COVID-19 has created a situation unlike anything many of us have ever seen; yet one that will likely leave permanent changes in remote working. With the overnight tectonic shift towards entire workforces working remotely from home, on all variety of corporate and personal (bring your own) devices, IT and security teams have been in triage mode from a security and risk perspective.
As the leading provider of mobile security solutions, Zimperium has observed:
- Immediate changes to the mobile threat landscape related to COVID-19;
- Current tactical approaches enterprises are taking to secure remote mobile workers; and
- Why mobile threat defense (MTD) is critical to protect your users, devices and organization.
Mobile Threats Are Escalating & Evolving
As we all adapt to new work environments, attackers are adapting as well, targeting what they see as a weak link and opportunity in the security chain. Driven by the surge of pandemic-driven remote work and mobile device usage, our zLabs Advanced Research Team has noted a significant increase in the number of detected threats. Our team is reporting:
- 100% increase in the global daily average of detected threats in March compared to February;
- A dramatic shift in attack detection locations. For example in Italy, the threat landscape changed from popular tourist destinations (Turin, Florence, Venice) to more residential cities as people were quarantined. Tens of thousands of threats were seen in the residential areas such as Milan, Bologna, and Modena;
- z9, our machine learning-based malware technology, has detected multiple malicious apps related to COVID-19 prevention –
- As of March 30th, 334 apps have been removed from the official Google and Apple app stores for misusing or violating Google and Apple policies to potentially capitalize on the pandemic by promoting false information and gathering or generating ad revenue. These apps belong to categories like Shopping, Action, Arcade, News, Maps, Books, etc. Eleven of these are iOS apps while 323 are Android apps;
- An exponential (40x) increase in the number of sideloaded apps. Sideloaded apps are downloaded and installed from sources other than the Apple App Store or Google Play and are often malicious or risky; and
- Our Advanced Application Analysis solution, z3A, has detected hundreds of legitimate apps that have high-risk security or privacy scores related to COVID-19. With more devices accessing corporate resources while working remotely, the organizational risk of accidental data loss increases significantly.
Zimperium is not alone in noticing significant growth in coronavirus-related attacks. Below are a few more notable findings from our partner, Google, and others:
- More than 18 million daily malware and phishing emails related to COVID-19 scams were seen by Google just in the past week. That’s on top of the more than 240 million daily spam messages it sees related to the novel coronavirus;
- FBI urges vigilance during the COVID-19 pandemic due to increased financial and health-related fraud campaigns, specifically identifying that children who are home from school and spending more time online may be at increased risk for exploitation; and
- Wall Street Journal warned of a significant rise in phishing, robocall and “smishing” (text-message scams sent to your phone) schemes involving stimulus checks, airline refunds, charities, fines for breaking social-distancing rules, “mandatory” COVID-19 preparedness tests, unproven treatments and sales of in-demand supplies like masks or thermometers.
First Response: Secure Remote Access
In the rush to provide some semblance of enterprise protection, the most common initial step has actually been a traditional approach to network security: implement remote access technologies such as VPNs.
According to Gartner Research Director, Rob Smith, in a Dark Reading commentary, “With enterprises forced to support a sudden surge in remote work during the coronavirus outbreak, remote access technologies have quickly made a comeback as a critical component of the enterprise technology stack.”
In his commentary, Rob also points to one of the flaws remote access has in today’s world, one that is the result of companies investing in cloud-based apps to enable mobile and work-from-anywhere scenarios without the need for VPNs: “In recent years, these technologies have diminished in importance as more businesses transition to cloud-based applications and users are less dependent on access to the corporate network.” Here are some other issues/limitations of secure remote access for mobile devices:
- Most mobile VPNs are actually per-app based (only specific traffic is routed) and not full device, leaving the device exposed to risk;
- VPNs often result in performance degradation due to backhauling traffic to a remote or geographically dispersed location;
- Some organizations have resorted to consumer-grade “free” VPNs, many of which have serious security risks such as sending traffic through a foreign host or country; and
- VPNs cannot prevent malware, exploitation or phishing threats such as those described above.
In fairness, VPNs were never designed to account for some of these realities and must be augmented by solutions that were, specifically mobile threat defense (MTD) ones.
Beyond Remote Access: The Need for Mobile Threat Defense
MTD solutions detect and prevent device, network, application and phishing attacks (if you would like to learn more about MTD, you can read Gartner’s perspective in the “Market Guide for Mobile Threat Defense, 2019”).
As the leading provider of the enterprise MTD solution globally, Zimperium is helping more organizations protect remote mobile workers than any other company. Specifically around the coronavirus-leveraging attacks described above, Zimperium is reducing risk by:
- Detecting and preventing mobile phishing attacks, including those in channels that are not protected by corporate email-based solutions, e.g., personal emails, text and messaging apps (you can read more about GigaOm’s perspective on mobile anti-phishing here);
- Detecting and preventing mobile malware on-device in real-time. In addition, through our Google partnership, Zimperium scans every mobile app submitted to the Google Play Store to ensure they are not malicious before they are allowed to be published;
- Securing both corporate and personal devices through our unique abilities such as integrating multiple UEMs in a single console, enabling BYOD use cases through Microsoft MAM and embedding z9 inside MobileIron Threat Defense; and
- Protecting and respecting user privacy, especially on personal devices, with on-device detection capabilities rather than sending personal information to the cloud for analysis.
Zimperium is here to help you and your employees, on both corporate or BYO devices, during the pandemic and afterward. Please contact us today so we can help.