Mobile Security: What is the Attacker’s Motivation to Compromise?


As technologists we too easily get lost in discussing problems and solutions, rather than thinking about the motives behind attacks.

In terms of security, we should consider the mobile endpoint similar to any other endpoint.  Unfortunately, organizations typically find that mobile endpoints do not have the same level of security enforcement, as they would for instance on a managed Windows endpoint. So, in many ways, a mobile endpoint is a harder platform to protect than a desktop.

The vast majority of threats to the endpoint come from malware. While malware has traditionally been designed to either allow remote control or logging keystrokes on the endpoint, we are seeing a massive surge in ransomware.

Ransomware is a highly profitable business, relatively easily purchased and often undetectable as cyber criminals often try to exploit new undefined vulnerabilities. Although ransomware currently targets vulnerabilities in desktop operating systems and browsers, we expect the threat to mobile will increase over the next 24 months. Make sure you back up your photos!

To understand the motives of an attacker against mobile devices, we need to think not only about the type of data stored on the mobile endpoint, but also the level the endpoint can access. For instance:

Data stored on a personal mobile device may include:

  • Payment or banking applications
  • Work email

Data stored on a corporate-managed mobile may be:

  • Corporate applications
  • Stored credentials for other systems
  • Sensitive intellectual property

Payload delivery

According to the most recent Verizon Data Breach Investigations Report, email still delivers more than 75 percent of malware either through attachments or links. More and more, sophisticated techniques are using social media as a mechanism to target through phishing campaigns.

For mobile, we are also seeing new techniques involving multiple zero-day exploits to hijack out-of-band communications, like Bluetooth. Rogue wireless access points are also used for transport redirection, malicious code injection and interception of private data in transport.

Zero-day exploits and APTs

Exploits will only work on vulnerable systems, so breach prevention — specifically from zero-day attacks — is crucial for any and all endpoints, including mobile. Traditional anti-virus protection is a good best practice, but the smaller the threat window, the less the risk.

Leaky apps

Another recent approach used to help protect organizations data is by scoring mobile applications using Mobile App Reputation (MARS). Only allowing trusted applications onto corporate-owned mobile devices is ideal, but it’s not an easy policy to implement for personal mobile devices.

Lateral movement

Consider email for a minute. Would you trust an email from a known colleague? Would you open any attachment or link from them? Maybe not if you check the email header and see it’s coming from an external source. But what about if this was sent from an internal email address? A compromised mobile endpoint may just become a launching point for other attacks.

Mobile Threat Detection (MTD) goes a way to help solve this, but doesn’t provide an overarching solution of the endpoint estate. It’s another point solution, with little to no knowledge of the environment around it.

Defending the mobile endpoint to corporate network with SonicWall

Attackers are looking to gain control of mobile endpoints to steal money from the consumer and gain access to the corporate environment to steal data. Also, from the perspective of accessing the corporate network, having the ability to quickly detect and re-mediate rogue access is imperative. SonicWall’s automated real-time breach detection and prevention helps close the major attack vectors in a unified way.

Defend your network today and protect your mobile endpoints, ready our Solution Brief: Best Practices for Secure Mobile Access


SonicWall Staff