Mobile security firm Lookout is urging enterprises to safeguard against a new mobile botnet that allows hackers to gain access to secure enterprise networks via infected devices.
Details of the malware – dubbed NotCompatible.C – were published by Lookout in a report released today.
NotCompatible.C works by giving attackers access to any network a compromised device is connected to, including corporate Wi-Fi and VPNs. The authors of this malware have orchestrated widespread dissemination through massive spam campaigns, aided by inadequate threat protection on mobile devices, the report states.
Lookout’s Kevin Mahaffey told Infosecurity that early iterations of the NotCompatible threat emerged in 2012, distributed via hacked websites or spam campaigns that turned mobile devices into a proxy, allowing hackers to bounce traffic through them. The large volume of activity through a widespread array of devices gave the traffic the appearance of authenticity.
“We wondered what would happen if a network proxy was brought into the enterprise and that’s a big deal,” Mahaffey said. “The same tool could be used to bypass all the perimeter security in an enterprise and access the soft, chewy network. This is the first part of an ATP – how attackers get internal network access.”
In its new ‘C’ variant, NotCompatible has acquired increased sophistication and several new capabilities.
“Instead of just talking to one control server, it has multiple control servers distributed around the world and also has the ability to do peer-to-peer command and control – which is substantial,” Mahaffey explained.
In addition, NotCompatible.C’s traffic is encrypted, meaning that any enterprise or network-based security system can’t block C&C traffic, and can’t identify it because it’s encrypted. Tens of thousands of devices have been affected, Mahaffey stated, and Lookout also encountered hundreds of organizations with devices that had experienced this malware on their network.
The company not yet analyzed traffic from infected devices on potentially targeted corporate networks – but has warned that this development should be of great concern to enterprises.
“Businesses used to rely on network-based security to identify and stop these threats and they’re now bringing in all these devices that are uncontrolled, such as BYO devices, as well as devices whose communication is not on the corporate network, it’s mobile to cloud.”
Firms are being urged to take early preventative measures to avoid a wide-scale NotCompatible.C network infiltration. Suggested strategies include implementing mobile threat protection and segmenting networks.