Skip Navigation
BlackBerry ThreatVector Blog

Not All Mobile Threat Defenses are Created Equal

Businessman hand using smart phone protect by cyber security

In the wake of the COVID-19 outbreak, phishing attacks that target mobile users are on the rise as cybercriminals seek to capitalize on the crisis, prompting the FBI to issue an advisory about COVID-19 phishing schemes. In addition, a recent report from Gartner found that there are about 42 million mobile malware attacks annually — and that’s a figure that’s rising every year. The Gartner study also found that 60% of respondents said they believe that mobile malware incidences are underreported.

We recently wrote about how phishing attacks that target mobile users are not only bound to rise, but also how mobile users prove to be more susceptible to phishing attacks. We also mentioned that there are mobile threat defenses that are designed to identify and block phishing attacks that target mobile users.

We believe these defenses are essential for enterprises to defend their users from growing mobile risks. In this post, we take a look at mobile threat defenses, the technologies they use, and what approach we ultimately believe to be best.

Inside Mobile Threat Defense

The first and one of the most common techniques used to protect against mobile phishing (and browsing) attacks is the use of whitelists and blacklists. Sometimes these lists, designed to allow or deny access to specific domains, are created by corporate security teams as they cultivate domains from attacks they have blocked.

Sometimes, if security teams know that they often get attacked from specific geographies, they’ll block certain top-level domains outright. Mobile threat defense platforms will also often use curated threat-feeds from third-party service providers or even an aggregated list from multiple providers. For some mobile threat defense products, these types of static rules are all the protection they provide.

Of course, such static rules are not going to keep mobile devices secure from emerging and more advanced attacks. Savvy attackers are continually updating their domains to bypass static security lists. Because cyberattackers are always updating and changing their strategies and techniques, threat feeds will always be a step or two behind — just as signature-based anti-malware is always reactive at best.

Machine Learning and a Layered Mobile Threat Defense

This is where machine learning (ML) comes in. Not only can ML detect domain generated algorithms that are designed to avoid detection, but it provides proactive protections through behavioral analytics, continuous monitoring, and the ability to adapt policy on the fly.

Further, mobile threat defense is an extension of existing endpoint management for mobile devices, apps, and the networks they connect to by providing enhanced security at the device, network, and application layers.

At the device layer, mobile threat defense monitors device-specific parameters such as operating system and firmware levels, security update versions, state of device configurations, system libraries, and more, to identify security misconfigurations, device vulnerabilities, and suspicious or malicious activity.

At the network layer, these platforms monitor cellular and wireless network traffic for suspicious or malicious activity, check for spoofed or otherwise invalid certificates and the removal of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols, and vet traffic for potential man-in-the-middle attacks.

At the application layer, mobile threat defense tools identify grayware (potentially unwanted applications) and malware through application sandboxing. Other application security techniques include anti-malware filtering, code emulation or simulation, application reverse engineering, as well as static and dynamic app security testing.

Additionally, because it’s more difficult to identify malicious phishing attacks on mobile due to the more constrained computing resources, less screen space, and fewer ways to see sender information, mobile security must be integrated right into the application workflow and not require multiple third-party agents to be installed on devices. Installing too many separate agents on mobile adds unnecessary complexity, increases support costs, and overall, tends to bog users down.

With all of those techniques in mind, which are the best for mobile threat defense? We believe mobile devices and users are best served by combining all three layers of protection: threat intelligence feeds, customized security rules, and machine learning to block unknown threats. This way, the blacklists will stop known bad domains, while machine learning algorithms will identify and stop bad things that haven’t been seen before.  

Native Mobile Threat Defense

Finally, mobile device security should be baked right into mobile device management applications. This way, there aren’t any separate agents adding complexity to the mobile device or complex configurations that must be managed. Tight integration without having to contend with multiple security and management dashboards is the ideal, as is the ability to remediate on the device itself.

While it’s true that mobile attacks are on the rise as cybercriminals look to leverage concerns around the spread of COVID-19, and that users are more susceptible to phishing attacks on their mobile devices, the good news is that mobile workers can be protected if the right mobile threat defense tools are in place

Chris Greco

About Chris Greco

Chris Greco serves as Sr. Director, Solutions Development at BlackBerry.