Phishing and Ransomware: Connecting the dots!

Phishing and ransomware. Ransomware and phishing. The two are inextricably connected. Phishing is the number one delivery mechanism for getting malicious exploits, including ransomware, onto mobile devices. Advanced persistent threat actors are now chaining sophisticated exploits to not only grab user credentials, but also redirect victims to phishing websites where they unknowingly download malware onto their mobile devices. There are news stories about ransomware attacks almost on a daily basis against healthcare providers, public schools, and government agencies.

You might think, “Ehh, that can’t happen to me!” Think again!

What is phishing?

Humans are the weakest link in the cybersecurity kill chain. Threat actors can easily trick and deceive you into divulging your username and password using sophisticated social engineering attacks. C-level executives are often targeted. Even seasoned security practitioners easily fall victim to these quickly evolving and morphing attacks.

The most common phishing attack vectors are email and email attachments, text and multimedia messages, and ad networks; these can all be used to persuade you to tap onto a hyperlink to an official- looking website. That link will then redirect you to a malicious website to harvest your user credentials, and then potentially drop, install, and execute a malicious payload onto your mobile device or within running random access memory used by fileless malware.

What is ransomware?

Ransomware is malware whose sole purpose is to extort money from you. Once your user credentials are known via phishing attack, threat actors can then grab additional valuable information on your mobile device, then escape the device and move laterally onto connected network nodes in search of additional critical data to steal. Afterward, they can then block or encrypt your data, before sending out a ransom note, usually expecting payment in cryptocurrency to allow you to unblock or decrypt your data.

We wrote about ransomware back in the day! Wow, over 4 years ago!

The threat actor has to be correct only one time to be successful, but the CISO and his or her security team must be correct 100% of the time!

How can you and your company fight back?

A multilayered or multi-tiered security approach is warranted. First you need an always-on detection and remediation solution on your mobile device to provide protection within limited internet connectivity restricted networks, or while connected to a risky WIFI network. And that on-device database has to be updated frequently.

Then a cloud-based URL lookup service that uses machine learning to protect your entire device and its contents is required. Cloud-based databases employ multiple real-time crowdsourced phishing feeds and are updated more frequently to immediately block the up to 5,000 known malicious domains and websites that get spun up and down every day!

This is then augmented by network-level detection using DNS servers that automatically block additional malicious domains and websites using their threat intelligence sources. Public DNS servers from OpenDNS, Quad9, Cloudflare, and Google provide this capability, and can be pushed to mobile devices and laptops via DHCP at work or on a home wireless router.

The Chrome browser enables safe browsing by default. Chrome, Edge, and Firefox browsers also have phishing protection capabilities that can all be pushed by UEM and silently installed onto your managed mobile devices and laptops.

MobileIron’s mobile phishing protection is part of MobileIron Threat Defense (MTD). MTD provides additional protection from app threats like browser-based attacks, leaky apps and malware; network threats like IP, TCP, or UDP reconnaissance scans, connecting to risky WiFi, and Man-in-the-Middle attacks; and device-level threats like jailbreak and root, as well as elevation of privilege exploits like remote code execution (RCE) or local privilege escalation (LPE) attacks against vulnerable firmware, apps or operating systems.

And the beauty of our solution is the threat detection engine is built into our unified endpoint management (UEM) client within a single app that is automatically enabled and starts protecting the device after successful enrollment to MobileIron Core or Cloud! This single app solution achieves 100% user adoption, as opposed to requiring a second app that must be downloaded, installed, and then activated to the threat defense portal. Those solutions achieve around 27% user adoption success rate.

MobileIron’s UEM and intelligent Access gateway can also deploy and enforce multi-factor authentication (MFA) without passwords, and employ live scan and intent biometrics and one-time time-based tokens, as two or more of those authentication factors. No passwords mean no credentials can be phished!

The MobileIron Tunnel client can also be configured and deployed to managed mobile devices for per- app VPN. Per-app VPN removes the threat of users being redirected to malicious websites and unknowingly downloading drive-by malware. Split-tunnel VPN deployments allow the mobile device user to connect to the corporate network and surf the insecure internet at the same time via that split- tunnel connection. Per-app VPN solves this by only allowing the specific corporate approved app (as opposed to malware) and its associated traffic through the secure tunnel and connection to the MobileIron Sentry or Access gateway, and then finally to the on-premises, data center, or cloud-based corporate resource.


Lastly, privacy is also very important. MobileIron’s Enterprise Everywhere security solution, by default, does not track your location or store your location data, and does not look at or store your browsing history. MobileIron also does not share personally identifiable information (PII) with third-parties and strictly adheres to GDPR and CCPA guidelines.

To learn more, click here to register for a series of upcoming webinars.

James Saturnio

James Saturnio

Senior Lead Technical Market Adviser at MobileIron

About the author

James Saturnio is a Senior Lead Technical Market Adviser at MobileIron. He immerses himself in all things cybersecurity and has over 25 years’ experience in this field. He has been with MobileIron for over 6 years, and previously worked at Cisco Systems for 19 years. While at Cisco, he worked as a TAC Engineer, and then as a Technical Leader for the Security Technology and Internet of Things (IoT) business units. He was the main architect for the IoT security framework that is still being used today by Cisco’s IoT customers.