This post is also available in: עברית (Hebrew)
The theft of user credentials, i.e. phishing, or delivery of malware through bogus links, has been a major cybersecurity problem. While emails have been the primary attack vector for phishing scams, their prevalence is growing in both mobile applications and SMS text messages.
Recently, a mobile device security platform has been updated with a never-before-seen feature to help tackle this cybersecurity challenge. The development was funded in part by the US Department of Homeland Security (DHS) Science and Technology Directorate (S&T).
Lookout and S&T announced that an update to Lookout’s platform – with the new mobile phishing feature and enhanced content protection capabilities – is being transitioned to the government and private sector and is now available for both iPhone and Android devices.
“Beyond simply detecting phishing attempts in SMS messages, the system also detects and prevents attacks that hide inside mobile apps, social media messages, and in personal and corporate email,” S&T announced. It added that the platform inspects connections at the network level, but doesn’t inspect message content, preserving end-user privacy.
According to meritalk.com, the Federal government has certainly had its fair share of trials attempting to educate employees on the dangers of phishing scams, and results have been mixed. More and more devices are connecting to Federal networks, meaning a larger attack surface, and more potential entry points that bad actors can use to target Federal networks.
A white paper released by Lookout in April found that the rate at which people fall for phishing attacks on mobile phones has increased 85 percent every year since 2011.
According to S&T, the devices must have mobile endpoint security that alerts IT and security personnel to potential attacks. Without proper mobile security, agencies cannot adequately protect against data compromises.
In May, the National Institute of Standards and Technology (NIST) issued a bulletin that suggested email was becoming “a more difficult medium for malicious entities to use as a penetration vector” and suggested that social media and web applications could be the next frontier for attacks.
The new platform appears a step toward curbing that potential new exploit trend.