Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

11:05 AM
Simon Marshall
Simon Marshall
Simon Marshall

Smartphones Remain the Most Vulnerable of Endpoints

The nature of mobile devices, especially smartphones, continues to make them the most vulnerable of endpoint devices. Here's why enterprise security teams need to stay vigilante.

Consumers all over the world continue to click and tap on bogus links on websites and mobile apps, losing personal information and money to conman phishing attacks.

Apart from the Internet of Things (IoT), consumer devices represent arguably the highest number of mobile endpoints, have notoriously poor security and are becoming the target of choice for malicious actors.

In fact, according to the latest figures from Microsoft, phishing remains the single biggest vector of all cyberattacks, largely because it's so much cheaper for attackers than other forms of exploitation.

Multiply the number of devices by the number of attacks, and couple that with the fact that mobile users are three times more vulnerable to phishing, and the risk factor is huge.

But the real issue, given the BYOD trend over the last 10 or so years, is that when the consumer population is at work, they're employees at organizations who may be underestimating the threat posed by phishing in the workplace.

URL click rates soar
A new report from Lookout, a San Francisco-based mobile endpoint security firm, analyzed 67 million mobile devices, revealing that the phishing URL click rate has increased an average of 85% year-over-year for the last seven years.

"Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways," said Aaron Cockerill, chief strategy officer at Lookout. "Mobile devices are rich targets for attack because they operate outside the perimeter and freely access not just enterprise apps and SaaS, but also personal services like social media and email. They may lack enterprise security but they enable enterprise access and authentication."

It will come as no surprise to enterprises that endpoints can make their networks porous, but the scale of the problem shows just how susceptible they are becoming. The report details that 56% of users received and clicked on a malicious URL, and showing personal vulnerability to repeat attacks, they clicked rogue links an average of six times a year per user.

In a staged security test, 25% of users at an organization clicked on a link sent by SMS that was spoofed to look like a local area number.

Why mobile is so vulnerable
Mobile devices present such a wide attack surface for phishing because they lack the same level of security as desktops, have small screens that are easily spoofed and use pathways into the device that are wider than just email.

Want to hear more about the leading operator use cases for AI technologies? Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

Smaller screens than desktop make spotting phishing threats much more challenging, and mobile users lack functionality which would help, such as being able to hover over a hyperlink to see the destination. Longer URLs are often truncated on-screen, further masking the destination.

Once an URL has been clicked, spoofed websites or apps take over, allowing lateral movement within the enterprise, where corporate firewalls and endpoint protection are circumvented. Email, SMS, social media apps and messaging platforms can hijack the user, steal login or personal data and then redirect into the corporate network.

Email makes organizations uniquely vulnerable, because about two-thirds of emails are opened first on mobiles as opposed to desktops. Sometimes, even a click from the user isn't necessary, as apps use URLs in their codebase to access real-time data that supports their functionality.

Malicious URL misdirects
A good example of this is that apps often use advertising to support revenue. Some apps incorporate an ad SDK in their code that delivers advertising to users. Attackers can use the SDK to misdirect to a malicious IRL which then displays a bogus ad that encourages users to unknowingly offer-up data about themselves or the enterprise.

ViperRAT surveillanceware made the news in 2015 when it was used to spy on the Android devices of servicemen in the Israeli Defense Force. The malware uploads contact details, steals photos, monitors device inputs including camera and mic, reads browsing history and screenshots capture data from other apps. Victims were lured to download the app by phishers posing as women on social media platforms.

The Dark Caracal campaign, attributed to the Lebanese security intelligence organization, used Android surveillanceware called Pallas to monitor users and exfiltrate data including documents, contact address books, text messages and application account data. It also selectively activated voice recording from the microphone, and captured elicit photos from the front and back devices cameras.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing Writer,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-05
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.