tashka2000 - Fotolia

Polish companies come around on mobile safety

Polish companies have been the target of many mobile attacks, as Krzysztof Polak investigates

The number of mobile attacks on companies in Poland is constantly growing, according to experts, with each attack exposing the need to build better protection against mobile threats. 

At the beginning of 2015, the Central Statistical Office of Poland announced the number of mobile internet users had increased by nearly one million from the previous year. In contrast, the number of subscribers using internet delivered by cable rose by only 70,000-75,000. 

The vast majority of internet users – nearly eight million – access the web via a fixed-line connection, while more than three million use wireless transmission. In the next five years, however, this ratio may be reversed as telecommunications operators try to modernise their networks and develop the long term evolution (LTE) offering.

Almost half of small and medium-sized enterprises (SMEs) in Poland have employees who use their private IT equipment at work, according to the Ipsos Mori report Modern IT in SMEs, commissioned by Microsoft in 2014. Those who decide to use personal equipment at work mostly reach for laptops (57%), mobile phones (55%), smartphones (48%) and tablets (20%).

“An important part of business life [involves connecting to the] network, so crime also moves there,” said Piotr Muszyński, vice-president of Orange Poland. Around 40% of internet traffic in Poland comes from users serviced by the mobile network operator.

Smartphones and tablets are still the weakest link of security actions, both for companies and for private users. The number of attacks on mobile devices will continue to grow,” said Muszyński.

IBM Poland's security services manager, Mariusz Żogała, said the mobile channel is a prime target for cyber criminals. 

Read more about technology in Poland

“Protective mechanisms of a technical nature have to be implemented to protect users from attacks, but each user should be well educated so they can’t facilitate criminal practice through their actions,” he said. 

Almost half (46%) of the respondents to the Ipsos Moro research declared their organisation had formal security policies regarding bring your own device (BYOD), and 43% indicated they were not permitted to use personal devices at work. Yet 50% of organisations surveyed said they did not have any control over business data transferred to employees' personal devices. 

“If half of companies do not control external data transfers, it is a source of serious danger. Last year, as well as recently, there were some massive data leaks in several well-known companies in Poland, and intensification of attacks on mobile devices is predicted for 2015,” said Andrzej Miłosz, head of system solutions at Asseco BS. 

“Malware targeting mobile transactions is increasingly popular,” he added. “The main threats include RAM scraper, which makes mobile payment devices a tool for stealing money, or any kind of ransomware that blocks a mobile device and restores it to function only after payment of ransom.”

Waves of cyber attacks on banks

Smartphone and tablet users fascinated by the functions of their device often forget that, along with their benefits, such devices also pose a serious threat to data protection. 

“When mobile tools previously unknown to network administrators gain access to critical business resources, then it is a true risk,” said Łukasz Formas, main pre-sales engineer at Integrated Solutions. 

Malicious software inside a mobile terminal can be a tool for data theft or stealing money from bank accounts, and can make mobile devices an instrument centre of distributed denial-of-service (DDoS) attacks or spam mailings. 

“Applications from unreliable suppliers may contain additional features that allow third parties to take control of the device and other mobile applications,” said Miłosz. 

According to ABB mobile systems architect Łukasz Luzar, fast-evolving business models pushed telecoms operators to sign agreements with banks to create integrated financial services for mobile users. 

In early 2014, Orange Poland signed an agreement with mBank. 

Orange Poland, which has more than 15 million clients, and mBank, one of the biggest banks in Poland, created Orange Finanse, a mobile retail bank for mobile device users, offering accounts, credit cards and mobile payments, along with additional communications services from Orange. 

Soon after the agreement, however, Orange Poland and mBank were targeted by a cyber attack. 

“Attacks on mobile banking users are often based on accessing the backup configuration and swapping the domain name system (DNS) to direct traffic to fake websites of banks. In 2015, the severity of the problem has already been observed and announcements are not optimistic,” said Adam Tymofiejewicz, senior technology business manager at Comarch. 

One of the first of these attacks targeted people using internet provided by Orange. 

“Equipment from Orange sales networks was secured against the attacks. The threats came from equipment bought on the open market, which is used by many of our customers,” said Orange Poland's Muszyński.

Securing internet access

The computer emergency response team (Cert) of Orange Poland immediately took counter-action in strict co-operation with the bank. Fake DNS addresses that directed users to unofficial e-bank websites were blocked, but the scale of the threat during the process of DNS blocking was impossible to estimate. 

After eliminating the fake addresses, the number of clients who contacted customer services to report a lack of internet availability increased dramatically. 

The Cert found the hacker attack had been made possible by equipment purchased by customers outside the Orange sales network. Unauthorized devices had security holes that allowed hackers to change DNS addresses to false addresses. 

Blocking these addresses was the first step in protecting customers against cyber attacks, and the Cert soon developed a way for Orange customers on infected devices to access the internet securely. 

“A 'sinkholing’ procedure was carried out, which relies on redirecting traffic to the IP addresses of Orange DNS servers, with simultaneous analysis of malicious traffic,” said Muszyński. 

“It allowed Orange customers with modified DNS addresses to regain access to the internet. Our engineers redirected infected users on a dedicated website, with a warning about the threat. They also gave users a tool with instructions to enter the correct configuration parameters in devices, which helped to minimise risks,” he said. 

The Cert estimated the number of Orange customers potentially affected was 94,000, and the number of affected devices was 44,000.

Methods of mobile threat prevention

So how should companies in Poland defend themselves against dangers arising from the rise of the BYOD trend? 

Generally, the elimination of mobile attacks on a company is achieved by ensuring mobile devices require special permission to access the corporate network, which can be given only by a network administrator. Another important aspect is the implementation of a control mechanism over this traffic. 

Security-conscious companies build their own centres of security to protect data replicated from company resources on mobile devices. 

Each user should be well educated so they can’t facilitate criminal practice through their actions

Mariusz Żogała, IBM Poland

“We advise our clients to organise their own security operations centres (SOC) and enter into collaboration with external specialised suppliers, such as Nask, Cert or Poland's internal security agency (Agencja Bezpieczeństwa Wewnętrznego),” said Żogała. 

“Using specialised applications, such as IBM Fiberlink MaaS360, the network administrator can plug mobile devices into it and set controls. This limits the user’s freedom, but the device is configured with the company’s resources in accordance with security principles,” he said. 

A company's data resources can also be protected through the use of cloud services

“Remote monitoring of corporate networks is provided, among others, by IBM. Our largest centre of this kind in Europe is located in Wrocław, and is one of 10 IBM security operations centres in the world co-operating with each other. They provide cloud security services to companies,” said Żogała. 

The best results are achieved by using several security layers, not only on mobile devices, but also across the network infrastructure. 

“We help our customers implement wireless security systems IPS, built–in wireless network. Efficient user authentication systems can detect the type of mobile terminal and, on this basis, allocate permissions to access corporate network resources,” said Andrzej Sawicki, information systems architect at HP. 

“Companies also reach the most advanced security mechanisms, such as HP Network Protector, that. They are designed to give deeper security to the access layer of the network,” he added. 

Advanced software-defined network (SDN) applications control DNS queries that come from client devices trying to get access to corporate networks. 

“OpenFlow is an open communication standard that enables administrators to use innovative protocols or applications in the wireless networks a company uses every day. OpenFlow protocol makes an edge network switch forward a packet of DNS queries to the SDN controller,” said Sawicki. 

“The application has a reputation database (RepDV) built in, which is constantly updated. If the DNS query relates to a domain that is signed in database as belonging to a botnet, traffic will be blocked on access switch, and the administrator is automatically informed about the incident,” he said. 

“The entire feature perfectly complements the intrusion prevention system (IPS) and is especially suitable for a wireless local area network (WLAN) environment, which the administrator does not control over clients’ devices,” he added.

Read more on Privacy and data protection