March 27, 2017
The scammers abused the handling of pop-up dialogs in Mobile Safari in such a way that it would lock out a victim from using the browser. The attack would block use of the Safari browser on iOS until the victim pays the attacker money in the form of an iTunes Gift Card. During the lockout, the attackers displayed threatening messaging in an attempt to scare and coerce victims into paying.
However, a knowledgeable user could restore functionality of Mobile Safari by clearing the browser’s cache via the the iOS Settings — the attack doesn’t actually encrypt any data and hold it ransom. Its purpose is to scare the victim into paying to unlock the browser before he realizes he doesn’t have to pay the ransom to recover data or access the browser.
Lookout found this attack in the wild last month, along with several related websites used in the campaign, discovered the root cause, and shared the details with Apple. As part of the iOS 10.3 patch released today, Apple closed the attack vector by changing how Mobile Safari handles website pop-up dialogs, making them per-tab rather than taking over the entire app. We are publishing these details about the campaign upon the release of iOS 10.3.
March 15, 2017
2016 was the year mobile risk reduction became a necessity for global enterprises. Controlling mobile access to corporate data is now a top priority and proactive CISOs are selecting Lookout to accelerate secure mobility in the workplace.
This increase in customer orders drove Lookout to triple our billings year over year in 2016 compared to 2015 for Mobile Endpoint Security. To date, more than 150 enterprises, including top financial services institutions, technology leaders, healthcare providers, professional services firms, and large government agencies, are using Lookout Mobile Endpoint Security. Lookout also more than tripled the number of channel partnerships year over year, and we’re now working with over 80 distributors globally, including new partnerships with Carahsoft, Docomo, Ingram Micro, CDW, SHI, Synergie, and Netrix.
March 8, 2017
Lookout tracks breaches related to companies and services that may impact customers with our Breach Report feature. Breach Report looks at the largest companies globally, and reports on those breaches to provide customers the most relevant information. It also provides remediation actions to help keep them safe. Interested in getting Breach Report? Upgrade to Premium now.
Attackers successfully breached 15 companies from a wide range of industries including retail, transportation, government services, hospitality, technology, gaming, and more. Among them, the biggest names included popular music festival Coachella, restaurant chain Arby’s, and the InterContinental Hotel Group. In the process, attackers were able to compromise nearly 7 million accounts, according to public reports of these incidents.
March 7, 2017
The graphic above appears in Gartner’s report, Market Guide for Mobile Threat Defense (MTD) Solutions*. I believe a comprehensive mobile security solution must cover all four of these quadrants and enterprises should look for single solutions that cover all aspects addressed by MTD + MARS.
In my conversations with CISOs, I repeatedly hear that one of the biggest issues they have is too many security products. They usually express different versions of, “I’ve got 50 different vendors and 50 different security products, and I simply can’t afford the personnel that I need to manage 50 different products.” I’m happy to share that at Lookout, our Mobile Endpoint Security solution is already a united single offering with capabilities that are usually considered separate parts of Mobile Threat Defense (MTD) and Mobile App Reputation Solutions (MARS) products.