fixes the problems, underscores the dangers that mobile users and their companies will increasingly face. As smartphones and tablets become an essential part of information workers' tool sets, cybercriminals and digital spies have targeted the mobile devices to gain access to business data. Careful users who download mobile apps from well-vetted app stores are unlikely to encounter malware, but times are quickly changing, and targeted attackers will focus more heavily on mobile devices, says Manish Gupta, senior vice president of products for FireEye.

"Fundamentally, we believe that hackers have no restrictions on what they use for an infection vector -- they use what works, so mobile will be an increasing vector of choice," he says.

While malware has not become as pressing a threat on mobile devices as on personal computers, Vulna is not the only mobile vector that FireEye has found inside business networks. In another case, the company found a mobile application designed to access a device's calendar and turn on the phone's microphone during meetings, Gupta says.

To be ready for the inevitability of mobile malware, companies need to put limitations on their users, says Chet Wisniewski, senior security adviser for software security firm Sophos.

"When you allow those mobile devices to connect in, be very specific about what you are allowing them access to -- don't just throw them on the LAN with all your laptops and desktops," he says. "We have too much of a habit in our LANs to allow devices, once they are in, to access everything."

In addition, businesses should use mobile device management (MDM) software to limit users to only download apps from the major app stores. While the app stores, especially Google Play, have hosted malicious apps, Google, Apple, and others do a good job of taking down any malicious apps once they are found, Wisniewski says.

[Difficult times ahead for app markets as professional malware developers ramp their evasion techniques. See Distributing Malware Through Future App Stores.]

Companies should not stop at mobile device management either, says Patrick Foxhoven, chief technology officer of cloud-security firm Zscaler.

"If you want visibility into what apps are on the devices and what communications are coming from the devices, and you don't want to manage the device, then you need to do security through the network," he says.

Zscaler, which uses its security-proxy approach to detect malicious traffic, allows companies to avoid the sticky questions of trying to manage an employee-owned device and instead allows the business to focus on the part of the infrastructure that belongs to them: the network and the data.

Yet attackers can use encryption to get around such network-based defenses, says FireEye's Gupta. The company's virtual machine allows companies to analyze potentially malicious files and programs to catch malware. Rather than try to catch the attacks on the networks, FireEye -- which announced a new service aimed at mobile devices -- waits for the program to take a suspicious action. Companies need to find the threats, and that requires analyzing the applications that employees are downloading to their devices, he says.

In another malicious mobile app, for example, the user has to reach level 17 in a game before the malicious payload executes, says Gupta.

"You have to play the game," he says. "A static-analysis environment would not detect it, and if you are in dynamic-analysis mode, you would have to get it to execute the entire execution space."

Whichever approach a company decides to take, it should consider the question of mobile malware soon, he argues. While mobile attacks are just starting to take off, attackers will increasingly investigate the possibilities, and companies need to be prepared.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manju_i7
50%
50%
Manju_i7,
User Rank: Apprentice
11/2/2013 | 2:10:27 PM
re: Catching Mobile Malware In The Corporate Network
The way apps, OEMs, OS are increasing and the way mobile malware, intrusions and vulnerabilities are growing, you need a secure network gate to prevent any intrusions to enter the corporate network else the whole network will be held for ransom. It has been clearly proved that mRATs can easily bypass MDMs and secure containers and attacking corporate networks. A real BYOD specific network behavioral analysis, and a complete BYOD specific vulnerability scan and risk analysis are need of the hour as work moves more and more to BYOD. Considering all, will be great if the solution is done without touching the device.

Manjunath M Gowda, ceo i7 networks (i7nw.com)
moonali
50%
50%
moonali,
User Rank: Apprentice
10/30/2013 | 12:18:26 PM
re: Catching Mobile Malware In The Corporate Network
i want to be a hacker...
Chuck Brooks
50%
50%
Chuck Brooks,
User Rank: Apprentice
10/29/2013 | 12:21:26 AM
re: Catching Mobile Malware In The Corporate Network
As BYOD becomes more prevalent in both the corporate world and government, malware becomes a growing problem in mobility. Detection and patches are really not enough. a hardware/software endpoint mobile solution may be the best avenue to protect devices in the long run.
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29040
PUBLISHED: 2021-05-16
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused att...
CVE-2021-29041
PUBLISHED: 2021-05-16
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the othe...
CVE-2021-29047
PUBLISHED: 2021-05-16
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
CVE-2021-22668
PUBLISHED: 2021-05-16
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2021-29039
PUBLISHED: 2021-05-16
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.