Federal cybersecurity teams are under intense scrutiny as public sector breaches dominate headlines. Unfortunately, another critical threat is looming. According to our research, malicious mobile applications are the number one attack vector against federal mobile devices and employees.
In December 2015, we discovered rogue app stores allowing users to download malicious apps onto non-jailbroken iPhones and iPads. That month alone, forty percent of our largest government agencies and private sector TAP Mobile Defense customers had users accessing rogue app stores and downloading illegitimate apps. These apps could be stealing data or passwords. Risk is increasing as federal agencies adopt mobile devices to improve productivity and reduce costs.
Apps are going virtually unchecked. Security teams have little insight into downloaded apps, accessed data and where their data is going. Many rely solely on consumer-oriented app stores (such as Apple App Store, Google Play and Amazon App) to stop risky and malicious apps.
During unchecked installation, federal employees agree to permissions that lead to data loss, credential theft and private data disclosure. Relying on built-in app store security isn’t wise. They are failing to keep malicious apps out. In the last three months, we have seen:
- The widespread xCodeGhost malware infection target app developers, resulting in thousands of compromised Apple apps
- The emergence of iBackDoor, where an advertising app library was infected and it downloaded new apps onto user devices
- The rise of the “DarkSideLoader” rogue app store where criminals obtain legitimate enterprise distribution certificates to target non-jailbroken devices and install modified/tampered free apps
We analyzed more than 15,000 DarkSideLoader iOS apps over the last three months. Each one was altered. These app stores, which are a global criminal enterprise, obtained Apple Enterprise Distribution certificates fraudulently from Chinese, Middle Eastern and Belgian companies.
To help federal agencies combat the threat, we have partnered with solution providers and resellers to provide our Proofpoint Targeted Attack Protection (TAP) Mobile Defense solution. Please see Triad Technology’s recent announcement.
Our tight integration with MobileIron and AirWatch MDM systems also ensures quick deployment. For more information on why you can’t rely on mobile app stores, please click here.
Subscribe to the Proofpoint Blog