Top 5 Hazardous Enterprises Mobile Threats and Security Defense Measures

Top 5 Hazardous Enterprises Mobile Threats and Security Defense Measures. Most business employees today require some applications on the mobile side to do the work almost every day, but once a malicious attacker is targeting an application on your phone, the impact of the attack on the device may be a chain .

First, the five endanger the threat of mobile terminals

Lookout director of product David Richardson and his team study summed up the top five malware families on the move, posing as real business applications that tempt employees to download malware. Research shows that these five active mobile malware families typically emulate some enterprise applications, such as Cisco's business email applications, ADP, Dropbox, FedEx Mobile, Zendesk, Horizon Client for VMware, and VMware, often by stealing legitimate application names and package names, Blackboard's Mobile Learn and more.

1. Shuanet

Shuanet is able to automatically install itself on the device's system partition, gaining root privileges on the device for the purpose of further installation of other applications. These applications can be malicious or benign, pushed to the phone, and increased the chances of malware downloading. Shuanet may also push ads to devices.

The risk the business will face

The security status of the root device has changed. Many people use root privileges to customize their devices, but they often do not do the proper configuration of security and may not do regular software updates. In addition, malware such as Shuanet is automatically installed in the system partition and can not be easily removed even after the factory reset. Finally, installing app malware could introduce more malicious applications into the device, exposing the device and data to higher risks.

Examples of victim applications are: ADP Mobile Solutions, CamCard Free, Cisco Business Class Email (BCE), Duo Mobile, Google Authenticator, VMWare Horizon Client, Zendesk, Okta Verify.

2. AndroRAT

AndroRAT was originally developed to complete a university research project - creating a "remote management tool" that allows third parties to take control of a device and collect information such as contacts, call history, text messages, device location, and audio from the microphone. However, the tool is currently being maliciously exploited by some lawless elements.

The risk the business will face

Hidden remote access software can help attackers easily access corporate and personal data from mobile devices. In addition, persistent remote access to a mobile device can also help an attacker to intrude on corporate Wi-Fi and VPN connected to the infected device.

Examples of victim applications: Dropbox, Skype, Business Calendar

UnsafeControl

UnsafeControl collects contact information and downloads it to third-party servers, as well as sending spam messages to contact lists or sending SMS messages to the phone numbers assigned by its Command and Control (CNC) server. The contents of the message are also controlled by the CNC.

The risk the business will face

Malicious software like UnsafeControl can steal contact information, which is sensitive to many businesses. For example, the contact information on the sales president or vice president equipment is a company's great competitive advantage and virtual wealth.

Examples of victim applications: FedEx Mobile, Google Keep, Remote VNC Pro, Sky Drive, PocketCloud, Skype

PJApps

PJApps may collect and disclose the victim's phone number, mobile device's unique identifier (IMEI), and location. It may also send phishing messages to some good SMS numbers in order to expand the range of illegal profits. In addition, PJApps can download the application to the appropriate device.

The risk the business will face

Malware such as PJApps typically use their capabilities for revenue, but also have some technical relevance, such as the threat posed by cell phone location information, especially for executives' mobile devices. This information may relate to the business plan of the business. The ability of the malware to download other applications to the device actually provides a pass phrase for new malware to enter the device.

Examples of victim applications: CamScanner

5. Ooqqxx

Ooqqxx is actually an ad network, pushing ads to the notification bar, sending pop-up ads, creating shortcuts on the home screen, and downloading large files without permission.

The risk the business will face

These ads tend to interrupt the normal work of employees, so employees may also propose improvements to the IT department, all of which may affect the work efficiency of the employees to a certain extent. Time is money!

Examples of victim applications: Mobile from Blackboard, Evernote, PocketCloud, Remote Decktop, Adobe Reader, aCalendar

Second, from the developer point of view of the threat mobile terminal security defenses

Each person's smartphone, iPad and other smart devices have about 26-55 applications, usually including the following types: entertainment and games, banking app, some social media apps, slimming and plastic software and online shopping applications.

If just ordinary game software is attacked, you may not mind. In fact, many applications actually collect a lot of personal information you do not want others to see, such as your location, bank card information, and some photos.

From a development perspective, you must make sure that the application's code is not hacked through some protocol. Keval Baxi, chief executive of Codal, offers a number of dry bulk recommendations for securing mobile apps, primarily from a developer's perspective.

1. Access the API using token-based authentication

Many mobile applications do not design a proper authentication method, the nature of this behavior is actually data leakage. "Token" refers to data that does not make any sense by itself, but the token system is accurate and is the key way to secure mobile applications. Token-based authentication needs to verify the authenticity of each API request sent to the server, and the request will only be validated by the authenticator.

2. Use Android KeyChain and iCloud Keychain to store sensitive information

The keychain on a mobile device is a secure storage container that holds the login, username, and password for all applications. It is recommended that developers take full advantage of this feature of the operating system for data storage instead of storing them through p-list files or NSUserDefaults. The use of keychain feature can also bring convenience to users, do not need to log in each time you enter the user name and password.

3. Encrypt the data while saving the user data in the local database

Encryption is the process of converting data and plaintext into "passwords," which is ciphertext. To read the ciphertext you must go through the process of decryption or use of the key, so one of the most effective ways to encrypt data protection.

4. Select the fingerprint lock instead of the user name and password when logging into the application

Apple researchers say the probability of fingerprint matching is 1: 50,000, while the four-digit code matches the probability of 1: 10,000. Fingerprinting is therefore safer than using traditional passwords. Fingerprint is unique to each user's vital signs, and the password is not. Prior to iOS version 8, Apple provided Touch ID permissions for developers to use with the SDK (Software Development Kit).

5. Real-time notification of suspicious activity

When a user logs in to an application in a new device or a new unknown location, the user may be sent an abnormal login message by email or push notification to complete the verification process. There are few applications that meet this requirement, and Gmail is one of them. Login Verification Notice allows users to know if their account has been hacked.

6. Always use https (SSL)

After SSL is installed on the server, developers are able to use the HTTPS protocol, which is highly secure and helps prevent intruders from interfering with the data transfer between the application and its servers.

7. Beware of reverse engineering

It's not impossible for developers to reverse-engineer applications and remove data and source code. To prevent this from happening, you can confuse hackers by changing the names of important categories and methods in the preprocessor. The second option is to split the symbol table after the project is completed.