December 22, 2016

2016 data breaches: A look back at a big year of data loss

Though we still have a little less than a month left in 2016, this year has proven to be one of the most significant years for breaches.

We dove into the data using Breach Report, Lookout’s new feature that tracks and alerts users about such incidents, to bring you a deeper look at what breaches really looked like in 2016. Of course, criminals also put name brands in their crosshairs, including Yahoo, Twitter, LinkedIn, Tumblr, and Myspace. But we also observed a new trend out of 2016. Attackers seemed to concentrate attacks around three kinds of data: healthcare records, voting data, and credit card data.

Check out our breakdown of a year in data breaches:

Category:   Security
December 21, 2016

Mobile threats 2016: targeted attacks, major vulns, and innovative malware

This year was a prolific one for threat actors, who focused on writing sophisticated code and building on existing threat families, and used familiar distribution techniques.

We’ve boiled down 2016 into five significant mobile threat-types that enterprises and individuals alike should know about. We look at a serious, targeted iOS threat; malware that roots victims’ devices; a particularly “risky” app; threats that put on a mask to trick individuals; and the litany of mobile vulnerabilities we saw this year.

Check out the recap of the most important 2016 mobile threats:

Category:   Security
December 5, 2016

Presidential Commission on Enhancing National Cybersecurity: Prioritize mobile security now

The Presidential Commission on Enhancing National Cybersecurity released its report on securing and growing the digital economy  in which one message is clear: de-prioritizing mobile security is no longer an option.

New priorities for a new mobile workplace

The days of employees working only at an office using an organization-issued desktop computer fully managed by the organization are largely over. Market forces and employee demands have made “bring your own device” the de facto option in many workplaces. … Organizations no longer have the control over people, locations, networks, and devices on which they once relied to secure their data. Mobile technologies are heavily used by almost every organization’s employees, yet security for mobile devices is often not considered as high a priority as security for other computing platforms. In short, the classic concept of the security perimeter is largely obsolete.” – Excerpt from the Commission on Enhancing National Cybersecurity report

Employees in the public sector are using mobile devices every day to get their jobs done, whether government agencies know about it or not. Today, having a secured mobile workforce — which includes protection against risky applications, network attacks, and malicious intrusions — is a necessary element of an agency’s overall security architecture.

Category:   Enterprise Mobile Security  •  Security
December 1, 2016

Ghost Push and Gooligan: One and the same

You may have seen headlines about a new family of malware called “Gooligan.” This is not actually a net new malware family, but rather it’s a variant of the family “Ghost Push,” a threat first discovered in 2014. Lookout customers have been protected against this threat since then.

Google released a blog post on the threat called, “The fight against Ghost Push continues.” In it, the company reveals that is has been tracking the malware and acknowledges a problem anyone, especially enterprises, should be watching for: malware evolves and becomes more sophisticated over time.

Category:   Security
December 1, 2016

It starts now: 2017 mobile security predictions from Gartner

Gartner just published its “Predicts 2017: Endpoint and Mobile Security” report that includes findings and recommendations. I believe three of these to be significant for mobile security and for InfoSec and technology leaders heading into the new year. My take on these findings is below.