Marble Security Labs Report: Enterprises Remain Vulnerable to iOS Malware Vectors Despite Apple's Responses

'WireLurker' and 'Masque Attack' Demonstrate iOS is Entering the 'Whack-a-Mole' Era of Malware Defense


MENLO PARK, Calif., Dec. 4, 2014 (GLOBE NEWSWIRE) -- Enterprises remain vulnerable to new variants of the exploits underlying the WireLurker and Masque Attack malware, an analysis of Apple's iOS security responses shows. Marble Labs, the research team at mobile threat intelligence and defense firm Marble Security, presented the findings in its December 2014 Mobile Threat Report, "'WireLurker' and 'Masque Attack' iOS Malware: What They Mean for the Future of Enterprise Attacks and APTs."

The report shows hackers and cybercriminals have found ways around Apple's iOS security. Apple took steps to stop further infections of the single instance of WireLurker and the 450 Mac OS X applications that were discovered, but this in no way prevents future versions of this malware from infecting computers with different enterprise certificates or new versions of the WireLurker Mac OS application software. Perhaps more important to the enterprise, it doesn't protect iPhone and iPad users who sync to Windows computers from running WireLurker malicious software on their PCs.

Apple's response to the Masque Attack threat was to announce that only users who turned off Apple's own security controls on iOS would be vulnerable. However, the security controls are simply a dialog box that pops up asking a user if they want to trust an enterprise provisioning certificate. If a user clicks "Yes," then the user's iOS device can have malicious apps installed at the whim of an attacker. These apps can replace legitimate apps and read stored files and data. This mechanism is not a bug in iOS. Rather, it is an important facility used by legitimate enterprises to publish their own proprietary apps to their employees' devices. Now that it has been shown as an effective attack vector, however, it will continue to be used in ever greater and more targeted fashions.

"Apple's responses to the WireLurker and Masque Attack operations illustrate that iOS is entering the 'whack-a-mole' era of malware defense, similar to that experienced during the last decade with PCs," said Dave Jevans, founder and chief technology officer at Marble Security. "Being proactive rather than reactive is essential in preventing these iOS vulnerabilities and exploits from affecting enterprise networks, and implementing mobile device security solutions is a huge step in achieving this."

Comprehensive mobile security solutions with automated threat detection and remediation capabilities are the only way to effectively protect enterprises from advanced persistent threats (APTs), malware and riskware, Jevans said. These solutions work in conjunction with MDM and EMM platforms to provide dynamic app threat detection and defense. Virtually every major corporate security breach in the last three years has been the result of spear-phishing attacks against targeted employees or consultants using these techniques, and mobile attacks are the fastest growing category of threats.

"The electronic crime underground has already begun exploiting mobile devices, and it will only intensify attacks on employees, making dynamic protection against malicious apps more critical than ever for mobile users—even those with iOS," said Jevans.

More information is available online in the final report: Marble Labs Mobile Threat Report, December 2014.

Enterprise network and mobile security managers interested in learning more about how Marble Security's mobile threat intelligence and defense services enhance enterprise mobile security with defense in depth can visit www.marblesecurity.com.

About Marble Security

Marble is the leading provider of mobile threat intelligence and defense. Marble Labs, the company's research and response team of analysts, developers and cybercrime specialists, has analyzed millions of Android and iOS apps, detecting apps with malicious and privacy-leaking behaviors that frequently lead to advanced persistent threats (APTs), spear-phishing attacks on employees and other information security risks.

The Marble service combines comprehensive, correlated threat intelligence across multiple data sources with an adaptive scoring engine to produce dynamic risk scores for Android and iOS mobile apps. Marble provides these as data feeds or formatted reports, or integrates directly with mobile device management (MDM) or enterprise mobile management (EMM) solutions, providing granular risk control for bring-your-own-device (BYOD) programs. www.marblesecurity.com


            

Coordonnées