661  0 Kommentare FireEye Study Identifies Top Mobile Application Security Issues

"Today, mobile apps represent a significant threat vector for enterprises," said Manish Gupta, senior vice president of products at FireEye. "Worse, most enterprises have little or no information on mobile security risks nor any way to deal with an advanced attack on a mobile device. Our findings highlight the threat apps pose and why enterprises must implement a mobile security policy that focuses on applications."

The report identifies a new delivery channel for iOS malware that bypasses the Apple App Store review process. Attackers can take advantage of enterprise/ad-hoc provisioning to deliver malicious apps to end users, either through USB connections or over the air. FireEye researchers found more than 1,400 iOS apps publicly available on the Internet introducing variants of security issues, signed and distributed using enterprise provisioning profiles.

FireEye's analysis indicates that mobile users face risks on many fronts today including:

• Malicious apps that steal information once installed
• Legitimate apps written insecurely by developers
• Legitimate apps using insecure or aggressive ad libraries
• Malware/aggressive adware that pass Google Play checks and are thus assumed 'safe'
• Identity theft
• Premium rate phone and SMS fraud

Mobile devices are being adopted across the world as PC manufacturers see sales in PC's and laptops in decline as consumers choose simpler, lighter devices to make life easier. This evolution underscores, as Gartner recently recommended, that enterprises, "Abandon device-centric lockdown security models in favor of app-centric models." (Source: How Digital Business Reshapes Mobile Security, 11 February 2015, Gartner).

To view a full copy of the report please visit: https://www2.fireeye.com/WEB-2015RPTMobileThreatAssessment.html

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500.

© 2015 FireEye, Inc. All rights reserved. FireEye is a registered trademark or trademark of FireEye, Inc. in the United States and other countries. Android and Google Play are trademarks of Google Inc. Apple, iOS and App Store are trademarks of Apple Inc., registered in the U.S. and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Lesen Sie auch

Erwartungen übertroffen

Boom im Investmentbanking: Goldman Sachs überrascht mit starken Zahlen

15.04.24, 14:12

JPMorgan, Wells Fargo und Citi

Earnings der US-Banken: Zahlen kaum raus, trennt sich die Spreu vom Weizen!

12.04.24, 15:06

Vorschau

Das müssen Anleger vor dem Super-Freitag wissen!

11.04.24, 16:30

Brief an die Aktionäre

Ende für Öl und Gas? Dimon warnt: "Das ist falsch und naiv"

09.04.24, 13:18

Diskutieren Sie über die enthaltenen Werte

Verizon Communications

Aktie

Beitrage: 118

JPMorgan Chase

Aktie

Beitrage: 79

Splunk

Aktie

zur Diskussion