Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

// // //
4/24/2018
11:05 AM
Simon Marshall
Simon Marshall
Simon Marshall

Smartphones Remain the Most Vulnerable of Endpoints

The nature of mobile devices, especially smartphones, continues to make them the most vulnerable of endpoint devices. Here's why enterprise security teams need to stay vigilante.

Consumers all over the world continue to click and tap on bogus links on websites and mobile apps, losing personal information and money to conman phishing attacks.

Apart from the Internet of Things (IoT), consumer devices represent arguably the highest number of mobile endpoints, have notoriously poor security and are becoming the target of choice for malicious actors.

In fact, according to the latest figures from Microsoft, phishing remains the single biggest vector of all cyberattacks, largely because it's so much cheaper for attackers than other forms of exploitation.

Multiply the number of devices by the number of attacks, and couple that with the fact that mobile users are three times more vulnerable to phishing, and the risk factor is huge.

But the real issue, given the BYOD trend over the last 10 or so years, is that when the consumer population is at work, they're employees at organizations who may be underestimating the threat posed by phishing in the workplace.

URL click rates soar
A new report from Lookout, a San Francisco-based mobile endpoint security firm, analyzed 67 million mobile devices, revealing that the phishing URL click rate has increased an average of 85% year-over-year for the last seven years.

"Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways," said Aaron Cockerill, chief strategy officer at Lookout. "Mobile devices are rich targets for attack because they operate outside the perimeter and freely access not just enterprise apps and SaaS, but also personal services like social media and email. They may lack enterprise security but they enable enterprise access and authentication."

It will come as no surprise to enterprises that endpoints can make their networks porous, but the scale of the problem shows just how susceptible they are becoming. The report details that 56% of users received and clicked on a malicious URL, and showing personal vulnerability to repeat attacks, they clicked rogue links an average of six times a year per user.

In a staged security test, 25% of users at an organization clicked on a link sent by SMS that was spoofed to look like a local area number.

Why mobile is so vulnerable
Mobile devices present such a wide attack surface for phishing because they lack the same level of security as desktops, have small screens that are easily spoofed and use pathways into the device that are wider than just email.


Want to hear more about the leading operator use cases for AI technologies? Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

Smaller screens than desktop make spotting phishing threats much more challenging, and mobile users lack functionality which would help, such as being able to hover over a hyperlink to see the destination. Longer URLs are often truncated on-screen, further masking the destination.

Once an URL has been clicked, spoofed websites or apps take over, allowing lateral movement within the enterprise, where corporate firewalls and endpoint protection are circumvented. Email, SMS, social media apps and messaging platforms can hijack the user, steal login or personal data and then redirect into the corporate network.

Email makes organizations uniquely vulnerable, because about two-thirds of emails are opened first on mobiles as opposed to desktops. Sometimes, even a click from the user isn't necessary, as apps use URLs in their codebase to access real-time data that supports their functionality.

Malicious URL misdirects
A good example of this is that apps often use advertising to support revenue. Some apps incorporate an ad SDK in their code that delivers advertising to users. Attackers can use the SDK to misdirect to a malicious IRL which then displays a bogus ad that encourages users to unknowingly offer-up data about themselves or the enterprise.

ViperRAT surveillanceware made the news in 2015 when it was used to spy on the Android devices of servicemen in the Israeli Defense Force. The malware uploads contact details, steals photos, monitors device inputs including camera and mic, reads browsing history and screenshots capture data from other apps. Victims were lured to download the app by phishers posing as women on social media platforms.

The Dark Caracal campaign, attributed to the Lebanese security intelligence organization, used Android surveillanceware called Pallas to monitor users and exfiltrate data including documents, contact address books, text messages and application account data. It also selectively activated voice recording from the microphone, and captured elicit photos from the front and back devices cameras.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-37452
PUBLISHED: 2022-08-07
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVE-2022-26979
PUBLISHED: 2022-08-06
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.
CVE-2022-27944
PUBLISHED: 2022-08-06
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.
CVE-2022-2688
PUBLISHED: 2022-08-06
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be...
CVE-2022-2689
PUBLISHED: 2022-08-06
A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch t...