How the Everywhere Enterprise has changed the threat landscape
Gartner recently coined the term, “Everywhere Enterprise,” to describe the distributed modern enterprise, in which employees, IT infrastructures and customers are everywhere. In the Everywhere Enterprise, data resides everywhere, work takes place everywhere and employees communicate with customers everywhere. And mobile devices provide access to everything, putting them at the center of the Everywhere Enterprise.
While many organizations have been leveraging cloud-based services, embracing remote work, and selling to global customers for years, the COVID-19 pandemic has greatly accelerated the Everywhere Enterprise model of work. It has also amplified the changing threat landscape, driving an increase in cybersecurity attacks on mobile devices.
Take, for example, the recent high-profile Twitter hack. This is an interesting hack that underscores the rise in mobile phishing attacks, the problem with passwords, and the minimal amount of mobile security that organizations have in place today. It also shines a light on the security challenges posed by the Everywhere Enterprise, as Twitter’s new fully remote-work situation created an ideal environment for the hackers to succeed.
In this case, a 17-year old man by the name of Graham Clark used basic hacking techniques to gain access to Twitter’s internal support tools, take over the accounts of celebrities and world leaders, and perpetrate a Bitcoin scam. He started by calling a Twitter employee, convincing that person that he was a colleague, and tricking them into sharing user credentials. He could have said that he was having trouble working from home and getting access to some systems, and then convinced the employee to hand over credentials so he would be able to get in and get his work done.
He then used a technique called SIM swapping to spoof the Twitter employee’s phone number. After calling the Twitter employee and stealing their credentials, he called a phone carrier and impersonated that Twitter employee. He likely gathered all the information he needed to validate who he was claiming to be from social media. He convinced the customer support representative to re-route the employee’s phone number to his device. That way, when Twitter sent a SMS one-time password (OTP), which is a very common form of multi-factor authentication (MFA), he was the one who received the text.
And then once he was in, he launched phishing attacks on other Twitter employees with access to account management tools, in order to steal their user credentials and elevate his position within the company. As Twitter is an Okta customer, Graham spoofed Okta’s landing page and then sent messages to Twitter employees that included links to the legitimate-looking Okta landing page in a ploy to trick them into entering their usernames and passwords. When anyone typed in a username and password, and then clicked enter, he got their credentials.
So, how do you protect users and data in the Everywhere Enterprise, where traditional perimeter-based security is no longer efficient? MobileIron offers three key solutions, all of which could have potentially helped in Twitter’s scenario. First and foremost, MobileIron’s unified endpoint management (UEM) solution ensures that devices that are connecting to corporate applications and data are connected to environments that are known and trusted. MobileIron UEM validates every device, establishes user context, checks app authorization, and verifies the network, before granting secure access to a device or user. This allows for continuous enforcement and protection of data, both on the device and on the network.
Next, companies can build upon MobileIron UEM with MobileIron Threat Defense (MTD), which includes advanced anti-phishing capabilities. In Twitter’s case, MTD could have prevented employees from ever getting to the spoofed Okta landing page. MTD offers on-device and cloud-based phishing URL database lookup to detect and remediate phishing attacks across corporate email, text and SMS messages, instant messages, social media and other apps that enable link sharing.
Last, but not least, MobileIron’s Zero Sign-On (ZSO) solution adds in conditional access, which can detect if a device is not a Mobileiron-registered device or if the environment does not have MTD running on it, and block access to a system. ZSO also includes passwordless MFA, which turns a secure mobile device with biometrics into the user ID and eliminates the need for passwords, including SMS OTPs.
In conclusion, the Twitter hack could have been stopped from a severity perspective in many ways using a mobile-centric security platform. Moving forward, every company needs to rethink its security strategy to focus on the technology at the center of the Everywhere Enterprise: mobile devices. A zero trust security approach can provide the IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data, while optimizing end user productivity.
To learn more, contact a MobileIron sales representative.
Listen to the full MobileIron Musings episode with Alex and subscribe for more.