Just how susceptible are mobile devices to attacks in enterprise environments? It’s safe to say that mobile cyberattacks beset every business.
For 12 months, Check Point analyzed data from 850 companies around the world, and discovered some surprising insights:
- 100% of the organizations had at least one mobile malware attack
- The average number of mobile malware attacks was 54
- 89% of the companies experienced at least one man-in-the-middle attack
- 75% had an average of 35 jailbroken or rooted devices, a state that leaves devices completely vulnerable to attacks, since the process strips away all built-in security provided by iOS and Android
It takes only one breached mobile device in an enterprise for cybercriminals to steal personal and business data, and access corporate networks. That’s why we were all thrilled yesterday at CPX 2017 when Check Point CEO Gil Shwed introduced SandBlast Mobile, the latest addition to the SandBlast family of network, endpoint, and cloud advanced threat prevention products. SandBlast Mobile provides the most comprehensive mobile threat protection on the market today: safeguarding against malicious apps, poisoned Wi-Fi® network attacks and device vulnerabilities, as well as new capabilities for protecting against cross-platform threats and SMS phishing attacks.
Protecting against cross-platform threats
Cybercriminals have evolved their arsenal of weapons to include exploits and malware aimed at a wide range of platforms, including Windows, Linux, Mac OS, as well as Android and iOS. These cross-platform cyberattacks frequently use complex malware capable of beginning an attack on one platform and executing more malicious attacks on another platform. For instance, the group known as Fancy Bear, believed to be behind the hack of the Democratic National Committee in 2016, used both Windows and Android malware to gain access to the Organization’s network and data.
SandBlast Mobile leverages the unified threat intelligence – for networks, cloud, mobile, and endpoints – provided by Check Point ThreatCloud, the industry’s largest threat intelligence network. ThreatCloud collects and correlates threat intelligence from more than 100,000 network gateways used by Check Point customers, supplying real-time threat analytics from tens of millions mobile devices in enterprise environments. By leveraging the unified threat intelligence provided by ThreatCloud, SandBlast Mobile makes it possible to not only discover Patient Zero, but use Patient Zero to immunize the entire enterprise, regardless of the first platform infected.
Let’s take a look at how my colleague Darrell Burkey explains it:
Say a malicious email is sent to your organization’s Office 365 cloud, and blocked.
ThreatCloud receives the attack indicators, expands to additional attack indicators, and as a result:
- An SMS with a malicious link sent to one of your employees’ smartphone is blocked
- Another user browsing to an infected site is blocked; and
- A cloud server becomes infected and its command and control communication is blocked
The scenario above is what a single campaign using multiple attack vectors to target your business looks like. So that’s what we mean when we say that Patient Zero, in effect, inoculates your entire enterprise, because SandBlast Mobile and ThreatCloud detect and block the attack before it can spread to other platforms in your organization.
Complete detection and prevention of mobile attacks
To be sure, SandBlast Mobile prevents the widest range of attacks to your organization’s mobile users, eliminating the risk of expensive breaches and downtime. SandBlast Mobile has the industry’s highest detection and blocking rate of known and unknown malware attacks on iOS and Android, according to Miercom’s 2017 Mobile Threat Defense industry assessment. Devices are also safeguarded from unprotected Wi-Fi® network access and man-in-the-middle attacks.
Phishing attacks remain a highly effective tactic for cybercriminals, boasting a 45% success rate. According to some estimates, 90% of all advanced persistent threats (APTs) involve some form of phishing. In 2016, there were more than 1.2 million phishing attacks worldwide, according to the Anti-Phishing Work Group’s 2016 trends report. SMS phishing attacks have become one of the more prevalent attack vectors for hackers, primarily because text messages cannot be blocked by spam or phishing filters like email. The small screens of mobile devices and short attention spans of harried users also make it difficult identifying suspicious URLs.
In a typical SMS phishing attack a hacker will send a message that contains a link to install malware or direct a user to a malicious website designed to trick them into divulging sensitive information, such as passwords, account IDs, or credit card details. In some cases, the malware downloaded onto a user’s mobile smartphone can root or jailbreak the device, and with that the hackers can do whatever they want: take over the microphone, listen to phone calls, intercept SMS messages and email, and track the geolocation of the device and user.
With SandBlast Mobile, Check Point introduces the industry’s first anti-SMS phishing attack capability. Powered by the threat intelligence provided by Check Point ThreatCloud, SandBlast Mobile’s anti-SMS phishing attack capability detects and blocks these social engineering attacks designed to steal enterprise credentials.
See for yourself how SandBlast Mobile delivers the most robust security for smartphones and tablets by scheduling a demo with one of our mobile security specialists.