Cybercriminals use mobile apps to gather data for enterprise spear-phishing attacks

Tools

Mobile apps are being used to gather information in order to launch spear-phishing attacks against enterprises as part of advanced persistent threat attacks, warned mobile app security firm Appthority in its Q1 2016 Enterprise Mobile Threat Report.

"Armed with that information [gathered from mobile apps] a bad actor or a hacker could easily craft a targeted campaign where they send a spoofed email or SMS from someone we think we know, and we are more likely to open a link or an attachment that they recommend," warned Appthority President and Co-founder Domingo Guerra.

"It's not just about protecting the devices and information stored on the devices, but app security really means an initial layer to protect the corporate jewels from a sophisticated phishing attack," Guerra told FierceMobileIT.

In addition, the report found that the top 150 apps on enterprise mobile devices exhibit high risks of data leakage and private information tracking. For the report, Appthority analyzed 315,000 global apps including 112,000 apps on enterprise devices for risky behaviors.

"This highlights the importance of not letting our employees download whatever they want," Guerra said.

The report also found that mobile malware is now making its way into the Apple App Store. Some of the noteworthy iOS malware last year were Quicksand (discovered by Appthority), XCodeGhost, YouMi and MobiSage.

At the same time, Android users in the enterprise have more apps per device than iOS users and those apps more often have data leaking and privacy invasive behaviors than iOS apps, the report found.

For more:
- check out Appthority's release
- read the full report [reg. req.]

Related Articles:
More than half of enterprises are providing mobile apps to non-regular employees, partners
Appmobi integrates Intel XDK into its secure mobile app platform, launches Secure Cloud service
Business users most at risk from mobile malware