Video: A Phishing Attack Inside a Productivity App

May 12, 2015
Comment

Opening web links received by email can be problematic. They’re mostly safe, but sometimes they’re not. Sometimes emails take you to malicious websites, waiting to steal your login or credit card information. Sometimes the intention is to infect your computer or corporate network with malware, spyware or ransomware.

If you work for a Government agency or a large enterprise, you probably have some form of network-based protection against these malicious attacks. But if you use a productivity service for internal communication, the chances are, your corporate information may be exposed to cybercriminals due to the lack of in-app security offered by legacy security companies.

This video demonstrates how easy it is for malicious websites to target organizations that use a productivity service. The app opens the AOL phishing site inside the app WebView – even though it is a known phishing site and blocked by all mainstream desktop browsers.

Apps use a ‘WebView’ so you don’t need to close the app in order to open a site using the native browser. Incidentally, mainstream mobile browsers don’t offer any protection either.

The video also demonstrates how an app with built-in security blocks the very same website from loading – thereby protecting your personal and corporate information from being stolen. (Ignore the actual text used on the warning page – it needs to be updated with a message that is phishing-specific).

Some people say the new trend of productivity services will completely replace email, while others say it significantly reduces their reliance on email. So, if people are going to use an alternative solution for communication, cybercriminals are likely to find a way to hack these alternatives with the goal of stealing sensitive corporate information.

While employees have some form of protection when accessing productivity services at work, they have little to no protection when they’re not connected to their corporate network – which in reality, is a lot of the time.

According to a global survey of CIOs by Gartner, Inc.’s Executive Programs:

Enterprise bring your own device (BYOD) programs continue to become more commonplace, with 38 percent of companies expected to stop providing devices to workers by 2016. Full report.

Incumbent security firms provide email filtering services, network-based filtering and mobile security apps. But none of them offer security solutions that protect end-users using these productivity apps while disconnected from their corporate network. More specifically, productivity services that have the ability to display websites inside their mobile apps – rather than opening a native mobile browser, expose end-users to malicious threats.

If email is generally considered legitimate and trusted traffic and is therefore allowed into the network. And phishing attacks are successful because employees click on them even when emails are obviously suspicious, imagine how easy it would be for attackers to gain access to your productivity service and then go spear phishing. Employees trust links inside apps way more than they do in emails and they trust links inside productivity services that are supposed to be closed, more than they do other apps on their mobile device.

So, is this a massive potential security threat for everyone using a productivity app on a mobile device today? No, it’s not. But it’s a potential threat for large enterprises and Government agencies waiting to happen, as cyber attacks increasingly become more sophisticated by targeting specific individuals who work for specific organizations.

This type of attack is not limited to the productivity app shown in the video. It’s a problem across all productivity apps. In fact, it’s a problem across all apps that have the ability to display webpages – that’s a few million right now.

The solution in my opinion, is for productivity services to offer customers the option of adding security to their accounts, by blocking malicious links from being distributed on throughout their account. This is a security solution on the app-layer. This would ensure employees are protected at all times – across all wifi and cellular networks.