NHS attacks and Mobile IT.
Since the NHS was recently attacked with Ransomware dubbed “WannaCry”, the internet has been awash with alerts for Windows users to ensure that all their computers are patched to the latest versions. Microsoft has even released updates for Windows XP machines, which have been unsupported for some time. While this attack didn’t specifically attack Mobile IT, there are still a number of lessons that mobile users and administrators should take note of in order to sure they are not the victims of the next attack.
The mobile threat landscape has more surfaces than before. Always-on radios provide attractive opportunities for hackers to intercept with rogue Wi-Fi hotspots. Man-in-the-Middle (MitM) attacks allow seemingly trusted sources to deploy malicious payloads that users are more likely to accept on Mobile than on any other device type. Deliberate mobile malware is no longer the only consideration as the low barrier to entry for developers can lead to apps that leak data accidentally. Even experienced developers have been duped by SDK code injection which infected otherwise benign apps. Many enterprises still believe that simple MDM provides sufficient protection, when in fact MDM is largely concerned with enforcing device policies, and not app reputation or traffic analysis. Off-device threats such as MitM attacks are often beyond the remit of such platforms, and many IT administrators have never had to deal with mobile-specific threats such as SMS phishing before.
If the NHS attacks have taught us anything, it is that patch management needs to incorporate all devices that have access to corporate information, not just the ones that operate within the LAN. IT departments need to realise that squeezing old IT assets is a false economy, and that legacy estate can be the route for exploitation. Hackers have always been inventive, and the proliferation of mobile IT devices has opened up some new attack vectors that many IT departments simply don’t consider when assessing threats.
CWSI can provide integrated solutions to protect mobile Devices, the apps installed on them, the traffic that goes to and from them, and even SMS attacks. Talk to us today to see how we can wrap integrated security solutions to protect your Mobile IT fleet.