Cloud

2/2/2018
10:30 AM
Paul Martini
Paul Martini
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

3 Ways Hackers Steal Your Company's Mobile Data

The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.

It's the unfortunate reality of the cybersecurity threat landscape today that malicious actors are advancing their tactics at a breakneck pace, finding new vulnerabilities in network defenses to execute attacks faster than IT teams can keep up.

This is especially true in the context of the modern distributed organization, where employees leverage an array of mobile devices — and access private networks from almost any location outside of headquarters — to conduct their work. This is a boon for business in that workers can enjoy flexible hours and not be tied to their desks to complete tasks, which can boost employee satisfaction and performance. But it also puts an increased burden on IT teams and network administrators, as they now are tasked with managing a practically borderless network with higher traffic volumes than ever before.

In fact, according to a recent survey of IT teams at major US organizations conducted by Researchscape for iboss, 80% of IT executives weren't confident in their ability to secure mobile traffic in the future, while only 56% of their superiors in the C-suite accepted the same reality.

This is compounded by the increased adoption of cloud services such as Office 365, Dropbox, and other off-premises storage providers, making it harder than ever for corporations to monitor the data leaving their network. Criminals are increasingly able to hide within encrypted traffic, exit the network, and slowly siphon out sensitive data without IT administrators immediately noticing.

While understanding the flaws in network defenses is valuable in planning for the future, it's also critical to know when and how sensitive data leaves the network, especially in expanding, high-stakes mobile breach scenarios. Here are three ways that cybercriminals can gain access to corporate systems through mobile devices and exfiltrate data.

Tor: Free Data Encryption
First developed in 2002 as "The Onion Router," the Tor project directs traffic through a free volunteer overlay network that employs more than 7,000 relays to conceal information about users from network monitoring teams. Tor can be implemented in the application layer of a communication protocol stack that's nested like an onion — hence the original name — encrypting data, including the next destination IP address, repeatedly, before it goes through a virtual circuit comprising successive, randomly selected Tor relays.

Because the routing of communication is partially hidden at every port in the Tor circuit, traffic source and destination are hidden from the view of network administrators at every stop. This makes it increasingly difficult for IT and security professionals to determine whether traffic is legitimately exiting the network or if the activity indicates data exfiltration.

Hiding Within Legitimate Traffic
Sensitive data may also be hidden within files or documents that wouldn't normally be tagged as malicious content by traditional network security monitors. A hacker who may already have crossed the perimeter might hide sensitive data within Word documents or .zip files, for instance, that feature familiar naming protocols and size characteristics.

If security protocols at the gateway aren't taking a detailed approach to vetting content as it exits the network — that is, taking a layered approach to evaluating entire files that goes beyond adhering to proxy settings or standard decryption — hackers can funnel data out of the network for weeks, months, or years before administrators even notice.

Leveraging Cloud Storage Applications
The problem with many cloud applications is that they usually require users to send content into a data center shared by multiple customers, where many users and corporations leverage the same storage capacity and bandwidth. Cloud providers are also a third-party service, which means that data is potentially at risk of being mishandled by the provider if they aren't a proven, trusted partner, or if their security protocols aren't up to snuff.

File encryption and strong passwords can go a long way toward protecting corporate data housed in the cloud. But the most effective way to prevent data exfiltration is a defense-in-depth strategy that is as vigorous in vetting traffic entering the network as it does leaving it, by looking at data packets individually to determine the true intent of the content. For example, this could include sandboxing features that allow documents to play out in a simulated network environment that tests for malicious inclinations once the document crosses the network perimeter. Putting data about to leave the network through the same proxies and firewalls as incoming traffic is another possible solution.

This approach is especially critical for mobile devices accessing network data via remote channels and public Wi-Fi. With the increasing mobility of employees who frequently and easily access cloud services from coffee shops and airports, companies need to make sure that all their active user and device directories remain up-to-date, and that the network is constantly monitored to ensure all users are following best practices. This requires taking regular inventory of the devices and users accessing the network — quarterly, monthly, or even weekly — to ensure that unverified traffic is easy to spot on a rolling basis. The more rigorous that security teams are in making sure their reference points are up-to-date, the more effective their use of leading cybersecurity tools will be in preventing data exfiltration.

Related Content:

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11771
PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715
PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.