Smartphone malware rose by 400% in 2016, and touched an all-time high, with an estimated 8.5 million malicious installation packages in existence!
With mobility in the middle of a golden boom, it is no secret smartphones are in the crosshairs of cyber criminals. By October 2016, 1.35% of all mobile devices across the world had already succumbed to malware attacks, up from 1.06% in April 2016. With restricting mobile devices now no longer an option, here are some tips to keep your business safe, amidst the rising malware threat.
1. Monitor Usage
An enterprising cyber-attacker could exploit latent vulnerabilities in an app to take control of the device, and use it as a bot. The ready example is the Mirai botnet and the associated DDoS attacks, the most devastating attacks in 2016. Mirai turned computer systems into remotely controlled “bots,” primarily targeting devices such as remote cameras and home routers, and in the process exposing the latent vulnerabilities of the emerging Internet of Things.
Trying to prevent such infiltration is likely a losing battle. Android platforms, being open source, are very distributed with different manufacturers, operating system vendors, app vendors, handset makers, carriers, and other stakeholders in the mix. Malware can be slipped in at any point. Monitoring network activity using any of the available network monitoring or anti-malware tools could detect abnormal traffic, and pinpoint it to a source, offering an effective solution to the menace.
2. Update the OS Regularly
The focus of any respectable cyber-security strategy is to prevent the smart device getting compromised in the first place, rather than making amends after it is flawed. Keeping the operating system up-to-date is the first step towards this effort. One of the reasons Android and other operating systems issue updates regularly is, to offer patches for vulnerabilities that may have surfaced recently, and which cyber attackers may exploit. The situation is graver in Android OS than any other OS, considering devices with Android OS accounted for 81% of malware infections in the second half of 2016.
3. Be Careful of Downloads
Download apps only from trusted sources, preferably only the Google Play Store, Apple’s store, or the official store of the respective OS or enterprise. They have an approval process for accepting apps on the iTunes. If the app has gone viral and is around for while, it is likely to be safe. The user ratings and comments offer a good indication of the reliability of the app. Google’s “Bouncer” for instance scans for problem apps in the PlayStore. However, all these methods are not foolproof.
As far as possible, stay away from such third-party app stores, or any source outside the official app store. However, at times, downloading from such sources may become inevitable. In such an eventuality, perform a background check on the app developer. Seek out reviews of the app wherever possible as well. Always err on the side of caution.
Also, consider the permissions sought at the time of installation. In modern smartphones, each app has its own work environment and is unable to access other apps’ data. The extent of activity the app can do depends on the permission it is granted, to access the phone’s features and data. If the app asks for a permission it is unlikely to need to perform its intended function, it raises a huge red flag.
4. Use a VPN
Determined hackers are always on the prowl, and logging on to public Wi-Fi make oneself especially vulnerable. Hackers on the same network have several tools to snoop on user activity. Encrypting the connection using a virtual private network (VPN) is a safe practice when using public connections.
5. Deploy an Antivirus Suite
An antivirus suite may seem obsolete in smartphone’s where each app works in isolation, depending on the privileges it receives. However, a good antivirus suite still has its uses but not just offering antivirus protection, but scanning app activity. With smartphones being used extensively for browsing, such anti-virus suites scan for malicious URL and shields the phone. Many antivirus suites offer value-added features, such as blacklisting problem numbers, ability to PIN protect private apps, Wi-Fi scanning options for improved security, and more.
6. Have Precautions in Place
At times, even with the precautions, malware inevitably strike. The hacker may not even have to slip in the malware. Merely following the smartphone owner and stealing the smartphone during one careless moment may do the trick in accessing sensitive corporate data.
Deploying a lock screen, having a remote wipe feature activated to use in case the smartphone is lost or compromised, activating the remote track facility, limiting remote access to internal apps or programs that involve sensitive corporate data, and more are some of the other features to protect the data even if the smartphone itself is compromised.
Very often, the weakest link in the security chain is not the technology, but the people. Often it is the failure in basic security practices or lack of common sense from employees that throw open the door for hackers to make their entry. Training and awareness, even on those things considered too obvious, can never be underestimated.
Have a solid and comprehensive mobile device management (MDM) strategy which encompasses and integrates all facets of security. Whether it is building state of the art cutting edge apps, with solid inbuilt security features, or instituting and deploying a company-wide security policy, we have the experience and expertise to do it and make an ideal partner for all your requirements.
Stay up to date
on whats new
Get a free
Talk to our experts today
about your business
Security remains a key concern in the cyber-space, with cyber-attackers striking at will, limited only by the extent of their determination. Many incumbent security apparatuses have big holes, but the security industry is ever-evolving, constantly adapting to remain one-up on cyber-criminals and offer robust security for new paradigms such as mobile and cloud at the same time.
Here are some of the emerging security technologies to consider for your organization
Newer Malware Detection Models
With many traditional models being an utter flop in preventing cyber-breaches, organizations are looking at newer models to detect malware.
The ingenuity of cyber criminals has rendered the traditional signature-based model of detecting malicious files obsolete. Many organizations now consider other methods, such as machine learning-based mathematical models, or testing suspicious files in a virtual sandbox. Cost-effective SaaS-based security scanning services has also caught on in a big way, considering most attackers target the configuration weakness and code vulnerabilities.
Many security providers offer solutions that fix attribution on attackers and profile them. San Francisco-based Mykonos Software fingerprint cyber criminals based on their intent and skills and inject the attack platform with a token to block future attacks.
Crowd-sourcing is making a mark in security as well. Palo Alto Networks, a Santa Clara, California-based company has pioneered this front with its Wildfire platform that uses a cloud-based malware analysis environment, to share threat information with all subscribers.
Even as some conventional security services has flopped, others such as trust services and encryption retain their relevance. However, these services too are under considerable stress, owing to developments in technology.
IoT boom overwhelms Trust Services with the need to support billions of devices, many with limited processing capability. Some leading-edge approaches adopted by organizations to cope up with the challenge include the use of distributed trust and block chain-like architectures.
Likewise, while full encryption of the data before saving it in the cloud addresses the security needs, it impedes usability. Homomorphic encryption, which allows categorizing and mining encrypted files, is gaining traction now, as a solution.
In today’s BYOD era, trying to control the employee’s phone is akin to ordering the tides to go back. Security experts have long realized the more efficient way is to enforce security at the application level, and deploy application containers or wrappers for the purpose.
Likewise, more and more organizations look at hardware isolation to contain attacks. Secure virtual containers are becoming familiar to insulate web browsers, PDF readers, and other executable files. Bromium, a Cupertino, a California-based company has launched a micro-visor that isolates system processes.
Another fortification measure that has caught on is “micro-segmentation,” or more intense granular segmentation of east/west traffic in the networks. Typically, attackers can move around the network at will, once they gain entry. Visualization tools that make explicit flow patterns, and allow admins to set segmentation policies, thwart such free movement and contain the damage to a small area. Point-to-point IPsec tunnels and cryptographic isolation between workloads are some tools that help contain the breach to the particular area, post-visualization.
Deceiving the Deceiver
With perimeter fencing having all but lost the battle to cyber-attackers, more and more organizations now resort to deception.
Deception technology tries to beat malware at its own game, by resorting to various deceptive tricks against it. The most common method is deploying honeypots to create fake vulnerabilities, and lure the attackers into distributed endpoint decoy systems. When the attackers touch an emulator that serves as a honeypot, the security system triggers the alarm.
Gartner predicts about 10% of enterprises to use deception tools and tactics, by 2018.
Dissuading the Attacker
If organizations can identify the motive of the cyber attacker, they can work to remove the motivation, and hence deter the attacker. Most targeted attacks aim to steal intellectual property and other information that has commercial value. Many organizations now indulge in comprehensive risk assessments, to identify tempting targets resident in their systems. They can either beef up security around such critical assets or even take such assets offline.
Denying the Attackers
Organizations now deploy various innovative measures to deny attackers. One measure which has gained considerable traction is remote browsers. Most attacks target end-users with malware-infected URLs, email, and messages. A remote “browser server,” isolates the browsing function from the rest of the endpoint and corporate network, thereby keeping malware off of the end user’s system, and reducing the risk manifold.
Indulging in Deep Profiling
Accenture’s 2013 Technology Vision document is a perfect example of deep authentication, authorizing users based on their location, time of day, and several other factors that make it virtually impossible for even legitimate or familiar users to gain unauthorized access.
Today’s organizations go even beyond, many of them deploying artificial intelligence empowered systems that understand legit users’ daily activity profile, place login attempts in context, and take risk-based decisions in real-time. For instance, an employee who has no business to travel suddenly making a login attempt from Timbuctoo raise a serious red flag, and cause a lock-down.
User and entity behavioral analytics (UEBA) generates deep insights on not just user behavior, but also on endpoints, networks, and applications. Organizations need to factor in such analytics to an intelligence-driven security operations center (SOC) and adopt event-based monitoring in a big way.
Beefing Up the Authentication
Most organizations now employ multi-factor authentication. The password nevertheless remains the primary authentication mechanism. It has been a cat-and-mouse game between security experts and cyber criminals, with the increased complexity of the passwords invariably matched by advancements in password-cracking technologies. Security experts are toying with substituting passwords with biometric authentication methods. Only the difficulty in wrapping hardware and software around biometrics has prevented this move from becoming mainstream.
However, hardware tokens as part of the authentication process are now mainstream. Intel’s new, sixth-generation Core vPro processor offers “Authenticate” solution that validates a user through permutations of various hardware-enhanced factors. Hardware authentication is not just useful to secure traditional endpoints such as laptops and mobiles, but it even more critical in the IoT world, where a network needs to ensure the thing trying to gain access should have access to it.
Deploying the latest technology alone, however, does not guarantee security. Even the best security method falters in isolation. What is needed is a comprehensive analysis and deployment of the appropriate security measures as part of an integrated whole. Get in touch with us for a comprehensive security assessment and implementation of the right security suite, in the right way.
Stay up to date
on whats new
Get a free
Talk to our experts today
about your business
Do you remember the popular, James Stewart starrer, 1946 classic “It’s a Wonderful Life?
According to this movie, every time a bell rings, an angel gets wings.
Applying the same theory with the modern world today, it would go something like this:
Every time a programmer makes an application security error, a customer loses his/her confidential credit card information.
I’m talking about serious application security breaches that have recently gone way up in frequency as well as severity. Let’s take a look at some recent shocking facts.
According to the 2014 IBM X-Force Threat Intelligence Quarterly, that was just recently issued, almost half a million records were jeopardized in 2013. It also shows how the incidents of cyber attacks and breaches have increased from 2009 till the end of 2012, and how it persisted throughout 2013.
Some other observations from the report are as follows:
– SQL injection was identified as one of the main breach vectors since the tracking of public breaches began.
– Apart from all the recorded data, there are a substantial number of breaches that go undisclosed too.
Another interesting fact that was brought to light through the report, though not explicitly mentioned in it, is that Java-based threats and vulnerabilities have increased by almost three times since 2012. Now this is no surprise as, considering how Java enables cross-platform benefits, it also brings with it the same level of exposure to attacks across platforms. Once written, it can be deployed everywhere, but in the same way, it is vulnerable to multi-platform attacks.
“Java-based threats and vulnerabilities have increased by almost three times since 2012”
The ugly truth
As much as we hate to face the truth, the damages that data breaches can cost, are pretty staggering. The average cost of a data breach can go up to $ 7.2 million for a business, due to factors like Government fines, litigation, costs to repair and brand erosion. And it takes almost 80 days to detect a data breach, plus another 123 days or more than 4 months, to resolve the issue.
The costs involved in remediation at different stages of a project can be different, although the later in the stage, the higher the amount. A fix in the development stage costs about $80 per defect while one in the production stage can cost almost $7,600 per defect.
So it is clear from all these figures that, fixing application security issues in coding, while in the development stage can save all of us a load of money, not to mention efforts and mental suffering.
So what can you do to avoid this mess?
Tips to enhance application security
A data breach can put you through some of the worst days of your life for sure. But it’s not like there is nothing you can do about it. As a matter of fact, you can save yourself from almost 80% of the consequences by taking care of a few simple things. Here is what you can do:
- Sanitizing user input – This step mainly helps to prevent SQL injection attacks as well as cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks. SQL injection targets web servers and XSS/XSRF attacks clients by corrupting the HTML that is given to the browser. You need to check all apostrophes while entering into the database and remove or neutralize them. This prevents people from running their own SQL code in your database. You should also take care to never use POST and GET variables directly in SQL queries. This way even if a user enters malicious data, the sanitize function will filter the data entered by the user before sending it to the database.
– Using White listed values
– Using in-built escape functions
– Data type validation processes
– Re-validating selections
- Incorporating static and dynamic application security testing processes – While SAST and DAST are not exactly the substitutes to secure coding practices, they can help in finding errors or mistakes that you might miss. They not only help in identifying latent security compromises but also be a part of your source control system and help train developers learn more about how exactly vulnerability manifests itself. Such application scanning systems can also figure out other incessant defects, and allow you to focus more on training efforts.
- Disabling error reporting features – Features, like the PHP error reporting feature, which are in-built, often help developers in resolving problems by displaying error messages on the page. While this may be helpful for the developers in fixing bugs, it may allow hackers to access important information like database login information. Hence, such features should be disabled.
- Better training on secure coding practices – This is something that requires the support and help of the management. They need to arrange and also fund training programs specifically for secure coding practices and ethical hacking classes. This allows developers to channel their efforts, the attacker in them, mailing lists and many other resources to combat security threats, and get up to speed on counter techniques and defensive programming.
Simple steps like these can go a long way into avoiding huge security issues. These were just some of the measures to avoid common problems. There are many more. What do you think can be added to this list? Let’s discuss.