Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

// // //
4/24/2018
11:05 AM
Simon Marshall
Simon Marshall
Simon Marshall

Smartphones Remain the Most Vulnerable of Endpoints

The nature of mobile devices, especially smartphones, continues to make them the most vulnerable of endpoint devices. Here's why enterprise security teams need to stay vigilante.

Consumers all over the world continue to click and tap on bogus links on websites and mobile apps, losing personal information and money to conman phishing attacks.

Apart from the Internet of Things (IoT), consumer devices represent arguably the highest number of mobile endpoints, have notoriously poor security and are becoming the target of choice for malicious actors.

In fact, according to the latest figures from Microsoft, phishing remains the single biggest vector of all cyberattacks, largely because it's so much cheaper for attackers than other forms of exploitation.

Multiply the number of devices by the number of attacks, and couple that with the fact that mobile users are three times more vulnerable to phishing, and the risk factor is huge.

But the real issue, given the BYOD trend over the last 10 or so years, is that when the consumer population is at work, they're employees at organizations who may be underestimating the threat posed by phishing in the workplace.

URL click rates soar
A new report from Lookout, a San Francisco-based mobile endpoint security firm, analyzed 67 million mobile devices, revealing that the phishing URL click rate has increased an average of 85% year-over-year for the last seven years.

"Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways," said Aaron Cockerill, chief strategy officer at Lookout. "Mobile devices are rich targets for attack because they operate outside the perimeter and freely access not just enterprise apps and SaaS, but also personal services like social media and email. They may lack enterprise security but they enable enterprise access and authentication."

It will come as no surprise to enterprises that endpoints can make their networks porous, but the scale of the problem shows just how susceptible they are becoming. The report details that 56% of users received and clicked on a malicious URL, and showing personal vulnerability to repeat attacks, they clicked rogue links an average of six times a year per user.

In a staged security test, 25% of users at an organization clicked on a link sent by SMS that was spoofed to look like a local area number.

Why mobile is so vulnerable
Mobile devices present such a wide attack surface for phishing because they lack the same level of security as desktops, have small screens that are easily spoofed and use pathways into the device that are wider than just email.


Want to hear more about the leading operator use cases for AI technologies? Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

Smaller screens than desktop make spotting phishing threats much more challenging, and mobile users lack functionality which would help, such as being able to hover over a hyperlink to see the destination. Longer URLs are often truncated on-screen, further masking the destination.

Once an URL has been clicked, spoofed websites or apps take over, allowing lateral movement within the enterprise, where corporate firewalls and endpoint protection are circumvented. Email, SMS, social media apps and messaging platforms can hijack the user, steal login or personal data and then redirect into the corporate network.

Email makes organizations uniquely vulnerable, because about two-thirds of emails are opened first on mobiles as opposed to desktops. Sometimes, even a click from the user isn't necessary, as apps use URLs in their codebase to access real-time data that supports their functionality.

Malicious URL misdirects
A good example of this is that apps often use advertising to support revenue. Some apps incorporate an ad SDK in their code that delivers advertising to users. Attackers can use the SDK to misdirect to a malicious IRL which then displays a bogus ad that encourages users to unknowingly offer-up data about themselves or the enterprise.

ViperRAT surveillanceware made the news in 2015 when it was used to spy on the Android devices of servicemen in the Israeli Defense Force. The malware uploads contact details, steals photos, monitors device inputs including camera and mic, reads browsing history and screenshots capture data from other apps. Victims were lured to download the app by phishers posing as women on social media platforms.

The Dark Caracal campaign, attributed to the Lebanese security intelligence organization, used Android surveillanceware called Pallas to monitor users and exfiltrate data including documents, contact address books, text messages and application account data. It also selectively activated voice recording from the microphone, and captured elicit photos from the front and back devices cameras.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25136
PUBLISHED: 2023-02-03
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting thi...
CVE-2023-25139
PUBLISHED: 2023-02-03
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of ...
CVE-2022-48074
PUBLISHED: 2023-02-03
An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
CVE-2023-25135
PUBLISHED: 2023-02-03
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are...
CVE-2022-4634
PUBLISHED: 2023-02-03
All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.