Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

11:05 AM
Simon Marshall
Simon Marshall
Simon Marshall

Smartphones Remain the Most Vulnerable of Endpoints

The nature of mobile devices, especially smartphones, continues to make them the most vulnerable of endpoint devices. Here's why enterprise security teams need to stay vigilante.

Consumers all over the world continue to click and tap on bogus links on websites and mobile apps, losing personal information and money to conman phishing attacks.

Apart from the Internet of Things (IoT), consumer devices represent arguably the highest number of mobile endpoints, have notoriously poor security and are becoming the target of choice for malicious actors.

In fact, according to the latest figures from Microsoft, phishing remains the single biggest vector of all cyberattacks, largely because it's so much cheaper for attackers than other forms of exploitation.

Multiply the number of devices by the number of attacks, and couple that with the fact that mobile users are three times more vulnerable to phishing, and the risk factor is huge.

But the real issue, given the BYOD trend over the last 10 or so years, is that when the consumer population is at work, they're employees at organizations who may be underestimating the threat posed by phishing in the workplace.

URL click rates soar
A new report from Lookout, a San Francisco-based mobile endpoint security firm, analyzed 67 million mobile devices, revealing that the phishing URL click rate has increased an average of 85% year-over-year for the last seven years.

"Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways," said Aaron Cockerill, chief strategy officer at Lookout. "Mobile devices are rich targets for attack because they operate outside the perimeter and freely access not just enterprise apps and SaaS, but also personal services like social media and email. They may lack enterprise security but they enable enterprise access and authentication."

It will come as no surprise to enterprises that endpoints can make their networks porous, but the scale of the problem shows just how susceptible they are becoming. The report details that 56% of users received and clicked on a malicious URL, and showing personal vulnerability to repeat attacks, they clicked rogue links an average of six times a year per user.

In a staged security test, 25% of users at an organization clicked on a link sent by SMS that was spoofed to look like a local area number.

Why mobile is so vulnerable
Mobile devices present such a wide attack surface for phishing because they lack the same level of security as desktops, have small screens that are easily spoofed and use pathways into the device that are wider than just email.

Want to hear more about the leading operator use cases for AI technologies? Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

Smaller screens than desktop make spotting phishing threats much more challenging, and mobile users lack functionality which would help, such as being able to hover over a hyperlink to see the destination. Longer URLs are often truncated on-screen, further masking the destination.

Once an URL has been clicked, spoofed websites or apps take over, allowing lateral movement within the enterprise, where corporate firewalls and endpoint protection are circumvented. Email, SMS, social media apps and messaging platforms can hijack the user, steal login or personal data and then redirect into the corporate network.

Email makes organizations uniquely vulnerable, because about two-thirds of emails are opened first on mobiles as opposed to desktops. Sometimes, even a click from the user isn't necessary, as apps use URLs in their codebase to access real-time data that supports their functionality.

Malicious URL misdirects
A good example of this is that apps often use advertising to support revenue. Some apps incorporate an ad SDK in their code that delivers advertising to users. Attackers can use the SDK to misdirect to a malicious IRL which then displays a bogus ad that encourages users to unknowingly offer-up data about themselves or the enterprise.

ViperRAT surveillanceware made the news in 2015 when it was used to spy on the Android devices of servicemen in the Israeli Defense Force. The malware uploads contact details, steals photos, monitors device inputs including camera and mic, reads browsing history and screenshots capture data from other apps. Victims were lured to download the app by phishers posing as women on social media platforms.

The Dark Caracal campaign, attributed to the Lebanese security intelligence organization, used Android surveillanceware called Pallas to monitor users and exfiltrate data including documents, contact address books, text messages and application account data. It also selectively activated voice recording from the microphone, and captured elicit photos from the front and back devices cameras.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.