Though we still have a little less than a month left in 2016, this year has proven to be one of the most significant years for breaches.
We dove into the data using Breach Report, Lookout’s new feature that tracks and alerts users about such incidents, to bring you a deeper look at what breaches really looked like in 2016. Of course, criminals also put name brands in their crosshairs, includingYahoo, Twitter, LinkedIn, Tumblr, and Myspace.But we also observed a new trend out of 2016. Attackers seemed to concentrate attacks around three kinds of data: healthcare records, voting data, and credit card data.
Check out our breakdown of a year in data breaches:
This year was a prolific one for threat actors, who focused on writing sophisticated code and building on existing threat families, and used familiar distribution techniques.
We’ve boiled down 2016 into five significant mobile threat-types that enterprises and individuals alike should know about. We look at a serious, targeted iOS threat; malware that roots victims’ devices; a particularly “risky” app; threats that put on a mask to trick individuals; and the litany of mobile vulnerabilities we saw this year.
Check out the recap of the most important 2016 mobile threats:
You may have seen headlines about a new family of malware called “Gooligan.” This is not actually a net new malware family, but rather it’s a variant of the family “Ghost Push,” a threat first discovered in 2014. Lookout customers have been protected against this threat since then.
Google released a blog post on the threat called, “The fight against Ghost Push continues.” In it, the company reveals that is has been tracking the malware and acknowledges a problem anyone, especially enterprises, should be watching for: malware evolves and becomes more sophisticated over time.
Krishnan specifically addresses targeted attacks, such as the Pegasus malware; network attacks, such as man-in-the-middle attacks; the rare, but concerning “juice-jacking” attack, and other things to consider.
He also discusses how to keep your corporate data safe. The bottom line? Make sure you can remotely:
Detect and remediate mobile malware
Detect and remediate compromised operating systems
Detect and remediate network-based man-in-the-middle attacks.
If the twinkle lights on trees and the familiar tunes of carols emanating from coworkers’ earbuds haven’t given it away already: we’ve officially entered holiday shopping season.
This means you may be likely to use your mobile device to purchase presents for your family and friends. It’s more important than ever to be vigilant while making purchases on your mobile device in order to avoid mobile scams.
IBM quotes the rise in mobile shopping on Black Friday 2015 saying, “Mobile shopping habits shifted noticeably … marking the first time smartphones generated more sales than tablets, mainly by stealing device share from desktops.”
While people are seeing the benefits of mobile shopping — ease of price comparisons in-store, convenience to shop anywhere anytime — opportunistic criminals are seeing potential benefits, as well.
Today, Lookout is adding two new tools to our Personal app for individuals who are concerned about the safety of their digital identity and financial data.
In today’s mobile world our personal information is stored in many services on our devices and across the internet, which is a great thing for our daily digital lives. Criminals see value in this information, too, especially if it’s information associated with our identities, and may attempt to breach the services we use to obtain it.
Identity Theft Protection helps you detect and recover from identity theft, and Breach Report notifies you with clear, actionable information about corporate data breaches that may impact you. These new features, coupled with our time-tested security technology, make the Lookout Personal app the only all-in-one app for mobile security, identity theft protection, and device theft prevention.
In August, Lookout, in conjunction with Citizen Lab, discovered “Pegasus,” a sophisticated piece of mobile spyware used by nation state actors to surveil high-value targets. The so-called “cyber arms dealer,” NSO Group created the spyware, which, at the time, relied on the three Trident vulnerabilities to remotely and silently compromise a device. Lookout and Citizen Lab worked directly with Apple to close the holes and cripple this attack vector used by Pegasus for the compromise.
To the people whose data, devices, and digital lives we protect every day:
Lookout has just released a brand new design for the Lookout app for Android, all based on your feedback.
We recently completed a comprehensive customer-insights initiative with you, our users. In it, we learned that you need:
Strong protection from the real threats to your devices and data
Timely and easy-to-understand information about active threats
Peace of mind that your mobile security app protects you automatically
Knowledge and education that empowers you
“The goal of this redesign was to empower users with clear, straightforward, and actionable information about their device and data, all the while providing them peace of mind knowing that Lookout is always watching out for them.” – Sachin Kansal, vice president of consumer product, Lookout
2) Individual employees have tremendous control over their mobile environment. They have freedom to choose whatever apps they would like to use to get their work done. This isn’t inherently a bad thing — every company wants productive employees — but it can inadvertently put corporate data at risk if an employee chooses the wrong app..
3) Mobile apps creators range from Forbes 500 companies to a few guys in a garage. The problem is, app developers of any size do not know your company’s specific data protection sensitivities, government compliance regulations, industry standards, or data sovereignty laws. The apps are not always built to meet these sensitivities and may leak corporate data despite being otherwise “benign.”
Mobile apps introduce a new layer of complexity to an enterprise’s security strategy as IT now has to protect against everything from malicious apps to risky app behaviors.
This means that while enterprise employees more seriously consider mobile devices to be an invaluable tool in their everyday working lives, enterprise IT teams don’t have to struggle to secure the rapidly increasing number of endpoints on their networks.