Mobile Threats
Mobile Threats
The desire to a mobile-first organization is changing the dynamic of new mobile-enabled services. It forces enterprises to operate in new realities:
BYOD programs serve a broad range of people, all of whom actually control their own devices and apps.
New demands placed on mobile devices not built to withstand modern threats.
At the same time, new global cybercrime arises, derived by greed, hacktivism, and the quest for more economic power and political control. The increasing use of mobile organizational practices enlarges the attack surface for hackers, who only need a narrow space to succeed. For example:
Impersonate to a legitimate Cell Tower or a Wi-Fi hotspot and intercept or modify communications.
Solicit a careless user to install a Mobile Remote Access Trojan (mRAT) and assume complete control over the smartphone from afar and suck all the on-device data or take screenshots.
Inject a trusted Bluetooth credential via Near Filed Communications, dial the phone and listen to the surroundings.
Deliver iOS Malware using fake certificates or malicious profiles.
Transform a private call into a conference call.
Exploit the known SS7 inter-carrier network security flaw to locate a device and tap calls and messages.
The new wave of threats is turning enterprises to be both a target of cybercrime and a conduit of attacks directed at their employees.
Mobile devices remain soft targets of cybercrime, forcing secretive organizations to apply a more holistic strategy. They need to create a zero mistake environment. It means diminishing the attack surface, leaving nothing for the user judgment, eliminating in real-time security gaps left by COTS components, and being proactive.
