The CISO's Guide to Reducing Mobile Malware Threats, Part II
by Kyle FlahertyAre employees throughout your enterprise trained to prevent malware? Human actions are the biggest threat to your network, so educating IT staff, employees, and management about mobile attacks must be a priority. Without this basic information, malware will spread rapidly, infecting thousands of “carriers” who unknowingly put customer data, sensitive intellectual property, and ongoing business operations at risk. As a CISO, you need to take action to prevent this.
In Part I of our look at mobile malware, we talked about how our customers are working to prevent mobile malware from infiltrating their networks by:
- Developing clear policies for employee use of mobile devices, thereby balancing the need to conduct business with the need to maintain information security.
- Deploying security devices from vendors who have tested and validated their ability to detect and block dedicated mobile threats, then performing regular testing of those devices to ensure ongoing resiliency to the very latest attacks.
- Educating staff about how to avoid becoming infected by mobile malware in order to prevent it from entering your infrastructure to begin with.
Today, we provide a primer you can share with employees to help protect them and your company against attacks on Apple, Android, Windows, and BlackBerry platforms. There are certainly more tips than those below, including always update the latest firmware from your phone provider and never "jailbreak" your phone, but these will be a good start:
Mobile Malware Protection Tip #1: Use Common Sense When Downloading Apps
Many malware attacks take advantage of the common “repackaging” technique. This happens when a user downloads an application that seems benign, but that has actually been recreated to include malicious code. In March 2011, Google pulled 58 malicious apps from the Android Market, but not before they were downloaded to approximately 260,000 devices. There are a few things you can do to avoid becoming a victim of these malware-infected apps:
- Do NOT download apps from third-party app stores. For example, “Love Trap” Android malware was recently discovered in a China-based third-party app store. Once installed on your device, it sends SMS messages to subscribe users to certain services, eventually leading to unwanted charges.
- Prior to downloading any app, check all reviews in the app marketplace and look at the other apps made by the developer. Red flags include hundreds of comments on the app in just one week, or no other apps by that developer in the marketplace. The Android Market also offers a link to each developer’s Web site. If the comments and other apps from the developer seem sketchy, check out their site. Many malware makers will have no more than a blank page.
- The Android Market requires developers to list the system permissions needed for the phone to interact with the app. Check the list for something that looks out of place, such as a mapping app that asks to send SMS messages for no reason.
Mobile Malware Protection Tip #2: Practice Safe Browsing
“Drive-by downloading” happens when a user visits a malicious Web site via their mobile browser. These sites, which have been used for years with traditional non-mobile malware, are engineered to trick the visitor into downloading an application that seems safe but actually installs malware. Safe browsing, a feature that allows your browser to check the URL you are visiting against a database of suspected phishing and malware pages, helps prevent drive-by download attacks.
Unfortunately, the same safe browsing features built into traditional Web browsers are not typically available on mobile browsers, although it’s worth checking your settings to see if the option is available. To prevent this type of infection:
- Install products that promise to give you a safe browsing experience. For example, Lookout Mobile Security for Android provides a plethora of safe browsing features.
- Use common sense when surfing on a mobile browser. Don’t click on links from people you don’t know, and if a site seems to be asking you to download something you don’t think you need, walk away.
Mobile Malware Protection Tip #3: Check Your System Regularly
The most damaging malware attacks are the ones that go undetected on your device for a long time, so it is important to check your system proactively on a regular basis:
- Take a regularly scheduled look through your device. There are several files that should be red flags, and you will need to remove these immediately: Jmsonez, Smsmecap.A, DroidKungFu, and DrdDreamLite. There are certainly hundreds more, so remain vigilant.
- If you don’t want to do manual scrubbing, there are several mobile security software tools that can help scan and clean up your phone. Here are five for the Android platform.
Mobile Malware Protection Tip #4: Examine Phone Bills Closely
As we discussed in Part I, one of the biggest drivers of mobile malware is the ease with which attackers can steal money. Moneymaker malware might hide on user devices for months, racking up cell phone fees through the SMS payment gateway by sending messages to foreign service providers. While the individual fees are small, they add up over time. Encourage employees to be vigilant about their statements by:
- Quickly scanning the line items to check for “donations” to an unknown collector each month.
- Checking call history for any strange international numbers or text messages to random numbers. If you see one, call your provider and revisit protection tip #3 to check for malicious files.
As a CISO, you take on many roles, and one is to educate all employees on network security. Mobile malware is a serious threat to your enterprise since it can easily be introduced into the network through any employee. Yes, you have put in place policies, equipment, and testing to help protect your business. But the final step is to make sure that every user connecting to your network understands the dangers of mobile malware, the signs of infection, and how to take immediate action before it spreads.
blog comments powered by Disqus
