IT Brief New Zealand logo
Story image

Mobile security scare... Should Kiwi enterprises care?

26 Jun 2014

Mobile devices, increasingly used in enterprises, are not exempt from Distributed Denial of Service (DDoS) attacks and present several potential security issues.

That's according to Palo Alto Networks, which claim Kiwi enterprises must recognise these in order to solve malware problems as quickly as possible.

The most concerning issue is the ability for mobile devices to be used unwittingly in attacks against other victims.

“DDoS attacks can happen via mobile applications, sometimes without the owner even knowing," says Gavin Coulthard, Manager Systems Engineering ANZ, Palo Networks.

"The tools to opt-in a DDoS, make it incredibly easy for users to participate in attacks, increasing the risk of liability to enterprises.

“The security issue here is not the DDoS attack itself, unless the company happens to be the intended target, but rather a mobile device policy issue.

"In other words, these applications can place the device under the control of a third party and make the organisation a participant in an attack against another victim, making the company liable.

"The best way to mitigate these issues is to identify devices that have unapproved tools and block their participation in the larger attack.”

Palo Alto Networks identifies compromised end-point devices that are participating in a larger attack by letting organisations adopt a positive-security model and ensuring that only valid application-flows are permitted across the network.

By exception, any irregular traffic identified as either suspicious or a known attack-type may then be managed accordingly.

According to Coulthard, smart enterprises need to take steps now to mitigate the risk of mobile devices being uses for DDoS attacks.

As a result, Palo Alto Networks advises the following ways to disrupt the use of unapproved applications, botnets and malware:

· blacklist unapproved hacking tools and opt-in DDoS clients for mobile devices. Assigning a policy based on the state of the device, such as the presence of blacklisted apps, places restrictions on what the device can do until the issues have been remediated

· detect botnet activity to keep users from participating in a DDoS, whether it’s willingly or unwillingly. Botnet activity hides itself from traditional firewalls and security devices as seen in Palo Alto Networks’ regular Application Usage and Threat Reports (AUTR) through:

o custom applications. Malware relies heavily on custom applications, custom or unknown traffic. It was the number one type of traffic associated with malware communications in the last AUTR report , as leading malware families continue to customise their command-and-control traffic

o the use of Secure Sockets Layer (SSL) ­ both as a security mechanism and a masking agent. SSL by itself represented 5 per cent of all bandwidth and the sixth highest volume of malware logs within known applications

o HTTP proxy services, used both as a security component and to evade controls, consistently present themselves in a high volume of malware logs.

· use network policies for application control to block unwanted applications and intercept their ability to contact command and control servers

· employ threat prevention to stop exploits and mobile malware. Break the malware lifecycle by identifying both known and unknown forms of malware, and disrupting its ability to communicate.