Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/2/2018
10:30 AM
Paul Martini
Paul Martini
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

3 Ways Hackers Steal Your Company's Mobile Data

The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.

It's the unfortunate reality of the cybersecurity threat landscape today that malicious actors are advancing their tactics at a breakneck pace, finding new vulnerabilities in network defenses to execute attacks faster than IT teams can keep up.

This is especially true in the context of the modern distributed organization, where employees leverage an array of mobile devices — and access private networks from almost any location outside of headquarters — to conduct their work. This is a boon for business in that workers can enjoy flexible hours and not be tied to their desks to complete tasks, which can boost employee satisfaction and performance. But it also puts an increased burden on IT teams and network administrators, as they now are tasked with managing a practically borderless network with higher traffic volumes than ever before.

In fact, according to a recent survey of IT teams at major US organizations conducted by Researchscape for iboss, 80% of IT executives weren't confident in their ability to secure mobile traffic in the future, while only 56% of their superiors in the C-suite accepted the same reality.

This is compounded by the increased adoption of cloud services such as Office 365, Dropbox, and other off-premises storage providers, making it harder than ever for corporations to monitor the data leaving their network. Criminals are increasingly able to hide within encrypted traffic, exit the network, and slowly siphon out sensitive data without IT administrators immediately noticing.

While understanding the flaws in network defenses is valuable in planning for the future, it's also critical to know when and how sensitive data leaves the network, especially in expanding, high-stakes mobile breach scenarios. Here are three ways that cybercriminals can gain access to corporate systems through mobile devices and exfiltrate data.

Tor: Free Data Encryption
First developed in 2002 as "The Onion Router," the Tor project directs traffic through a free volunteer overlay network that employs more than 7,000 relays to conceal information about users from network monitoring teams. Tor can be implemented in the application layer of a communication protocol stack that's nested like an onion — hence the original name — encrypting data, including the next destination IP address, repeatedly, before it goes through a virtual circuit comprising successive, randomly selected Tor relays.

Because the routing of communication is partially hidden at every port in the Tor circuit, traffic source and destination are hidden from the view of network administrators at every stop. This makes it increasingly difficult for IT and security professionals to determine whether traffic is legitimately exiting the network or if the activity indicates data exfiltration.

Hiding Within Legitimate Traffic
Sensitive data may also be hidden within files or documents that wouldn't normally be tagged as malicious content by traditional network security monitors. A hacker who may already have crossed the perimeter might hide sensitive data within Word documents or .zip files, for instance, that feature familiar naming protocols and size characteristics.

If security protocols at the gateway aren't taking a detailed approach to vetting content as it exits the network — that is, taking a layered approach to evaluating entire files that goes beyond adhering to proxy settings or standard decryption — hackers can funnel data out of the network for weeks, months, or years before administrators even notice.

Leveraging Cloud Storage Applications
The problem with many cloud applications is that they usually require users to send content into a data center shared by multiple customers, where many users and corporations leverage the same storage capacity and bandwidth. Cloud providers are also a third-party service, which means that data is potentially at risk of being mishandled by the provider if they aren't a proven, trusted partner, or if their security protocols aren't up to snuff.

File encryption and strong passwords can go a long way toward protecting corporate data housed in the cloud. But the most effective way to prevent data exfiltration is a defense-in-depth strategy that is as vigorous in vetting traffic entering the network as it does leaving it, by looking at data packets individually to determine the true intent of the content. For example, this could include sandboxing features that allow documents to play out in a simulated network environment that tests for malicious inclinations once the document crosses the network perimeter. Putting data about to leave the network through the same proxies and firewalls as incoming traffic is another possible solution.

This approach is especially critical for mobile devices accessing network data via remote channels and public Wi-Fi. With the increasing mobility of employees who frequently and easily access cloud services from coffee shops and airports, companies need to make sure that all their active user and device directories remain up-to-date, and that the network is constantly monitored to ensure all users are following best practices. This requires taking regular inventory of the devices and users accessing the network — quarterly, monthly, or even weekly — to ensure that unverified traffic is easy to spot on a rolling basis. The more rigorous that security teams are in making sure their reference points are up-to-date, the more effective their use of leading cybersecurity tools will be in preventing data exfiltration.

Related Content:

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16413
PUBLISHED: 2019-09-19
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.