Battlefield Mobile: Threats Targeting In-Motion Endpoints Climbed in 2014

Thursday, January 22, 2015

Patrick Oliver Graf


By now, cybersecurity veterans are well-versed in the most common attack vectors exploited by hackers to breach their corporate networks. Brute force attacks, phishing schemes, SQL injections – they’re all proven attack methods that network administrators prepare for and defend against.

But what about the next frontier? What attack vectors and endpoints do hackers now think are most vulnerable?

It starts with mobile devices. They look like the perfect target to many attackers, who think that they can exploit the fact that so many connections over these endpoints go unsecured and that these devices are so popular with employees – 74 percent of organizations use or plan to use BYOD. In addition to mobile, another frontier could be devices that rely on machine-to-machine (M2M) communications, which create a scenario where human beings are entirely removed from the equation.

As this small, isolated group of attack targets grows, network administrators need to be ready to fight back wherever hackers go, whether that’s on the mobile, M2M or some other battlefield.

The Next Trends in Cybercrime

The landscape of cyberthreats network administrators must be aware of is ever-evolving with the advent of new technologies and new criminal strategies. While there’s consensus in the security industry that mobile attacks will only increase in the coming years, the current prevalence of these incidents is really in the eye of the beholder. Only about 15 million mobile devices were infected by malware midway through 2014 – an infection rate of less than 1 percent. On the other hand, in the last year, mobile malware attacks did increase by 75 percent, off the back of sophisticated threats like ransomware, spyware and Trojan viruses.

Going forward, all of these figures should increase. As AT&T’s Andy Daudelin told Fierce Mobile IT, the rise of Bring-Your-Own-Device (BYOD) will lead to more mobile-based threats and remote access vulnerabilities. He warns: “Users aren’t thinking of these [devices] as computers, but they are. There needs to be more robustness across the industry.”

This “robustness” brings to mind the proven defense-in-depth approach to network security. As successful cyberattacks have shown over the last year, even if a company installs every possible anti-virus software product and other threat prevention tools, there’s still a chance that an attacker could break through. That’s why a defense-in-depth security framework, built on principles of redundancy, is so valuable – if one security mechanism fails the others are there to pick up the slack.

Defense-in-depth will be even more important as mobile devices beyond phones and tablets start to enter the workplace. Imagine the challenge of securing correspondence in environments where employees aren’t even part of the equation. Particularly when a human being isn’t situated at either endpoint, as is the case in M2M environments, all the normal best practices around network security are cast out the window. As an example, how is “implement employee training” strong advice for a network administrator when the communication is happening between two or more machines?

Again, we go back to defense-in-depth. To build this structure, network administrators begin by using a VPN to secure sensitive information that crosses the network, whether it’s through a phone, tablet, healthcare device, connected car or agricultural equipment, and then they build in fail safes around it. Network administrators that follow these steps will assure themselves of not only winning the battle against cyberattackers, but also the war.

For more information about securing M2M communications, register for our webinar “Managing Secure Communications in M2M Environments,” 2 p.m. EST, Tuesday, February 24.

This was cross-posted from the VPN HAUS blog. 

Budgets Enterprise Security Policy Security Awareness Security Training General Impersonation Phishing Phreaking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.