We're All Under Attack!! Buy My Product Now!

It is generally the role of security vendors to alert potential customers as to the dangers from certain threats, namely threats that the vendors' products provide protection for. There's a fine line between education and scare tactics, and sometimes the desire to make a point can cause that line to become blurred.

Which brings us to an article published last week entitled Mobile Malware Incidents Hit 100% of Businesses. The article describes research by Check Point that may or may not confirm our worst fears: Every enterprise has experienced mobile malware attacks.

Furthermore, Check Point's research also revealed that "89% of organizations experience a least one man-in-the-middle incident stemming from users connecting to a risky WiFi network." Well, that's a relief, I was worried that the figure would be 11 percent higher.

Now, let's ask ourselves a question: Where's the enterprise breach that resulted from either mobile malware or man-in-the-middle (MiTM) attacks?

That's okay, take your time. I can wait.

Still waiting.

Maybe the answer is that mobile malware and mobile MiTM attacks represent only a negligible risk to enterprises. As we've noted previously, while there's a significant risk to enterprises from use of mobile apps that leak corporate data, mobile malware is almost exclusively a threat to consumers--not enterprises.

Yes, the term "malware" connotes real risk to enterprise desktop and infrastructure systems, and has been the cause of breaches from Target to Home Dept to Sony to Equifax. But mobile malware is different, and while trojans (otherwise called fake apps or camouflage apps) can perpetrate financial fraud against you or me, it has not yet shown itself to be a threat to enterprises. Mobile ransomware can lock up an individuals files and lead to temporary loss of functionality by a single user. However, mobile ransomware is not a threat to enterprises in the same way ransomware that locks up hospital servers is. Other mobile malware that perpetrates toll fraud and click fraud are annoying, but hardly existential threats to enterprises.

Mobile malware should be considered in two categories: broad-based attacks; and targeted attacks. The examples cited above, including trojans and ransomware, are broad-based attacks, aimed at a large population of users. An example of a targeted attack is Pegasus, which we know has occurred in the wild at least twice, both times against political dissidents in the Middle East and Mexico. So far, no mobile targeted attacks have been publicly reported against enterprise executives or key knowledge workers.

So what's an enterprise to do to ensure their use of mobile is secure? Think about how to protect data that's accessed by mobile devices, and be aware of concentrations of user data in the cloud resulting from mobile use. In general, it's apps that access and manipulate data, and an app-centric approach is likely to provide the most value from a security perspective.

Protect Mobile Protects Consumers--and Enterprises?

Deutsche Telekom announced a new service yesterday called Protect Mobile. How it works can be summarized by their headline: Security is now a job for... the network!

The service, developed in collaboration with Check Point Software, provides protection against network-based mobile threats. Here's a brief description of the service:

Protect Mobile protects smartphone owners from Internet dangers at home and abroad: the protective shield in the Deutsche Telekom mobile communications network identifies and deflects viruses, worms, and trojans automatically. In addition, Protect Mobile blocks dangerous websites within the Deutsche Telekom network. Apps are checked for security issues before they are downloaded. Whether during online banking, surfing the web or on social networks, with Protect Mobile, users are effectively protected against cyberattacks both on the go and in their home Wi-Fi network.

The protection is performed by the network upon enrollment (for under a euro per month). A mobile app, available from the App Store (iOS) and Google Play (Android) complements the network protection by displaying error messages, warning of risks and providing specific instructions regarding what the user should do in case of an error or a threat. Once the user is outside of the Deutsche Telekom network, the app provide on-device protection and raises alarms in case of threats and identifies them transparently. The primary goal of the app was ease of use.

This seems like a reasonable approach to providing mobile security across a broad swath of users. The security is strongest when using the Telekom network and the home Wi-Fi network. Presumably, protection when using non-Telekom Wi-Fi networks, such as in coffee shops, hotels, and airports, is provided via the Protect Mobile app. For most consumers, other than those who might be targeted by an attack, this level of protection is adequate and would prevent most mobile-based consumer threats such as financial fraud, ransomware, and identity theft.

But for enterprises within the Deutsche Telekom coverage area, if all of an enterprise's employees used Protect Mobile, it would provide relatively strong protection against most network- and device-based attacks. Does this constitute enterprise-class mobile security? Not exactly. As we've pointed out here, here and here, the stalker economy and data leakage are app-based threats--not network or device. Those kinds of threats put enterprise data at risk. For comprehensive protection, an enterprise would have to add protection against app-based threats to protect their data--and also to prepare for GDPR compliance in May.