THREAT RESEARCH: TARGETED ATTACKS ON Enterprise ENTERPRISE MOBILE Check Point Threat Research: Targeted Attacks on Enterprise Mobile ABOUT MRATS Commercial mRATs are applications sold worldwide for the primary purposes of spying on people or monitoring children’s safety. mRAT applications today are also used to steal commercial or enterprise data if installed on an employee’s device without their knowledge. Because an mRAT enables administrative control, it is possible for an intruder to: track device location, use a key logger, activate device microphone, take screenshots, gain access to calendars, emails, 3rd party applications and more. Commercial mRATs are usually installed on the device when the attacker is capable of gaining physical access to that device for a short period of time (such as a request to make a phone call or when the device is left on a table). mRATs can also be downloaded invisibly with a user-requested program, such as a game, or sent as a link through email or text. Unlike most other malware, mRATs work on both Android and iOS. Also, they allow the attacker to take advantage of a very powerfull set of capabilities on installed on a victim’s device - unlike simple premium SMS, or the recent JPMC phishing attacks, which put only very small aspects of the owner’s device at risk. CORPORATE DATA AT RISK 18 DIFFERENT MRAT FAMILIES DURING THIS RESEARCH ©2015 Check Point Software Technologies Ltd. All rights reserved. Classification: [Protected] March 25, 2015 3 Check Point Threat Research: Targeted Attacks on Enterprise Mobile RESULTS ENTERPRISES ARE TARGETED BY MRATS Are the infections distributed evenly? TWO TECHNIQUES WERE USED TO TEST THIS PROPOSITION: The infections do not look uniformly distributed and are seen clustered in groups inside a partial group of the organizations reviewed and within countries. • Infection rates across enterprises themselves • The distribution of these infections Are enterprises infected? The data shows that employees of corporations are in fact targeted by mRATs. These infections have a high probability of malicious usage, as they are targeting corporate employees, not children. It was found that one out of every 1,000 devices was infected. Based on the dataset, if there are 2,000 devices or more in an organization, there is a 50% chance that there are infections within the enterprise network. The research shows fewer organizations are infected than expected, however those who are have significantly higher infection rates. In the US for example, there is double (0.31%) the rate of infected devices on gateways that show mRAT infections as opposed to the global infection rate of 0.15% This points to the notion that not only are corporate employees being targeted, but certain organizations are themselves targets too, since the infections are clustered and focused in small parts of the overall group we examined. The important message is that attackers choose certain organizations and attack multiple targets inside them, as opposed to just attacking corporate employees of random organizations and targeting them without relation to their organization. Employees of targeted organizations have twice the chance of being infected by compared to employees of organizations which have not yet been targeted. This is a meaningful problem for organizations. For companies with 2000 devices or more in the US, there is a 50% chance they will have 6 or more infected or targeted mobile devices in their network right now. ©2015 Check Point Software Technologies Ltd. All rights reserved. Classification: [Protected] March 25, 2015 4 Please complete the form to gain access to this content Access Now Related Resources Network Boundaries Have Gone Mobile HOW MOBILE MALWARE COMPROMISES YOUR SECURE CONTAINERS AND ENTERPRISE CONTENT CHECK POINT SANDBLAST ZERO-DAY PROTECTION: THE BEST PROTECTION AT EVERY LEVEL THE TOP 6 CYBER SECURITY THREATS TO IOS DEVICES DEMYSTIFYING MOBILE SECURITY ATTACKS THE TOP 4 CYBER SECURITY THREATS TO ANDROID MOBILE DEVICES 3 STEPS TO IMPLEMENTING AN EFFECTIVE BYOD MOBILE SECURITY STRATEGY EXPOSING THE UNKNOWN: HOW SANDBOXING TECHNOLOGY FIGHTS MODERN THREATS
Check Point Threat Research: Targeted Attacks on Enterprise Mobile ABOUT MRATS Commercial mRATs are applications sold worldwide for the primary purposes of spying on people or monitoring children’s safety. mRAT applications today are also used to steal commercial or enterprise data if installed on an employee’s device without their knowledge. Because an mRAT enables administrative control, it is possible for an intruder to: track device location, use a key logger, activate device microphone, take screenshots, gain access to calendars, emails, 3rd party applications and more. Commercial mRATs are usually installed on the device when the attacker is capable of gaining physical access to that device for a short period of time (such as a request to make a phone call or when the device is left on a table). mRATs can also be downloaded invisibly with a user-requested program, such as a game, or sent as a link through email or text. Unlike most other malware, mRATs work on both Android and iOS. Also, they allow the attacker to take advantage of a very powerfull set of capabilities on installed on a victim’s device - unlike simple premium SMS, or the recent JPMC phishing attacks, which put only very small aspects of the owner’s device at risk. CORPORATE DATA AT RISK 18 DIFFERENT MRAT FAMILIES DURING THIS RESEARCH ©2015 Check Point Software Technologies Ltd. All rights reserved. Classification: [Protected] March 25, 2015 3 Check Point Threat Research: Targeted Attacks on Enterprise Mobile RESULTS ENTERPRISES ARE TARGETED BY MRATS Are the infections distributed evenly? TWO TECHNIQUES WERE USED TO TEST THIS PROPOSITION: The infections do not look uniformly distributed and are seen clustered in groups inside a partial group of the organizations reviewed and within countries. • Infection rates across enterprises themselves • The distribution of these infections Are enterprises infected? The data shows that employees of corporations are in fact targeted by mRATs. These infections have a high probability of malicious usage, as they are targeting corporate employees, not children. It was found that one out of every 1,000 devices was infected. Based on the dataset, if there are 2,000 devices or more in an organization, there is a 50% chance that there are infections within the enterprise network. The research shows fewer organizations are infected than expected, however those who are have significantly higher infection rates. In the US for example, there is double (0.31%) the rate of infected devices on gateways that show mRAT infections as opposed to the global infection rate of 0.15% This points to the notion that not only are corporate employees being targeted, but certain organizations are themselves targets too, since the infections are clustered and focused in small parts of the overall group we examined. The important message is that attackers choose certain organizations and attack multiple targets inside them, as opposed to just attacking corporate employees of random organizations and targeting them without relation to their organization. Employees of targeted organizations have twice the chance of being infected by compared to employees of organizations which have not yet been targeted. This is a meaningful problem for organizations. For companies with 2000 devices or more in the US, there is a 50% chance they will have 6 or more infected or targeted mobile devices in their network right now. ©2015 Check Point Software Technologies Ltd. All rights reserved. Classification: [Protected] March 25, 2015 4
