Page 17 - Cyber Warnings - November 2015
P. 17
2. Watering Hole Attacks – when your fav spot attacks you
While it might be stating the obvious that most mobile apps have the ability to geo-locate you at all
times, it might not be as clear that such geo-location reporting abilities can represent a risk to
enterprise’s networks. By frequently visiting the same locations, for example having lunch regularly
at a local restaurant near the office, attackers are able to pick up on geo-location patterns and can
place malware on more lightly-defended websites, in this case, the website of the restaurant. By
visiting the website to make reservations, or look at the menu, the attacker now has the ability to
compromise your computer or device, successfully infiltrating the enterprise system.
3. Zombie Applications – they’re dead and you don’t know it
When an application is revoked, be it for developer end-of-life plans or for vulnerability concerns, it
is removed from the app store. The user, however, receives no notification of this, leaving their
mobile device full of discontinued apps that still live on the device but without security updates.
These zombie apps are in a position to be exploited by third parties, offering fake updates or
targeting known app vulnerabilities that were never patched, putting sensitive information at risk.
Securing Private Data to Save Enterprise Data
While the focus on protecting corporate data is necessary, it’s not sufficient. Surveillance systems
such as ad networks and analytic frameworks that harvest personal information not only violate a
user’s privacy, they can endanger an enterprise’s infrastructure when that data is leveraged for
spear-phishing or watering hole attacks.
By automating the scanning and analysis of employee mobile apps for risky behaviors, hidden
actions, and mobile malware, enterprises can deploy necessary visibility to control potential security
and privacy threats--and in doing so creating a critical function to identify, locate and prevent cyber-
attacks.
About the Author
Domingo Guerra, President & Co-Founder, Appthority
Born and raised in Monterrey, Mexico, Domingo Guerra moved to the
United State at the age of 18 to pursue his passion for technology. He
is a contributor to the Appthority App Security blog and authors
Appthority’s App Risk Management Report, which exposes the
security risks of iOS and Android’s most popular apps. Guerra has
Product Design, Development and Operations experience across multiple industries, having
released products and secured patents in the Semiconductor, Robotics, Datacenter, and Mobile
Security industries. He holds a BS from The University of Texas at Austin, an MS from Stanford
University, and an MBA from Santa Clara University.
17 Cyber Warnings E-Magazine – November 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
