More organizations are turning toward computing solutions that allow employees to stay connected and work on the go. While the upside is too good to pass up — decreased downtime and increased communication — companies need to be prepared for the inherent risks of enterprise mobility.
Adding devices to an organization’s network results in a larger potential target for cybercriminals. Smartphones and tablets have capabilities that can be exploited, allowing hackers to locate devices or users, eavesdrop, access files or even turn on cameras. The stolen data may be used by the hackers who obtained it, but often this information is either leaked onto the dark web or put up for sale for other nefarious users to obtain. Resale of corporate data has become lucrative, making cyberattacks more common.
Cybercriminals are always on the lookout for new ways to breach an enterprise’s network, and they can attempt this via application, network or device. Here are some of the most common types of cyberattacks targeting applications.
Malware (malicious software) is designed to disrupt, damage or gain authorized access to a legitimate device or its data — and the victim can be completely unaware of the attack. Most apps containing malware are hosted on third-party platforms, though a few may be found in official app stores.
Some common examples of malware include:
- Keylogger: It collects everything typed into the device keyboard, and the data is sent to a remote server.
- OTP interceptor: A one-time-password (OTP) can be used during transactions to make sure the person making the payment is the card owner. The malware intercepts the temporary code sent via SMS, allowing hackers to commit fraud.
- Overlay: This malware mimics the interface of legitimate apps, tricking users into entering sensitive data and sending it remotely to criminals.
- Ransomware: This tricky malware infects a device, encrypting and locking all of its information until the user pays the ransom. Past ransomware attacks that drew media coverage include Petya and WannaCry.
Spyware collects sensitive information from a user’s device and leaks it without consent to a nefarious party. The objective is to capture passwords, banking credentials, location coordinates and other sensitive data that can be used for fraud, espionage or resale on the dark web. Spyware can be embedded within mobile apps.
Adware is disruptive but not necessarily malicious. It displays advertisements that may encourage users to download a malicious application, but it may also send them to legitimate servers collecting marketing data.
Riskware includes legitimate applications that can cause damage if exploited by malicious users. These applications may host vulnerabilities known to hackers, which can lead to Man-In-The-Middle and DoS attacks.
PROTECTING YOUR ENTERPRISE
If you’re concerned that your organization’s data and devices may be at risk, contact Tech Orchard for customized diagnostics and solutions. We’ve built a lasting relationship with Gartner’s highest rated enterprise mobility management (EMM) and unified endpoint management (UEM) provider in the business: VMware Workspace ONE powered by AirWatch. This solution can help to ensure user compliance across all devices, to act as a broker across your identity infrastructure, and to continuously verify and auto-remediate device and user risk to keep employees productive. Contact us for more on how it can work for your business.