![](\"https:\/\/images.techhive.com\/images\/article\/2015\/09\/hack-hacker-cyber-thief-theft-stolen-100613858-primary.idge.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Jonny Evans| Date: Mon, 10 Sep 2018 04:53:00 -0700<\/strong><\/p>\n Reports claiming numerous apps<\/a> distributed through Apple\u2019s App Store are secretly exfiltrating user data should be an alarm call to enterprise CIOs. It signals a new battlefront in the eternal enterprise security wars.<\/p>\n On the surface, the data being extracted is kind of\u2026 personal: Location, browser histories, information like this provides additional insight into what individual users are up to. Why should that concern an enterprise?<\/p>\n That\u2019s a rhetorical question, of course. Most enterprise security professionals recognize that any form of data exfiltration poses an overall challenge.<\/p>\n The security environment is becoming increasingly complex, criminals are getting better at combining data from multiple sources to identify targets, identify individuals and turn this knowledge into cold hard cash.<\/p>\n We also know that as Apple makes its platforms more secure<\/a>, criminals who still choose to target the platform are becoming much more sophisticated.<\/p>\n They will even pay $15 for Apple ID data<\/a> and there is a huge market in preconstructed phishing and hacking tools online. A Malwarebytes survey earlier this year claimed\u00a0malware attacks on Macs climbed 270 percent<\/a>\u00a0in 2017.<\/p>\n Wickie Fung of Palo Alto Networks has warned: \u201cEnterprises must insist on complete pervasive security visibility in their environment including users, applications, data and threats.”<\/p>\n Staff must be educated about the risk of installing unapproved apps.<\/p>\n Enterprises must put procedures and protocols in place to protect against installation of data exfiltrating apps — in doing so they must also recognise that third party apps that do things more efficiently than those they themselves provide will be used, and should subject these to swift security analysis.\u00a0<\/p>\n It is also important to check if existing threat intelligence systems are capable of identifying instances in which rogue apps are covertly stealing data.<\/p>\n The recently-identified apps<\/a> tend to parcel up the data they take to upload to remote servers \u2013 threat intelligence systems must recognize such transactions.<\/p>\n Phishing attacks are much more effective if they are precisely targeted according to user habits \u2013 and users are still the weakest link in the security chain.<\/p>\n Criminals understand (as did Cambridge Analytica<\/a>) that the value of data extracted from multiple data stacks far outweighs that held inside any single stack. Analytics systems enable such data to be identified and weaponized.<\/p>\n There\u2019s money in these practises, and the potential to find information that helps infiltrate otherwise robust computing systems, as a recent College of Behavioral & Social Sciences cybercrime study found<\/a>.<\/p>\n Information concerning a target\u2019s browsing habits can become a malware-infested message designed and personalized to that user to deliver a higher chance of success in infecting the end user\u2019s machine to place an exploit that becomes critical to undermining enterprise security.<\/p>\n While it seems way too convenient that these revelations concerning a security flaw in the App Store model emerge just as Apple prepares to announce new mobile devices<\/a>, it seems unwise to dismiss them.<\/p>\n It is also apparent that while the news tarnishes Apple\u2019s security model, it\u2019s inevitable other platforms will also be experiencing covert data grabbing through otherwise innocuous apps.<\/p>\n Any responsible platform developer should already be taking robust steps to protect against this, including insistence that apps maintain strict (and transparent) data protection policy, as Apple now demands<\/a>.<\/p>\n This stuff matters. All the apps recently identified<\/a> as rogue by Malwarebytes<\/a>, Sudo Security<\/a> and security researcher, Patrick Wardle<\/a>, would (I think) have been breaking the new data privacy rules Apple now insists developers follow.<\/p>\n Not only this, but developers of those apps would have been required to take much more responsibility for any data they chose to exfiltrate, under Apple\u2019s new rules<\/a>.<\/p>\n Taking such information without securing a user\u2019s express consent is absolutely forbidden.<\/p>\n Apple CEO, Tim Cook has often stressed<\/a> the position that \u201cPrivacy to us is a human right, a civil liberty.\u201d<\/p>\n These days we should all recognise that the price of protecting such rights is eternal vigilance.\u00a0<\/p>\n The apps engaged in these practises should be seen as honey traps:<\/p>\n Adware Doctor, for example, promises something users want — to eradicate unwanted advertising online, but fails to inform them that it will grab browser histories to covertly send to unknown servers based in China.<\/p>\n The fact that the app was one of the top apps distributed at the App Store adds another layer of risk. We\u2019ve all learned that apps distributed through the store tend to be trustworthy. Apple must now apply much more strict security checks for any apps listed in the top 100 apps in any country at any store in future.<\/p>\n However, enterprise security chiefs must also educate users of this new emerging App Store risk and advise against installation of any relatively obscure app on any enterprise device<\/em> on any platform<\/em>, unless chosen from an approved list.<\/p>\n I mentioned gray IT: users will use third party solutions if they are better or easier to use than enterprise-provided apps. This means that enterprise security team must assess and verify the security of popular third-party apps used on their networks, as those apps will be used no matter how many memos are published. Best practise advice will be a far more effective response than top-down admonition against using such apps.<\/p>\n Google+?<\/strong>\u00a0If you use social media and happen to be a Google+ user, why not\u00a0join\u00a0AppleHolic’s Kool Aid Corner community<\/a>\u00a0and get involved with the conversation as we pursue the spirit of the New Model Apple?<\/p>\n Got a story? Please\u00a0<\/strong>drop me a line via Twitter<\/a>\u00a0and let me know. I’d like it if you chose to follow me on Twitter so I can let you know about new articles I publish and reports I find.<\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Jonny Evans| Date: Mon, 10 Sep 2018 04:53:00 -0700<\/strong><\/p>\n<\/p>\n