Mobile phones are no longer just phones. With the increase in remote work and adoption of BYOD policies, mobile phones have become entry points to access corporate data and resources. Therefore, it’s not a surprise that threat actors have started to target mobile phones.
According to the 2021 Verizon Data Breach Investigations Report, "phishing remains one of the top Action varieties in breaches and has done so for the past two years." Once malware is installed via a phishing campaign in the mobile phone, attackers try to elevate the privilege of the corporate user account that's used in the device or perform espionage by installing additional malware that ends up siphoning data off the mobile phone. advanced persistent threat (APT) age.
APTs are a serious issue, because they are difficult to detect. Undetected, they can quietly siphon off your data over a long period. One example of an APT is the infamous Target data breach of 2013. As noted in a Bloomberg Business article published after the attack, “in the days prior to Thanksgiving 2013, someone installed malware in Target’s security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores…On Dec. 2, the credit card numbers started flowing out.” By the time the breach was identified, over 40 million credit card numbers had been stolen.
This is just one example of how much damage can be caused by APT cyberattacks. Every organization should be wary of the threats APTs pose, because mobile devices are ubiquitous, and it is harder to implement stringent security measures on mobile devices than on laptops and systems.
Even though APTs are highly sophisticated and stealthy, there are ways in which you can defend your business’ IT infrastructure against them .
There are three stages to protecting yourself from APTs.
As with any incident, prevention is always better than recovery and making sure APTs don’t get a foothold in your mobile devices is the optimal solution. Even though APTs are different from run-of-the-mill malware and spamware, which are abundant in the mobile ecosystem, the strategy for preventing APTs and malware are quite similar.
Strong perimeter defenses such as firewalls and antivirus solutions play a key role in preventing APT malware from being installed on your devices. However, a firewall or antivirus solution is only as effective as the vigilance of your users. A careless user who has elevated privileges can end up compromising their devices, leading to a breach even if you have the best firewall.
This is why it's essential to train your employees who have access to critical data to:
Perimeter defenses are not infallible, and every security system should be designed with that fact in mind. Additional layers are important to protect your devices in anticipation of attacks. A perimeter defense can help you stop certain breach attempts, but it cannot protect from APTs that utilize stolen credentials. In the event a user’s device has been compromised, the primary aim should be to limit the damage caused by the APT by implementing strong internal security policies.
Security measures like safeguarding business-critical apps and databases behind separate internal firewalls or in a demilitarized zone will limit APT malware from moving laterally and accessing high-profile resources. Additionally, properly encrypting data at rest and in transmission can help reduce the amount of data the APT can access.
Constant vigilance is key! Always be on the lookout for signatures or anomalous behaviors that could potentially be an APT attack on your devices. Steps like closely monitoring who accesses your sensitive data and measuring abnormal amounts of data being transmitted from a particular device is a cause of concern that has to be investigated as soon as they are detected.
In the Target APT attack of 2013, the theft of 40 million credit cards happened gradually as malware moved sensitive data from secure servers to less secure ones before sending all the data to Moscow.
It is highly recommended you have an event logging solution for tracking data movement and access. A comprehensive auditing tool like ManageEngine ADAudit Plus can help you monitor all accesses on your file servers and send comprehensive reports to your registered email address, allowing you to focus on other tasks without compromising on security.
Following these three strategies of prevention, mitigation, and monitoring can help organizations of all sizes protect themselves against APTs.