Trends In Mobile Device Threats

[Excerpted from "Trends in Mobile Device Threats," a new report posted this week on Dark Reading's Advanced Threats Tech Center.]

Attacks on enterprise networks have gotten more sophisticated as attackers seemingly target every new technology as soon as it becomes available. The rapid adaptation comes for many reasons, but a primary one is that security professionals have become adept at protecting their network perimeters with next-generation firewalls and intrusion-prevention systems. These perimeter protections leave attackers with a smaller attack surface, forcing them to look for new avenues.

That need to find new attack vectors has led to a massive increase in exploits targeting client-side applications such as Adobe Acrobat and Flash, Java and Web browsers. Attackers have had to adapt their tactics, and they have found that targeting users is easier than targeting the decreasing number of exposed servers at the perimeter. A successful exploit against a user often gives an attacker direct control of an asset inside the user's network.

While enterprise security professionals struggle to protect their users' workstations from zero-day exploits and negative user behaviors, they're finding that the job is only getting harder as new targets of opportunity have presented themselves -- mobile devices, including smartphones and tablets. Indeed, mobile devices present a whole new playing field for attackers to target corporate networks and the juicy data stored within.

Mobile devices can become an attack vector against corporate networks in several ways. The first and simplest is that mobile devices contain lots of data. Much of that data is not sensitive, but there's plenty that could provide an attacker with enough information to penetrate the internal network, such as email accounts, user passwords and company VPN credentials. For example, an email address and password stored on the device may be all that's needed to login remotely to the company VPN.

Access to a user's email account alone may provide an attacker with a wealth of data. Just look at many of the targeted Anonymous attacks. How many of those included email dumps?

The devices themselves can serve as a conduit directly into an enterprise network in a few different ways. For example, if an attacker were to get custom malware onto the mobile device, he or she could use that to connect through the VPN connection on the device and attack the internal network. When a VPN connection is not available, the hacker is left to find more interesting avenues.

Once a mobile device has an attacker's malware on it, the attacker could try to infect the user's workstation via USB if plugged in and used as a removable storage device.

A more interesting attack scenario is one in which an infected mobile device connects to the corporate network. Once such a device is on the network, an attacker can use it to scan and attempt to exploit vulnerabilities; provide a back door into the network for the attacker; or passively collect user names, passwords and files from the network and upload them to the attacker.

To find out more about the mobile vectors attackers are using to gain entry to the enterprise -- and what you can do about them -- download the free report on mobile threats.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.