News hit yesterday that malicious mobile applications are sneaking into legitimate app stores at an increasing rate—and for organisations, this threat is only the tip of the iceberg when it comes to mobile risk. Most employees are constantly connected to their mobile phones, and BYOD is now considered the norm. Companies are exposed to security, privacy and compliance risks when employees bring their own mobile devices to work, loaded with unknown and untrusted apps. Today, Proofpoint continued its commitment to keeping organisations safe from malicious mobile apps by joining the newly-formed AirWatch Mobile Security Alliance.
As part of this commitment, Proofpoint Targeted Attack Protection (TAP) Mobile Defense seamlessly integrates into the AirWatch platform, which provides mobile device, email, application, content and browser management solutions. Proofpoint’s ability to create mobile application security technology that works with the world’s leading enterprise mobility management vendors is critical to successfully arming organisations against today’s sophisticated cybercriminals. For example, malicious mobile malware families, such as XCodeGhost, LBTM, InstaStock, FindAndCall, Jekyll, FakeTor and WireLurker, are just some examples of the mobile threats Proofpoint has stopped.
According to our research, organisations may have hundreds of risky apps in their environment, and we often find up to six different kinds of malicious apps on employee devices. While a host of mobile applications include nefarious code, a majority are out to steal information by mining private data and sending the information to unauthorised servers around the world. This includes apps that:
- Send user’s private data without their knowledge and without a stated privacy policy
- Copy contact databases and send them to untrusted locations
- Send users’ browser histories over the Internet
- Install helper apps to display unwanted advertising
- Communicate prohibited tracking information, including hardware identifiers
- Send premium rate SMS messages to defraud consumers
- Attempt to jailbreak or root mobile devices without a user’s knowledge
- Lead users to malicious phishing websites
- Have security vulnerabilities that expose user data
When attackers are armed with this information, and when you add social engineering dangers, companies are at serious risk of data loss, compliance violations and future targeted attacks.
Mobile devices are a mainstay in organisations because they are required to keep companies competitive. We are committed to helping keep employees and companies safe from malicious mobile applications through our continued innovation and involvement with efforts like Airwatch’s Mobile Security Alliance.
Have any questions about malicious mobile applications? Please feel free to ask in the comments section below. Also, be sure to join us next Thursday, October 1 for a webinar about the myth of app store security.