Category: Articles

When we think of cyber threats to endpoints, typically what comes to mind is the need to protect our PC’s and laptops. Many more businesses are adding comprehensive security solutions and user policies administered to include mobile threat exploits.

But it’s unquestionable now that mobile phones are just as likely (if not more likely) to be targeted by cyber criminals. There are a few reasons for that.  The first reason that mobiles are now a legitimate target is the sheer number of them. It’s estimated that there will be over 6 billion smartphones in use by the year 2020. That’s around 70% of the world’s population using a smartphone in 3 years’ time.

Modern smartphones are now small computers. The processing power, functionality, and the way we’ve integrated them into our lives make them a treasure trove of valuable information and easy food for hackers wishing to use mobile threat exploits. And IoT Botnets further increases the vulnerability of cloud based data and mobile devices.Many people today use their mobile phones to access online banking and as a physical payment method in store. Cybercriminals tend to follow the money and so are putting resources into targeting mobiles. Last year, security vendor ESET discovered a form of malware that presented a false version of online banking login screens to steal credentials.

Exposing Vulnerabilities of Mobile Threat Exploits

Like any operating system, there is a continual process of discovering vulnerabilities and attempting to patch them before hackers can take advantage.

This can be complicated on the Android OS. Android is open source, allowing stakeholders to modify and redistribute it to fit their needs.

This means that when mobile threat exploits and vulnerabilities are fixed at the source, it doesn’t always translate to the problem being resolved for the user.

The most famous example of this is the Stagefright vulnerability. This was mobile threat exploits in the code library associated with media playback. If a hacker sent malicious code within a video via MMS, the attack could be successful without any interaction from the user.  This vulnerability was said to affect 95% of Android users making patching a nightmare. Although there had been previous serious vulnerabilities in Android, such as FakeID, TowelRoot, and PingPong, this was the first exploit of this scale that could be successful without any user input.

No OS is Safe

Typically, we see most of mobile attacks targeted at Android devices. But iOS is not completely bulletproof. XcodeGhost was a copycat version of Apple’s development environment, used for creating apps.  Developers that used the rogue version of Xcode to create their apps unwittingly delivered their product to the App Store with the malware in tow.

Mobile Threat Exploits Protection Starts with Education

So clearly, we need a robust plan in place to protect mobile devices from mobile threat exploits. But how do we go about this? The first thing to consider is user education. When using a laptop, most people know not to open attachments from unknown sources.  But mobile users are not always as careful. Educate them to apply this same level of caution to mobiles; only downloading apps from trusted sources and giving the application, the minimum permissions required to perform its task.

Management is Not Security

Your company likely already has an Enterprise Mobility Management (EMM) solution in place. This is useful for managing a fleet of mobiles and preventing opportunistic crimes by enforcing passcodes, for example. But EMM is not sufficient to protect against more advanced threats, and most suites don’t have the functionality to detect, analyze and respond to cyber attacks. For this reason, it’s important to supplement your EMM with a Mobile Threat Defense (MTD) product.MTD has far greater mobile threat exploits threat-detection capabilities and can help to prevent man-in-the-middle attacks, detect non-compliant or malicious apps, and spot jailbroken devices. It’s important to have this level of security on your mobile devices due to the amount of corporate data that can typically be accessed via mobile now.

User-Based Access Controls

A cloud-based Identity as a Service (IDaaS) solution can also help to increase security. The benefits of this to a business are two-fold: For the user, all their corporate systems can be accessed via a single sign-on (SSO). This eliminates the need to remember multiple login credentials.It’s likely to be a multifactor sign-on process which is more secure than a static password. IDaaS also allows users to be automatically granted certain access rights or privileges based on their role. Employees get the right tools to complete their job function and no more. This means that in the event of a mobile threat exploits, the compromise, the amount of accessible information can be limited.

Effective Patching

As mentioned, patching mobile devices is not always straightforward, particularly in Android ecosystems. Updates can be blocked by Google, the handset manufacturer, or the mobile operator. However, this situation has improved since Stagefright. Even given these difficulties, it’s important that you have a process for keeping your operating systems up to date. This should be easy to configure in your EMM solution.Ultimately, we don’t need the statistics to tell us that mobiles are here to stay in the business world; we see evidence of this every day. Mobiles are now integral to huge chunks of our working lives. And because of this, the threat from hackers will continue to grow.

What steps are you taking to ensure that mobiles aren’t an easy attack vector into your business?  And do you feel that your users are as educated on mobile threat exploits as they are about conventional PC-based malware?

Cyber-attacks are amplifying across the globe.  Personal cyber security is important as not only have they becoming more frequent, but they are also impacting a wider band of digital terrain. A single worm, like WannaCry is capable of infecting countless systems in numerous ways, from email accounts to personal data to service disruptions and other critical disturbances. The impact and frequency has led to billions of dollars’ worth of damage, to include lost productivity. Damage to an organization’s reputation is not even calculable.

Budgets are growing tight due to the continued cost of cyber security protections and investigations. While this regularly effects large organizations, small to mid-size businesses are also seeing an increase in cyber-attacks. Hackers are turning toward smaller targets because they are less likely to have secure infrastructure and even less likely to know they are under attack. A worm or virus can sit in a computer system for months and without an in-house IT team, small businesses are especially vulnerable.

Personal Cyber Security Thwarts Hackers

A target that is even smaller than a small business is you. Personal cyber security is becoming more relevant as hackers seek out any vulnerability. But if small businesses can’t even afford an IT team, and if large organizations are finding their budgets shrinking due to cyber security costs, then how can an individual protect themselves?Personal Cyber SecurityCompanies like Rubica are offering personal cyber security options that protect individuals, and the businesses they own or work for, from cyber-attacks by providing easy-to-use and affordable cyber security options.

I rarely recommend any company’s products or services, but Rubica has options and features that warrant a serious look by executives and Board members alike.

Far too often individuals do not adhere to security protocols because the protocols are too complicated or time-consuming. People take short-cuts to avoid tedious passwords or log-in requirements.

Doing so on your personal device is risky, but when your personal device is also synced to business applications results can be catastrophic. By providing employees with personal cyber security features, Rubica protects individuals and businesses.

Some of Rubica’s defining features include its mobile ready app that can be downloaded on desktops, tablets and smart phones. There is no need to install hardware or receive staff training on its use. The app is backed by Rubica’s signature concierge service. The cyber ops team is on call at any time. But users rarely need to contact Rubica since the security app and service does its work without the user even knowing.

Personal Cyber Security Solution by Rubica

Rubica’s cyber ops team provides personal cyber security to any user who has downloaded the application. Once downloaded, the cyber ops team is able to monitor your data, identify threats and alert you when necessary. By paying attention to personal behavior patterns, the team is able to deduce when an imposter has entered a network.

If the idea of data and behavioral monitoring is not a price you are willing to pay in exchange for personal cyber security, then don’t worry. Rubica can be turned on and off. Users are able to access the app and view activity graphs, review investigated events and ask Rubica staff questions about their data or any ongoing threats. Rubica’s personalization means that your personal cyber security choices just got more personal.

Require the rolodex and expertise of an executive search team?

NextGen has a solid track record in identifying and recruiting “A players” – the top 14% of the workforce that produces 8 to 10 times more than even “B platers” – AND these “A players” exist at every level from lead software developer to cyber analyst to Director of business development to VP of Cyber Counterintelligence and much more.  We recruit for red, blue, and purple teams for cyber defense contractors and DoD as well as private sector cyber security needs.

Cyberspace is an official battlefield for almost a decade in many states. According to a series of data breach investigations report (2013-2016) of Verizon facing new cyber warfare tactics, despite cyber criminals remain a major actor category in causing data breaches, the significant participation of nation-states and state-affiliated groups in cyber-operations is not to be underestimated.

The operators in the latter category do not simply target short-term monetary gain, but in-depth and persistent penetration to attain strategic objectives, notably the advanced persistent threat (APT). Our businesses, government, and military are facing new cyberwarfare tactics used in economic espionage, geopolitical campaigns and remote sabotage attempts. High profile events in recent years ranging from the Chinese APT1 eavesdropping over 140 international companies, Russian APT28 implementing asymmetric warfare against Georgia and Ukraine between 2008 and 2014, to the DNC email hacking in the recent US presidential election and Olympic Games (Stuxnet) sabotage incident in 2010, contribute to the rapid development of cyber intelligence landscape.

Methods in Facing New Cyber Warfare Tactics

Thus, in this troubled water, not only the digital assets and intellectual properties of private companies are under constant surveillance of ​cybercriminals but also public critical infrastructures and new Internet of Things connected data and devices are at stake. Highly skillful and resourceful actors enthusiastically collect intelligence through sophisticated hacking tools, computer worms and network mapping technologies.This intelligence collection empowers malicious actors to succeed in striking companies and governments. One key underlying factor for successful risk mitigation is not only to catch up with the ‘hardware’ technological advancement, but also the software in facing new cyber warfare tactics to analyze the pattern, identity and objectives of the intruder so as to effectively counterstrike intelligence collection of the adversary.Facing new cyber warfare tactics by implementing CCI methodsThus, adopting military doctrines such as decoy, deception and deterrence to detect and mitigate cyber risks becomes a valuable cyber counterintelligence (CCI) strategy for both private companies and states. In the tactics, techniques, procedures (TTP) guidelines implemented by the U.S. Department of Defense (DoD) Joint Chiefs of Staff, at least four major intelligence collection methods can be identified in cyberspace. Intelligence can be collected through human (HUMINT), open-source (OSINT), signal (SIGINT) and geography (GEOINT).Based on these notions, the security researcher, Robert Lee, suggests two approaches to apply these concepts in CCI policy making: defensive CCI and offensive CCI.The former recommends regular red team assessment to evaluate both internal network vulnerabilities and external threat landscape. The latter is about setting up honeypots and sock puppets to interact with the adversary so as to achieve deception and delay effects. Both approaches require a comprehensive understanding of the internal networks, operations and procedures about one’s own organization. Ideally, one optimal CCI employment involves a mix of active and passive intelligence gathering to understand the potential adversaries.

Assessments in Facing New Cyber Warfare Tactics

In other words, it implies the hybrid application of conducting internal and external assessment as well as interacting with the intruders. Hence, the organization can be better prepared in facing new cyber warfare tactics by drafting its response plan and internal policies with more concrete scenarios, evidence, and more significantly, grasp of the tactics of the adversary.

In addition, internal analyst and general employee training is a prerequisite for the successful implementation of CCI strategy. On the one hand, improving the security awareness of general employees is an important, yet underestimated, means to prevent initial network compromise. For example, the victims of APT1 mostly started by falling prey to spear phishing which eventually caused successive large-scale data breaches. Educating employees to be cautious of unverified and false web information addresses the most vulnerable human factor in cybersecurity trust chain.

In other words, it implies the hybrid application of conducting internal and external assessment as well as interacting with the intruders. Hence, the organization can be better prepared in facing new cyber warfare tactics by drafting its response plan and internal policies with more concrete scenarios, evidence, and more significantly, grasp of the tactics of the adversary.

In addition, internal analyst and general employee training is a prerequisite for the successful implementation of CCI strategy. On the one hand, improving the security awareness of general employees is an important, yet underestimated, means to prevent initial network compromise. For example, the victims of APT1 mostly started by falling prey to spear phishing which eventually caused successive large-scale data breaches. Educating employees to be cautious of unverified and false web information addresses the most vulnerable human factor in cybersecurity trust chain.

On the other hand, the training of in-house analysts has to be rigid and unconventional. They must be able to identify, evaluate and distinguish accurate intrusion data to defend the organization. Putting themselves into the adversary’s shoes is a crucial perspective to anticipate the interests, objectives and strategies of the intruder. It also prevents them from being misled to well-crafted falsified data.

To optimize the performance of the duties of in-house analysts, a number of emerging cybersecurity vendors in deception technology like TrapX, Attivo and Cymmetria develop products and solutions adapted to this specific need. Through setting up decoys and buffering zones such as honeypot servers, sandbox and other buffering mechanisms, the defending organization can maximize the counterintelligence efforts to study the attacker.

In conclusion, adopting CCI perspectives in facing new cyber warfare tactics is an imminent issue for companies and governments to cope with constantly evolving and sophisticated cyberattacks. After all, the information security solutions of major vendors in the market target a more general public having relatively less security challenges than institutions dealing with multi-billion digital assets, IoT networks, and critical infrastructure. Installing ubiquitous anti-virus/ spyware detection software is the earliest phase in defending one’s institution.

In case of constant aggressive network breaches that their existing cybersecurity solutions and internal policies are ineffective, even defenseless, against the adversary, it is time to consider integrating CCI tactics and perspectives into the institution’s cyber defense strategy.

If the states are involved in attacking private entities, for what reasons companies should not introduce CCI to their management?

Whether you are a manufacturer, hardware or software vendor, or defense contractor, you Must have the best talent available who has a TSI and /or active security clearance to work in cyber defense and cyber counterintelligence.  NextGen has served companies with identifying and recruiting cyber analysts, red / blue / purple team engineers, and more.