Enterprise Mobile Security

February 16, 2017

ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar

ViperRAT is an active, advanced persistent threat (APT) that sophisticated threat actors are actively using to target and spy on the Israeli Defense Force.

The threat actors behind the ViperRAT surveillanceware collect a significant amount of sensitive information off of the device, and seem most interested in exfiltrating images and audio content. The attackers are also hijacking the device camera to take pictures.

Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware, including 11 new, unreported applications. We also discovered and analyzed live, misconfigured malicious command and control servers (C2), from which we were able to identify how the attacker gets new, infected apps to secretly install and the types of activities they are monitoring. In addition, we uncovered the IMEIs of the targeted individuals (IMEIs will not be shared publicly for the privacy and safety of the victims) as well as the types of exfiltrated content.

In aggregate, the type of information stolen could let an attacker know where a person is, with whom they are associated (including contacts’ profile photos), the messages they are sending, the websites they visit and search history, screenshots that reveal data from other apps on the device, the conversations they have in the presence of the device, and a myriad of images including anything at which device’s camera is pointed.

February 16, 2017

5 non-negotiable principles to combat cyber war on mobile

Cyber war is a term the U.S. government is intimately familiar with, but woefully unprepared for when it comes to mobile.

Government employee mobile devices are a relatively new attack surface, and a particularly valuable one for espionage missions and other criminal intent. Mobile devices access confidential, classified, and other protected data classes. At this point, that’s just a fact. Both CSIS and the Presidential Cyber Commision acknowledge that mobile is no longer a fringe technology, but a central instrument that allows employees to get their jobs done.

Protecting data on mobile is non-negotiable and the responsibility of federal technology and security leaders across the entire government.

There are five principles any federal agency or organization must use to build a mobile security strategy. To forego such a strategy directly puts sensitive government data at risk.

February 3, 2017

Where to find Lookout at RSA 2017

After a year full of headlines about data breaches and cyber war, it’s clear people want to know about the targeted attacks facing them. That’s what we’re providing at this year’s RSA.

We’ve planned a talk, a happy hour, and a great booth for all RSA attendees, especially those interested in learning about targeted mobile threats to corporate data.

January 26, 2017

Mobile devices are the future of work


Enterprise employees are using their mobile devices to do their jobs today, but the day when these devices usurp PCs as the preferred device for work is coming faster than you think, if the significant delta between PC and mobile devices sales is any indication.

Mobile devices are the way people work now. Today, enterprises are used to handing out PCs upon a person’s first day at the office. As an employee gets set up, though, businesses will quickly find that work is leaving those protected environments and happening, instead, on mobile devices.

January 23, 2017

Lookout in Vanity Fair: The real story behind Pegasus and Trident

Smartphones today have more computing power than a Cray III supercomputer. However, many security professionals put about as much thought into securing their mobile ecosystems as they did into securing Motorola RAZRv3 flip phones back in the day.

Vanity Fair interviewed my team to understand the story behind the discovery of Trident, the three zero-day vulnerabilities used to remotely jailbreak iOS devices, and Pegasus, the spyware that used these vulnerabilities to exploit targeted individuals.

Read the article

January 19, 2017

Lookout is “FedRAMP Ready,” making it even easier for agencies to protect against mobile risks

Today, I am proud to announce that Lookout is now “FedRAMP Ready,” an indicator to federal agencies that Lookout Mobile Endpoint Security is vetted, secure, and can be quickly implemented into any U.S. government organization.

Lookout is the first mobile security solution to achieve this status.

December 5, 2016

Presidential Commission on Enhancing National Cybersecurity: Prioritize mobile security now

The Presidential Commission on Enhancing National Cybersecurity released its report on securing and growing the digital economy  in which one message is clear: de-prioritizing mobile security is no longer an option.

New priorities for a new mobile workplace

The days of employees working only at an office using an organization-issued desktop computer fully managed by the organization are largely over. Market forces and employee demands have made “bring your own device” the de facto option in many workplaces. … Organizations no longer have the control over people, locations, networks, and devices on which they once relied to secure their data. Mobile technologies are heavily used by almost every organization’s employees, yet security for mobile devices is often not considered as high a priority as security for other computing platforms. In short, the classic concept of the security perimeter is largely obsolete.” – Excerpt from the Commission on Enhancing National Cybersecurity report

Employees in the public sector are using mobile devices every day to get their jobs done, whether government agencies know about it or not. Today, having a secured mobile workforce — which includes protection against risky applications, network attacks, and malicious intrusions — is a necessary element of an agency’s overall security architecture.

December 1, 2016

It starts now: 2017 mobile security predictions from Gartner

Gartner just published its “Predicts 2017: Endpoint and Mobile Security” report that includes findings and recommendations. I believe three of these to be significant for mobile security and for InfoSec and technology leaders heading into the new year. My take on these findings is below.

October 25, 2016

Holistic mobile security means protection from threats, data leakage, and your own applications

Securing mobile devices and the data they access is a huge challenge. This is because of three key technology trends happening today:

1) Mobile apps have become the primary way that data is accessed and stored. Mobile apps account for over half of internet use, according to a 2016 study from Andreessen Horowitz. Enterprises, however, rarely know what apps are being used on an employee’s mobile device and whether that app is collecting sensitive information.

2) Individual employees have tremendous control over their mobile environment. They have freedom to choose whatever apps they would like to use to get their work done. This isn’t inherently a bad thing — every company wants productive employees — but it can inadvertently put corporate data at risk if an employee chooses the wrong app..

3) Mobile apps creators range from Forbes 500 companies to a few guys in a garage. The problem is, app developers of any size do not know your company’s specific data protection sensitivities, government compliance regulations, industry standards, or data sovereignty laws. The apps are not always built to meet these sensitivities and may leak corporate data despite being otherwise “benign.”

Mobile apps introduce a new layer of complexity to an enterprise’s security strategy as IT now has to protect against everything from malicious apps to risky app behaviors.

October 24, 2016

It’s Mobile Malware Week: here’s what enterprises should know

October sees the return of European Cyber Security Month, which is the EU’s annual advocacy campaign that aims to raise awareness of cyber security threats, promote cyber security among citizens and provide up to date security information, through education and sharing of good practices.

This year 24th – 28th October is known as Mobile Malware Week and so Lookout have partnered with Europol and the National Cyber Security Centre (NCSC) to help raise awareness and educate around mobile malware plus provide tips for how to stay safe.

Mobile Malware in the Enterprise

When it comes to mobile, many of the threats facing enterprises are the same as those encountered by consumers. Often, devices are dual function, serving both work and personal interests and the device may or may not be owned by the enterprise. Problems can arise when corporate data finds its way onto devices that are outside the visibility or span of control of the IT team. As users spend more and more of their working day interacting with mobile devices it is essential that business take note, and expand their toolsets and policies to fit.

Mobile Malware – what is it?

Mobile malware is a malicious software specifically designed to attack mobile devices e.g. phones and tablets – set out to harm a device or the data on the device. Attacks can often steal user data, commit financial fraud, negatively impact device performance and more. These threats can be the same as those encountered from a computer, but some malware attacks apps and is specific to mobile. Mobile malware can work in tandem with a computer, or act independently.

Malware Types

Different organisations may have different ways they classify or consider Mobile Malware, but here’s a basic overview:

  • Malware: Apps that steal user data, commit financial fraud, and/or negatively impact device performance.
  • Chargeware: Apps that charge users for content or services without clear notification or the opportunity to provide informed consent.
  • Adware: Apps that serve ads that interfere with standard operating experiences and/or collect excessive personal data that exceeds standard advertising practices.

There are also more granular classifications that include: app droppers, backdoors, bots, click fraud apps, spam apps, spyware, surveillanceware, toll fraud apps, and trojans. You can read more about them here.

Real life examples

Mobile devices attract highly targeted and sophisticated attacks. These are not solely the domain of the PC or network and in fact may take advantage of some of the capabilities of a mobile device, such as GPS and additional sensors. An example was the recent ‘Pegasus’ spyware, one of the most advanced pieces of mobile spyware ever seen by Lookout. Pegasus had the ability to compromise a device with one click, remain silently embedded and then spy on every aspect of the user’s mobile interaction. Pegasus could intercept credentials, contact data, location data, intercept mic and video recordings and steal encrypted messages from a number of popular apps and services.

Interestingly Pegasus exploited several assumptions that are just as common to mobile devices as desktops – existence of unknown or unpatched vulnerabilities, willingness of users to click on unknown links, and over-reliance on existing security mechanisms (MDMs did not detect Pegasus).

A final consideration and a growing concern to enterprises is that even ‘good’ apps may introduce considerable risk. With many apps having the ability to connect to backend services, share data and regularly update themselves, enterprises increasingly need to know how this affects the organisation’s security posture. Having an awareness of apps in use and the ability to analyse the capabilities of those apps is an increasing requirement.

How to stay safe

While it’s true that more native safeguards exist, such as code-signing, app sandboxing and curated app stores, we also see attackers working around these safeguards and going for the weakest links.  This often involves coming up with new and novel approaches to distribute malware.

In order to see what’s happening so you can do something about it, the best approach if to gain visibility into to your mobile fleet – visibility is a necessary component of mobile security. While your employee might not know what they’re downloading, with the right tools, IT administrators can see, almost immediately, that a seemingly innocuous app is actually a threat to corporate data. A mobile security solution will help you do this.

A little awareness also goes a long way, and so it pays to keep you users informed. Check out our consumer blog with some useful tips for end users. Also make sure your IT policy covers mobile and is understandable for end users.

Lastly, have a plan and ensure users know who to contact and how to react in case of a suspected compromise.

For more information, see Europol’s mobile malware guides, plus NSCS (formerly CERT-UK) and Lookout’s Mobile Malware in the UK whitepaper.