2016: networks and mobile devices come under attack

2016: networks and mobile devices come under attack

App vulnerabilities and hidden SSL attacks main threats for networks and mobile devices in 2016

Backdoor attacks are going to increase in the coming year, as cyber criminals exploit patchy mobile security and SSL blindspots to gain access to private data and company networks. Many of the security products businesses rely upon are not equipped to monitor hidden gateways into the network. As a result, organisations will need to invest in plugging these gaps to ensure defences can mitigate against an increasingly varied and powerful threat landscape.

A false sense of security: SSL encryption
Over the past few years, SSL encryption has become popular for both application owners and hackers. Encryption improves security by providing data confidentiality and integrity. However, encryption also allows cyber criminals to conceal their exploits from security devices like firewalls, intrusion prevention systems and data loss prevention platforms. Some of these products cannot decrypt SSL without degrading performance, while others simply cannot decrypt SSL traffic at all because of their location in the network.

Today, encryption accounts for roughly one-third of all Internet traffic, and it’s expected to reach two-thirds of all traffic next year when Internet powerhouses like Netflix transition to SSL. As a result, encrypted traffic will become the ‘go-to’ way of distributing malware and executing cyber attacks simply. Whether sharing a malicious file on a social networking site or attaching malware to an email or instant message, many attacks will be cloaked in SSL.

On top of this threat, movements like Let’s Encrypt make it even easier for hackers to generate SSL certificates to sign malicious code or to host malicious HTTPS sites.

A ubiquitous threat: the mobile device
2016 will also see a sustained increase in the number of attacks targeting mobile devices. The sheer number of mobile devices, the amount of malware (20 million apps by the end of 2016, according to Trend Micro), and the inherent vulnerabilities present in even legitimate mobile apps means that a major breach is bound to happen.

To put it into perspective, Cisco recently released an advisory about a vulnerability in its WebEx for Androids app. This particular flaw leaves the app vulnerable to an exploit that could allow a secondary malicious app to acquire the same permissions as the WebEx application. Typically, an app will ask for permissions, effectively tipping the user to its intent. But by exploiting this vulnerability, the app can gain access without any notification. With millions of potential targets (as many as 5 million may have downloaded the app), it’s only a matter of time before a vulnerability like this results in a major incident. Fortunately, at this time there are no reports of this particular exploit resulting in a breach.

Additional threats exist in spear phishing attacks that exploit the fact that mobile users are more likely to click on a malicious link simply because it’s harder to identify it as suspicious on a smaller screen. Malware designed to look like valid apps can convince unsuspecting users to enter login data that can then be used to gain access to legitimate sites storing detailed personal and financial data. Mobile device users, particularly Android owners, need to remain diligent in validating what apps and attachments they choose to download.

What you can do to prepare for 2016
To counter the threat posed by SSL encryption, organisations can decrypt and inspect inbound and outbound traffic for cyber attacks. A dedicated SSL inspection platform enables third-party security devices to inspect encrypted traffic for threats and eliminate the blind spot in corporate defences.

To mitigate mobile threats, organisations should implement a multi-layered defence system that can protect cloud or on-premise servers as well as mobile devices. This will ensure that the system as a whole does not come under attack as a result of a single breached device. While employees cannot always predict the future, organisations will be ready to handle future risks with the right security technologies and processes in place.

[su_button url=”https://www.a10networks.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about A10 Networks[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Into the Cloud – A10 Networks

Anthony Webb, Vice President of Sales, EMEA, A10 Networks 
DDoS

Why attackers are focusing on DDoS attacks

Anthony Webb, VP of International at A10 Networks, illustrates the DDoS threat landscape and lays out the best strategies for
DDos A1Networks

Key Findings of A10 Networks’ Q4 2019 DDoS Weapons Report

A10 Networks recently published a report on the current DDoS landscape including the methods hackers are using to maximise the damage they inflict.
ransomware

Further rise in Ransomware

Last year ransomware made a comeback, as worldwide mobile operators made aggressive strides in the transformation to 5G, and GDPR
cyber attack

How have DDOS weapons evolved in 2019?

Throughout 2019, DDOS attacks have continued to grow in frequency, intensity, and sophistication, however, the delivery method has changed

A10 Networks Hosts SSL Security Event in Saudi Arabia in Collaboration with Splunk and SBM

A10 Networks  co-hosted a security workshop with the theme ‘Embrace data chaos by inspecting your SSL’ at an event in Riyadh
A10 Networks

The state of DDoS Weapons – Q4 2018 – Special report by A10 Security research

A10 Network’s recently released State of DDoS Weapons Report provides unique insights into Distributed Denial of Service (DDoS) attack techniques.

The state of DDoS Weapons – Q4 2018 – Special report by A10 Security research

A10 Network’s recently released State of DDoS Weapons Report provides unique insights into Distributed Denial of Service (DDoS) attack techniques.
Scroll to Top