Skip to content

Monthly Archives: October 2015

Spyware from Apple iTunes, Google Play, and Microsoft App Store

Quote

“Many trusted applications downloaded from Apple iTunes, Google Play, and Microsoft App Store are spying, snooping and stealing,” said Cybersecurity Expert Gary S. Miliefsky, CEO of SnoopWall, Inc.

See: https://www.youtube.com/watch?v=Q8xz8xKEFvU

This video has gone viral with nearly 6 million views, yet malicious flashlight app downloads have reached nearly 1 billion devices.

During FinDEVr, Miliefsky will demonstrate how popular apps are eavesdropping on bank accounts stealing PINs and credentials and monitoring check deposit from the largest banks in America. Consumers must be made aware of the fact that their smartphones are natural targets; that malware exists in trusted apps; and that ALL major mobile banking applications are susceptible to this exploitation.”

One of the big issues I see in the mobile space is the phone manufacturers & providers themselves. Their updates often contain spyware to sell more services, the operating systems themselves are not secure, especially with Android, and there is no easy application level control that allows users to select which apps can talk to the internet and which cannot (like a good workstation based firewall). Google Apps (GAPPS) are one of the biggest offenders. But they are not alone.

This is a big part of the Cyber Security problem and not just in mobile. Systems are insecure in many ways by design so manufacturers can collect as much data as they can and sell it advertisers and/or use it themselves to sell more. Windows 10 OS s a good case in point. Unfortunately, those same vehicles use by manufacturers to get user data are also used by nefarious actors to do the same and then use the data for identity and credit card theft and other criminal pursuits.

I think the ultimate solution for Mobile, at least in the non Apple market, will be a complete divorce from hardware and operating system. CyanogenMod and other open source projects have started in this direction. Will this take off? I think it will be very difficult as there is so much money at stake form both the Phone Manufacturers that want to sell more kit and the Phone Carriers that are in bed with them to sell more services and collect as much info as they can on users. I also think the average user will still want a turn-key easy to use solution. That said, a secure feature rich phone is not difficult, just at the moment not as profitable.

Internal actors responsible for 43% of data loss

Quote

Among companies experiencing data breaches (and that is to say, a majority), internal actors were responsible for 43% of data loss, half of which was intentional, and half accidental.

That’s a staggering amount of risk lingering inside organizations, especially when one considers that the report, from Intel, also revealed that security professionals have experienced an average of six significant security breaches each.

Interestingly, insider threats aren’t recognized as the gaping issue that they are. Breaches perpetrated by disgruntled employees and other forms of inside jobs come in at sixth place for most of the world in terms of security concerns, except in Asia-Pacific, where it’s No. 2. Cloud deployments, in contrast, brought with them increased anxiety of more security breaches, although there was no indication of increased risk with cloud applications.

Intel also found that in 68% of data breach incidents, the data exfiltrated from the network was serious enough to require public disclosure or have a negative financial impact on the company. The same was true for 70% of incidents in smaller commercial organizations, and in 61% of breaches in enterprises.