Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

3/9/2020
09:00 AM
By Avihai Ben-Yossef, Co-Founder & CTO, Cymulate
By Avihai Ben-Yossef, Co-Founder & CTO, Cymulate
Sponsored Article
50%
50%

Is Smishing the New Backdoor?

Scammers are adding smishing attacks to their arsenal and for good reason, the open rate for text messages is an alarming 98%. So, what exactly is smishing?

What Is Smishing?
Smishing is a combination of the words SMS and phishing and is a type of social engineering attack orchestrated to obtain personal information such as credit card details, banking info, Social Security details, or passwords.

Smishing differs from traditional phishing attacks in that it targets text messages instead of emails. Smishing attacks happen more often than you may think. In 2019, 84% of infosec professionals reported that their organization experienced a smishing attack.

More recently, Amazon customers reported texts that they genuinely believed were sent out from FedEx, asking them to set up delivery preferences for receiving packages, complete with a bogus tracking code. When the unsuspecting victims clicked on the link, they were asked to enter their Amazon credentials, which were then harvested by the scammers.

Hackers are always on the lookout for new techniques, particularly on mobile devices that are notoriously unsecured. SMS messages make perfect targets since they appear more personal and are trickier to detect.  

How Smishing Works  
Scammers pose as banks or online retailers sending you a "legit-looking" text message that creates a sense of urgency, asking you to update your account or information because it might be "compromised."

Once you click on the embedded text link, you will then be redirected to a page that is nearly identical to your bank's website or other trusted sites that appear familiar to you.

Hackers use this technique to obtain sensitive information such as credentials, credit card info or Social Security details, or to deploy the latest malware on your smartphone.  

SMS Phishing Attacks — The New Foothold into Corporate Wi-Fi Networks
Organizations are at high risk from smishing attacks due to employees that have BYOD or Bring Your Own Device, policies. Since BYOD devices aren't strictly controlled by an organization, company information can become vulnerable to malicious attacks.

What's even more troubling is that they might not even be aware of it until it's too late.  

Here's how it works.  

Smishing provides hackers a way to bypass the security controls of a secured infrastructure by targeting a connected mobile device of an employee or guest. A weaponized SMS can compromise the mobile device providing the initial foothold into the corporate Wi-Fi and giving the hacker total control of the device.

The next step of the attack would be to move laterally to a corporate endpoint, completely bypassing perimeter security controls.

Once inside the network, hackers can steal sensitive company information and trade secrets, capture user ID and passwords, or infect the network with ransomware and a plethora of worms. The end results can be crippling to an organization, especially when the breach goes public.  

How to Protect Yourself from Smishing Attacks
Endpoint security controls are considered the last bastion or layer of defense, so you need to be sure that they are working at full effectiveness against infection and lateral movement. Testing endpoint security controls must be continuous vis-à-vis new attack tactics and techniques.

And given the fact that the open rate for a text message is an alarming 98%, it should come as no surprise that this simple point of entry will become the next backdoor into a corporate network.

We have already seen how hackers stole a casino's database from a connected thermometer in a fish tank, so why not through a BYOD phone? That said, here are a few additional ways to minimize the risks of a smishing attack:

Security Controls

  • Place security controls between guest and BYOD Wi-Fi networks and the corporate Wi-Fi and LAN.

  • Make sure your endpoint security settings are continuously up to date.

  • Set up an effective and continuous endpoint security assessment program to ensure that the settings are operating at maximum efficacy.

  • Deploy mobile security management solutions where possible.

Employee Education

  • Never click on links from anyone you don't know or trust.

  • Never install software promoted via text message.

  • Think twice before sharing credentials and other sensitive information.

  • Don't open messages that appear spammy and be wary of words such as "Congratulations" or "Urgent" and "Free." If it sounds too good to be true, it's most likely a smishing attack. 

Endpoint Security Assessment
Read more about how Cymulate's comprehensive endpoint security assessment checks that your systems and apps are properly tuned to defend against signature and behavior-based attacks.

Cymulate also provides you with a risk score and detailed report showing exactly where and how your company is exposed with directions for closing security gaps using your existing security controls.

About the Author: Avihai Ben-Yossef, Co-Founder & CTO, Cymulate
Avihai Ben-Yossef is the co-founder and CTO of Cymulate. At age 26, Avihai and co-founder Eyal Wachsman established Cymulate in 2016 to transform security testing for companies. Ben-Yossef has been recognized by Forbes Israel 30 under 30.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...