Endpoint //

Privacy

5/9/2018
02:55 PM
50%
50%

Phishing Threats Move to Mobile Devices

Mobile devices are emerging as a primary gateway for phishing attacks aimed at stealing data.

A mobile user is 18 times more likely to be exposed to a phishing attempt than to malware, according to a new report on techniques and technologies that try to get a user to be an accomplice in their own victimization.

While employees have been taught to be suspicious of links and attachments in email, there is considerably less scrutiny of channels like SMS, Skype, WhatsApp, games, and social media. "As more communications take place over mobile devices, organizations haven't changed their thinking to cover the modes of communications taking place on the devices," says Michael Covington, vice president of product at Wandera, which published the report.

Mobile devices are the technology channel on which personal employee and corporate apps and data come together, and criminal hackers are taking advantage of that to reach enterprise credentials through personal communications.

"You can train an employee to not be a victim, but the mobile attacks are so compelling that education isn't enough," Covington says. "We want to see corporations move into the present, recognize the risk and mitigate the risk."

That risk is considerable. According to Wandera's mobile phishing report, the average iOS user has 14 different accounts on their work phone, typically including services such as Amazon, Paypal, and Airbnb. On Android, the number jumps to 20 unique apps. And both messaging and social media apps increased in popularity as an attack vector by more than 100% in 2017, with no sign of that growth slowing in 2018.

While email remains the most common target of phishing attackers, the effectiveness has been dramatically reduced by improving defense systems and years of employee training, the report notes. Fewer than one in five successful attacks originate with email phishing campaigns on desktop and mobile devices. That's not to say that phishing as a tactic is going away.

According to the Verizon 2018 Data Breach Investigations Report, 90% of cyberattacks begin with phishing. There's a good reason for that, Covington says, especially in the mobile domain. "To be perfectly honest, these mobile devices are pretty hardened," he says. "They do have problems, we have seen them exploited, but if you look at something like the current iOS it's pretty hardened. Phishing allows an attacker to bypass all of those protections."

There are companies that see statistics such as those around phishing through apps and decide that the solution is to lock down apps. But that's not an effective solution to the problem, according to Wandera.

"Phishing attacks have been observed in practically every single form of communication on mobile devices, including Skype, QQ, WeChat, Viber and Kik. Clearly this is a problem at scale that cannot be solved through blocking certain apps, or through app- centric controls," the report said. "Phishing attacks have been observed in practically every single form of communication on mobile devices, including Skype, QQ, WeChat, Viber and Kik. Clearly this is a problem at scale that cannot be solved through blocking certain apps, or through app-centric controls."

Mobile phishing attacks have become more sophisticated and effective as the stakes have increased. As Mike Murray, vice president of security intelligence at Lookout said in an InteropITX session, "Mobile has become not just a target, but the primary target in the enterprise."

"Mobile has a gap and often it's the user sitting on the other side of the interface," says Covington. That danger of that gap is amplified by the behavior of the companies where they work. Covington explains, "Most organizations want to stop phishing and protect data with GDPR coming online. Neither is being addressed with mobile."

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280
PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960
PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278
PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...