On November 18, Harvard University discovered a data breach of the information systems used by Harvard’s Alumni Affairs and Development office. Fox News reported that the breach was the result of a successful mobile phishing attack. Read here.
They went on to note that the attacker gained access to internal systems; which has now been removed by the university. This successful mobile phishing (mishing) breach is another unfortunate example that cybercriminals have moved to a “mobile-first attack” strategy as many organizations have left their mobile devices unprotected.
Mishing takes advantage of users' lowered vigilance on mobile devices compared to traditional laptops. More importantly, these mobile attacks bypass traditional desktop and network defenses, move laterally quickly, and pose substantial operational risks, as seen in this example.
Unfortunately, many organizations believe that they are protected by their MDM & UEM solutions. However, those solutions alone do not protect against mobile phishing, device and mobile app malware or rogue Wi-Fi attacks. (See more here).
While this incident occurred in higher education, the implications extend across every sector. Organizations whether in government, critical infrastructure, healthcare, financial services, and others face similar challenges: vast ecosystems of sensitive data, distributed workforces, and heavy reliance on mobile devices for authentication and access to sensitive corporate data and systems. In environments like these, a single mobile-driven social engineering attack can quickly penetrate traditional defenses, creating cascading risk across the entire enterprise.
Securing mobile devices from these attacks is accomplished through deployment of on-device mobile threat defense. Learn more about the mishing threat here.
