Symantec Mobile Threat Defense: Using Mobile to Stay One Step Ahead of PC Attacks
SEP Mobile detects harmful PC files on Android devices, stopping attackers from reaching their traditional endpoint targets
If daily headlines about cyber breaches teach us anything, it’s that hackers will try any way to infiltrate an organization and get their hands on sensitive data.
In recent years, mobile has served as a particularly attractive attack vector. With more and more people relying on their mobile devices for work, and with security teams having less visibility or control over BYO devices, mobile has offered attackers a less-scrutinized way to penetrate corporate assets (networks, devices, apps, etc.). While mobile devices themselves are vulnerable to threats such as malicious apps, SMS phishing, risky Wi-Fi networks, and others, mobile can also take part in attacks that target traditional endpoints in your organization.
Harmful PC Files on Mobile
Employees access corporate data on their mobile devices, anywhere and at any time. Consider that one of the first things someone does in the morning is check their email/messages on their phone. Then they may access apps, chat with colleagues or friends, or continue reading emails on their morning commute. As employees move from one place to another, their mobile devices automatically connect to various networks which they then use to access corporate resources. Think about how much data may be accessed even before an employee opens their laptop or desktop at work. This access continues throughout the day, making mobile an attractive target for cyber-attacks.
Here’s where it gets more complicated. While employees are increasingly conducting business transactions on mobile devices, through corporate apps such as Salesforce or Outlook, sometimes mobile devices may be accessing data from apps that are not monitored by IT, such as encrypted instant messaging apps, wireless sharing, and personal email. Malicious actors can use these unmanaged apps to send harmful files to victims. In most cases, if an organization’s mobile devices are protected by a mobile threat defense (MTD) solution, then malicious files on mobile will be detected. But if these files are harmful only when executed on a PC, chances are they’ll evade standard MTD detection.
Consequently, an employee might open one of these files on their traditional endpoint (laptop or desktop) giving attackers access to corporate resources without security teams having any visibility over it. For example, an employee may get via their WhatsApp (or another unmonitored messaging app) what appears to be an innocent file – but is actually a malicious PDF – from the infected device of a colleague or friend. The sender may be unaware that their device is infected, and the receiver, trusting the sender, will try to open the file. As the PDF might not appear or open properly on the receiver's mobile device, the victim may try to open it on their laptop. Alternatively, if the file seems fine, the employee may pass it on to another colleague via Slack, and from there the colleague may open it on their PC.
If proper security controls are not in place in the organization, opening the file on a traditional endpoint can have hazardous consequences. Attackers can leverage this attack vector to cause greater damage throughout the organization, moving laterally through the network and searching for key data to steal.
Since various types of PC malware such as spyware, viruses, worms, trojans, and others generally do not impact mobile devices as they do PCs, these threats avoid raising any red flags in terms of mobile security. The real risk occurs when these files reach traditional endpoints. As mobile usage increases, the chance of files sent from mobile devices being opened or shared on traditional endpoints increases as well.
An Extra Layer of Visibility
Symantec, one of the only vendors that provides a solution for both modern and traditional endpoints (laptops and desktops, as well as iOS and Android devices) and is a market leader in both, protects against exploitation from all malicious files no matter what endpoint or platform your employees are using. We utilize our endpoint detection engines and technology everywhere your employees access corporate data – mobile, desktop, email, and network, and give both security teams and end users an additional layer of visibility over their threat landscape.
Our mobile threat defense (MTD) solution, Symantec Endpoint Protection Mobile (SEP Mobile), uses deep intelligence on file reputation to detect harmful PC files on Android devices. Reputation insight comes from Symantec’s Global Intelligence Network (GIN), the largest civilian threat intelligence database in the world, covering telemetry from more than 175 million endpoints.
Forensics for Threat Hunting
In every harmful PC file incident detected by SEP Mobile, we provide granular forensics on the malware family and its path on the device. The SEP Mobile management console includes a brand new “Files” threat family, which contains the harmful PC file detection and other file-based threats.
In the example below, SEP Mobile detected PC malware on an Android device in one of our customer environments. We can see in the forensics that the malicious file is a Trojan, it was sent to the end user via the popular messaging app Telegram, and the user first saw or opened this file on their mobile device. The forensics also reference further information from Symantec’s security research center on the virus and its consequences when executed on a PC.
No comments:
Post a Comment