Anatomy of an Enterprise Mobile Security Incident

Similar documents
Exposing The Misuse of The Foundation of Online Security

Six steps to control the uncontrollable

Mobile Devices prioritize User Experience

PrecisionAccess Trusted Access Control

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

Make security part of your client systems refresh

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Salesforce1 Mobile Security White Paper. Revised: April 2014

SECURE DATA EXCHANGE

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

Evolution Of Cyber Threats & Defense Approaches

Secure Access & SWIFT Customer Security Controls Framework

Segmentation for Security

Topics. Ensuring Security on Mobile Devices

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Mobile devices boon or curse

the SWIFT Customer Security

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

MOBILE SECURITY OVERVIEW. Tim LeMaster

Cloud FastPath: Highly Secure Data Transfer

Integrated Access Management Solutions. Access Televentures

WHITEPAPER. How to secure your Post-perimeter world

WORKPLACE Data Leak Prevention: Keeping your sensitive out of the public domain. Frans Oudendorp Ronny de Jong

Go mobile. Stay in control.

Securing Office 365 with MobileIron

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Google on BeyondCorp: Empowering employees with security for the cloud era

The Problem with Privileged Users

White Paper Securing and protecting enterprise data on mobile devices

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

Securing Health Data in a BYOD World

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

Crash course in Azure Active Directory

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Comprehensive Database Security

Endpoint Protection : Last line of defense?

Yubico with Centrify for Mac - Deployment Guide

Technical Evaluation Best Practices Guide

The security challenge in a mobile world

C1: Define Security Requirements

10 FOCUS AREAS FOR BREACH PREVENTION

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

Identity & Access Management

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

WHITEPAPER. Lookout Mobile Endpoint Security for App Risks

Securing Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016

6 Key Use Cases for Securing Your Organization s Cloud Workloads. 6 Key Use Cases for Securing Your Organization s Cloud Workloads

Securing Today s Mobile Workforce

WHITE PAPER. ENSURING SECURITY WITH OPEN APIs. Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

CSP 2017 Network Virtualisation and Security Scott McKinnon

THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS

2 Me. 3 The Problem. Speaker. Company. Ed Breay Sr. Sales Engineer, Hitachi ID Systems.

System Structure. Steven M. Bellovin December 14,

Secure access to your enterprise. Enforce risk-based conditional access in real time

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Rethinking Authentication. Steven M. Bellovin

IT Needs More Control

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

BETTER Mobile Threat Defense (BMTD)

IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP

Attackers Process. Compromise the Root of the Domain Network: Active Directory

OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP

Copyright

Phil Schwan Technical

Vidder PrecisionAccess

Frequently Asked Questions WPA2 Vulnerability (KRACK)

AGILE AND CONTINUOUS THREAT MODELS

Teradata and Protegrity High-Value Protection for High-Value Data

SECURING DEVICES IN THE INTERNET OF THINGS

MDM is Calling: Does Your Business Have an Answer? arrival. Here To Go. Lunch Dinner. continue. Riiinnggg. Dec. 12

2016 Survey: A Pulse on Mobility in Healthcare

SECURING DEVICES IN THE INTERNET OF THINGS

The Connected Worker and the Enterprise of Things

Clearing the Path to PCI DSS Version 2.0 Compliance

The Axis of Physical and Cyber Security providing three-dimensional threat protection

Critical Hygiene for Preventing Major Breaches

Minfy MS Workloads Use Case

Securing Devices in the Internet of Things

Microsoft 365 Business FAQs

Combating Cyber Risk in the Supply Chain

Use EMS to protect your mobile data and mobile app

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

Verizon Software Defined Perimeter (SDP).

Part 1: Anatomy of an Insider Threat Attack

Minfy MS Workloads Use Case

ACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee

Mobility best practice. Tiered Access at Google

Cloud Customer Architecture for Securing Workloads on Cloud Services

CLOUD WORKLOAD SECURITY

Preventing Unauthorized Access & Attacks: Strategies for Securing Mobile Certificates

white paper SMS Authentication: 10 Things to Know Before You Buy

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Secure Access for Microsoft Office 365 & SaaS Applications

VMware AirWatch and Office 365 Application Data Loss Prevention Policies

Transcription:

SESSION ID: MBS-W10 Anatomy of an Enterprise Mobile Security Incident Aaron Turner CEO Hotshot @AARONRTURNER

Session Outline The price of mobile complacency Understanding the enterprise mobile ecosystem The Venn Diagrams of Mobile Security Doom Step-by-step recreation efforts Mobile security tool evaluations Recommendations and roadmaps 2

20 years of Enterprise Mobility One chart that pretty much tells the story of why enterprise mobile security is so awful today Credit: comscore MobiLense 3

The Global View 4

Enterprise Mobile Situation ios Hygiene Among US knowledge workers in information-centric businesses, ios continues to dominate Among global manufacturing, logistics, hospitality and retail customers, Android is king Both platforms suffer terribly from hygiene problems 56% of enterprise-connected ios devices are vulnerable to commodity exploits Data based upon IANS Research mobile security assessments https://www.iansresearch.com 4% - up-to-date 40% - 60 days 56% - >60 days 2% - up-to-date 26% - 60 days 72% - >60 days 4% 40% 56% Android Hygiene 2% 26% 72% 5

What is an ios Commodity Exploit? LMGTFY A non-persistent exploit/jailbreak Useful to get temporary access to ios kernel And all data and credentials as well 6

The Incident Global enterprise conglomerate, more than 50,000 employees worldwide Office 365 Global Admin travels to hostile country Global Admins are only required to use soft tokens while on untrusted networks Staff member returns to the US Office 365 badness ensues 7

The Aftermath No IoC s on Global Admin s Laptop No IoC s on Global Admin s iphone But Clear evidence of unauthorized Office 365 activity and privilege abuse Zeroing in on the ios device: More than 60 days out-of-date, vulnerable to more than 10 exploits at the time staff member was traveling in hostile country As soon as the staff member s credentials were reset and MFA soft token revoked and reissued, unauthorized access ceased 8

Zeroing in on the ios device More than 60 days out-of-date Vulnerable to more than 10 exploits at the time of travel Credential reset and soft-token revocation and redeployment resulted in immediate stop to Office 365 privilege abuse 9

Trying to Explain the Unexplainable Client asks team to create a report outlining potential ways that the scenario could be explained Collaboration among a group of ios and Office 365 experts yields a theory: Staff member was targeted with ios exploit while in hostile country Non-persistent jailbreak uses kernel vulnerability to gain access to stored credentials and cryptographic secrets in ios keychain Attackers inject stolen credentials and cryptographic secrets into attack device, essentially cloning user s credentials and MFA soft token Evidence of the attack deleted when ios device is rebooted 10

This is not supposed to happen! Nearly all vendors offering soft token solutions claim to leverage ios s secure enclave encryption facility The secure enclave is essentially a cryptographic co-processor which helps improve the integrity of encryption operations on ios devices o For more information, read the Storing Keys in the Secure Enclave article in the Apple developer documentation Soft tokens store secret data in keychain locations which can expose soft tokens to remote attacks Result: a kernel-mode exploit could successfully steal the MFA soft token secrets, clone them to an attacker device and the back-end system would be none the wiser 11

Mobile Security Venn Diagrams of Doom Increasingly Vulnerable Mobile Devices Increasing Enterprise Reliance on Mobile for Security Publish Enterprise Android Apps Outside of Play Store No Enforcement of Android Hygiene Fortune 1000 Mobile Trend Top 5 Financial Services Org 12

The Mobile Identity Problem When you don t enforce any sort of software integrity on mobile endpoints, but Implement software-based systems to attempt to drive integrity into identity and access processes Bad things are going to happen 13

Mobile security tools will help! MAM, MDM, MTD to the rescue! or not... 14

What can you do to a vulnerable iphone with MTD installed? A remarkable amount of badness IANS Research evaluated two market-leading MTD platforms through a series of penetration tests Rules of the game: Target devices had to be 60 days out-of-date (in-line with 60% of this customer s mobile fleet) The worst-case scenario: IANS successfully compromised one MTD s VPN credentials and injected an unauthorized root of trust into the certificate store ios Function Evaluation 1 2 Kernel execution Operating memory protection File system integrity Security secret store integrity Cryptographic store integrity Application execution integrity Physical-layer network integrity Application-layer network integrity MTD Detection Failed MTD Detection Failed but slight advantage MTD Detection Succeeded 15

What can you do to a vulnerable mobile device with InTune? When you have a kernel-mode exploit, application/user controls are not effective AT ALL IANS Research coordinated review of both ios and Android devices managed by InTune 16

Vulnerability Management on Mobile is Important! Groundbreaking research: Installing security updates on mobile devices significantly reduces the risks associated with attacks on mobile devices There are really only 2 paths forward at this time: ios: only allow ios devices to connect to enterprise resources if they have the latest security updates Android: only allow Pixel or Android One devices to connect to enterprise resources if they have the latest security updates 17

Once updates are installed, key policies to enforce ios security policies Prohibit untrusted TLS certificates Block documents in unmanaged apps Treat AirDrop as unmanaged destination Android security policies Only allow Android for Work capable devices Block sharing from work to personal profile Prevent users from manually adding or removing work profiles Enforce Verify Apps for work and personal profiles But none of these matter on a vulnerable mobile device! 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback