One of the common themes I’ve seen repeated over and over this year in the security world is the collaboration of malicious actors. Whether it’s via bytes on the Dark Web or cybercrime rings in the real world, there is no shortage of stories about attackers taking advantage of expertise and tools to find vulnerabilities and entries into your network to steal sensitive data. Add in the challenges in mobile application security and the disappearing network perimeter, and it’s game on for attackers.

It’s nice to imagine that security vendors and clients are united together in lockstep, weaving together intricate layers of protection like a complicated halftime marching band at an American football game. The reality is more a sad trombone falling flat. In my band experience, even if the brass section has their act together, missing a beat in the percussion section could throw everyone off their game.

The same holds true in security: Your network protection may be on point, but without mobile application security in lockstep, your network is vulnerable.

Band Camp for Attackers

There are lot of tools and automation techniques available to find common application vulnerabilities susceptible to attacks like SQL injection (SQLi) or cross-site scripting (XSS), which are highlights on the Open Web Application Security Project (OWASP) Top 10. In the recent “The State of Mobile Application Insecurity” study, more than half of respondents believed XSS in mobile apps will increase over the next 12 months.

In an effort to aid application developers, organizations like OWASP provide open-source black box testing tools, but these tools are also leveraged by attackers to find and exploit flaws. Attackers are creative; they harness these and other toolkits, enhance and repackage them, and then sell them on underground black markets to other attackers to potentially infiltrate your network and steal data.

Malware-as-a-service isn’t new; many security firms, including IBM X-Force malware researchers, started reporting incidents of these toolkits more than four years ago. The industrialized revolution of cybercrime is providing over-the-counter botnets, distributed denial-of-service (DDoS) software and other polymorphic malware for less experienced cybercriminals. Malware toolkit enhancements are even being crowdsourced as attackers fund and vote for new features in a community forum, which was the case with the Citadel malware earlier this year. The Dark Web is the practice field — a place to gather and refine their craft.

Know the Drill for Mobile Application Security

While the OWASP tool site offers over 50 tools for testing common vulnerabilities, many organizations lack either the resources or expertise to take advantage of these and improve the security of their applications. In that same Mobile Insecurity study mentioned above, only 41 percent of respondents said their organization had sufficient mobile security expertise — not exactly news we want trumpeted from the rooftops.

Join the Nov. 17 webinar to get the the 411 on Mobile App Sec Testing for ios

Sometimes, however, the good guys do build a tool that helps. In 2014, a researcher at CERT/CC created a tool named “Tapioca” to help automate testing of Android applications as a virtual machine preconfigured to perform man-in-the-middle (MitM) testing and analysis. In the course of the analysis, thousands of disclosures were made for individual applications vulnerable to these MitM attacks. Although the apps were all different, the same fix was required to correct fundamental vulnerabilities.

Developers need more of these same types of tools to help find and remove vulnerabilities before attackers exploit them.

#CoverYourApps Before Someone Else Uncovers Them

The problems facing mobile security aren’t limited to Android apps. To learn more about how to “cover your apps,” register to attend the security webinar on iOS devices titled “The 411 on Mobile Application Security Testing and Runtime Protection for iOS Applications.”

Just because Android applications make more noise when it comes to reported vulnerabilities doesn’t mean iOS apps are safe. Watch the webinar to learn how to protect your growing portfolio of mobile applications and keep the band in step.

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…