Following the news that a new malware has been discovered called Milkydoor that can turn an Android phone into a hacking tool to gain entrance to corporate networks. Michael Patterson, CEO at Plixer International commented below.
Michael Patterson, CEO at Plixer International:
“Every company that supports a Bring Your Own Device (BYOD) policy should be concerned by Milkydoor. As a first step, they should maintain an ongoing inventory of connected Android devices, and map that list to IP addresses. In many cases this can be done automatically with Network Access Control technologies. They should also review their access policy for these BYOD devices. In many cases, BYOD devices are segmented to a guest WiFi network Service Set Identifier (SSID), which typically limits the internal resources the devices can access. If these Android device are given access to the production network, then they would have access to any internal resources allowed within Active Directory (if using AD). Any organization allowing Android BYOD device access to internal server resources should be implementing Network Traffic Analytics (NTA) solutions with behavior analysis. Given that Milkydoor uses Secure Shell (SSH) to tunnel its traffic across the network, and most firewalls (by default) allow SSH traffic, there is high risk of cybercriminals gaining access to the company’s high value assets. NTA solutions monitor traffic to and from servers looking for anomalous behavior. Hackers may gain access to the server in a stealthy manner, but if they compromise a server and begin to launch attacks or exfiltrate data, NTA solutions can identify the abnormal activity and alert IT.”