Intelligent protection to survive the new mobile threat

As mobile devices have become more powerful and business-critical, they are now the focus of cybercriminals’ attention.

“For many years, mobile devices were not that powerful and were not widely used in business activities other than calling and email,” explains Cyril Alcover, Security Product Manager at Orange Cyberdefense. “But these days mobile devices are used for all sorts of work processes.”

This is such a big change that traditional IT security models need to be reinvented to meet the changing enterprise technology environment. Over two-thirds of Global 2000 organizations have already experienced a data breach as a result of employees using mobile devices, according to Gartner.

And these are not isolated cases. According to a 2016 Ponemon Institute report, three percent of enterprise mobile devices are infected with malware and each one can cost an organization an average of $9,485.

With so many potential victims, cybercriminals are diversifying their attack vectors. “We have seen scenarios in which attackers will stage one sort of attack on iOS, another on Android, and yet another on Windows, but all share the same command and control server,” said Check Point Head of Marketing, Brian Gleeson.

What are the most common threats?

There’s no complete list of attack types, but they span man-in-the-middle attacks, complex phishing attacks, ransomware, fake advertising scams and even attempts to take over devices for use as criminal botnets.

That’s even before attacks on infrastructure, like Stuxnet; attacks using little-known vulnerabilities within standards (such as the BlueBorne root takeover attack on Bluetooth), or the threat posed when employees use non-approved apps and online data storage services.

In 2015, criminals created XcodeGhost, a fake version of Apple’s software development tools that injected malware into apps built using the software. Several infected apps were then sold through Apple’s App Store before the problem was identified.

The challenge with this proliferation of different forms of attack is that enterprise security chiefs simply can’t rely on traditional defenses, such as virus checkers, firewalls, native sandboxing and enterprise mobility management (EMM) tools for total protection.

“We’re finding that most enterprises are experiencing these attacks, they just don’t know it, they don’t have visibility into it,” Check Point’s Gleeson explains. Noting the focus on ransomware, he warns, “Mobile malware is 35 times more prevalent than ransomware. It can go undetected for over a year in an organization and is twelve times more profitable.”

What can be done?

Mobile Threat Protection (MTP) tools are the next step in the evolution of enterprise security, used with existing security protections and EMM tools.

These systems don’t just identify threats, they also work to mitigate against attacks that do take place. They scan devices for the signs of malware and monitor network activity for inappropriate activity.

“The first thing is to know you are being attacked,” says Alcover. “If you do not have any means to detect such an attack, then it is difficult to see and to know you are getting attacked.” Check Point estimates that around a quarter of organizations have no way of knowing if they have experienced an attack or breach.

MTP solutions support multiple operating systems and work tirelessly to identify exploits, such as jailbreaks, root attacks, malware, network and SMS attacks. Because these systems are cloud-based, they can deliver protection with minimal impact on device performance or battery life and can apply protection across an organization’s digital assets as soon as they encounter one instance of an attempted exploit.

MTP solutions typically support multiple clients, which helps the solution provider build a very extensive and up-to-date list of attacks. For example, Check Point’s current database holds details of over 500,000,000 malicious file hashes, 250 million command and control addresses, and 11 million malware behavior signatures. This data is updated regularly with information from other security firms as new threats are found.

"Mobile threat defense is emerging as a must-have puzzle piece for successful enterprise mobility deployment and management," said Mike Jennett, Research Vice President, Enterprise Mobility Strategies, at IDC.

As mobile devices replace PCs for many more tasks, enterprises are waking up to the need to provide them with serious security protection. As the nature of attacks changes, visibility and fast response are becoming critical. “The first thing is to know you are being attacked,” explains Cyril Alcover. “If you do not have any means to detect such an attack, then it is difficult to see and to know that you are getting attacked.”

The Orange Mobile Threat Protection solution provides such protection. A cloud-based solution based on Check Point’s technology, it uses threat emulation, advanced static code analysis, app reputation, and machine learning to analyze device security. The cloud-based Behavioral Risk Engine identifies suspicious behavior, while newly installed apps are sandboxed in an emulator for security vetting before being fully installed.

Join our webcast, A new era of mobile threats demands a new form of defense, to learn more.