Story image

Mobile security scare... Should Kiwi enterprises care?

26 Jun 14

Mobile devices, increasingly used in enterprises, are not exempt from Distributed Denial of Service (DDoS) attacks and present several potential security issues.

That's according to Palo Alto Networks, which claim Kiwi enterprises must recognise these in order to solve malware problems as quickly as possible.

The most concerning issue is the ability for mobile devices to be used unwittingly in attacks against other victims.

“DDoS attacks can happen via mobile applications, sometimes without the owner even knowing," says Gavin Coulthard, Manager Systems Engineering ANZ, Palo Networks.

"The tools to opt-in a DDoS, make it incredibly easy for users to participate in attacks, increasing the risk of liability to enterprises.

“The security issue here is not the DDoS attack itself, unless the company happens to be the intended target, but rather a mobile device policy issue.

"In other words, these applications can place the device under the control of a third party and make the organisation a participant in an attack against another victim, making the company liable.

"The best way to mitigate these issues is to identify devices that have unapproved tools and block their participation in the larger attack.”

Palo Alto Networks identifies compromised end-point devices that are participating in a larger attack by letting organisations adopt a positive-security model and ensuring that only valid application-flows are permitted across the network.

By exception, any irregular traffic identified as either suspicious or a known attack-type may then be managed accordingly.

According to Coulthard, smart enterprises need to take steps now to mitigate the risk of mobile devices being uses for DDoS attacks.

As a result, Palo Alto Networks advises the following ways to disrupt the use of unapproved applications, botnets and malware:

· blacklist unapproved hacking tools and opt-in DDoS clients for mobile devices. Assigning a policy based on the state of the device, such as the presence of blacklisted apps, places restrictions on what the device can do until the issues have been remediated

· detect botnet activity to keep users from participating in a DDoS, whether it’s willingly or unwillingly. Botnet activity hides itself from traditional firewalls and security devices as seen in Palo Alto Networks’ regular Application Usage and Threat Reports (AUTR) through:

o custom applications. Malware relies heavily on custom applications, custom or unknown traffic. It was the number one type of traffic associated with malware communications in the last AUTR report , as leading malware families continue to customise their command-and-control traffic

o the use of Secure Sockets Layer (SSL) ­ both as a security mechanism and a masking agent. SSL by itself represented 5 per cent of all bandwidth and the sixth highest volume of malware logs within known applications

o HTTP proxy services, used both as a security component and to evade controls, consistently present themselves in a high volume of malware logs.

· use network policies for application control to block unwanted applications and intercept their ability to contact command and control servers

· employ threat prevention to stop exploits and mobile malware. Break the malware lifecycle by identifying both known and unknown forms of malware, and disrupting its ability to communicate.

Vertiv reveals new ‘plug-and-play’ data centre options
The new product families are said to enable the rapid deployment of right-sized, just-in-time data centre and power capacity.
Fujitsu takes conservation prize for immersion cooling system
The prize was awarded for the Fujitsu Server PRIMERGY Immersion Cooling System that can reduce power consumption by up to 40%.
5G will propel RAN market to $160b in near future
5G growth is expected to advance at a faster pace than LTE, particularly within the APAC region.
Expert comment: Google fined US$57mil for GDPR breaches
The committee examining the breaches found two types of breaches of the GDPR.
Liquid cooling key to silencing a noisy data centre
Data centre are famous for being very noisy, but Schneider Electric's Steven Carlini says liquid cooling infrastructure could change that.
Achieving cyber resilience in the telco industry - Accenture
Whether hackers are motivated by greed, or a curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat
DigiCert's QuoVadis acquisition extends PKI expertise in EU
DigiCert has now officially completed its acquisition of QuoVadis Group from Swiss security firm WISeKey International.
Commvault fully integrates backup with Cisco Hyperflex
Its IntelliSnap technology has been validated to work with Cisco HyperFlex hyper-converged systems without the need for third-party tools.