We are familiar with the phishing threats that make email security a non-negotiable part of any organisation’s defensive posture. But has your company thought about using a cloud access security broker (CASB) to protect against dangerous cloud applications?
It is not just carefully crafted fake emails that can trick employees into giving away critical passwords or other sensitive data.
A recent incident involving the Google Play store highlighted the risk posed by malicious apps set up to steal passwords, serving as a reminder of the need to combine web security with defensive protections.
At the beginning of July 2021, Google removed nine apps from the Play Store that had been
harvesting users’ Facebook passwords.
These honeytrap apps offered users the ability to switch off adverts by logging into their Facebook account. Yet this was a trap. Although the apps used a genuine Facebook logon page, they also loaded JavaScript from a command-and-control server which was “directly used to hijack the entered login credentials”.
The scam was discovered by security researchers at Doctor Web, who found that the malicious apps included photo-editing software, a horoscope service and a fitness app. These trojans had been downloaded almost six million times.
“Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts,” researchers wrote.
“However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.”
The Google Play incident is a wakeup call. You could train your staff to recognise a phishing email and use MFA to protect user accounts, but all that hard work could be undone by one person who downloads a booby-trapped horoscope app and allows attackers to steal a password.
This incident made us think of the threats posed by cloud apps – software which runs in the cloud and is accessed online.
The world is now totally reliant on cloud applications, from Dropbox to Microsoft 365. These apps have powered our move from office-based working to remote or hybrid models. Which means they need to be carefully protected.
What is CASB, what does it stand for and how can it protect my business?
A Cloud Access Security Broker (CASB) enables organisations to discover, analyse, secure and manage user interaction with cloud applications.
A fully featured CASB solution can protect your modern mobile workforce, offering complete visibility and control.
Why Do I Need CASB?
CASB technology is the outcome of increased cloud adoption and the subsequent need to secure cloud services. A CASB provides granular visibility and control over specific user activities and sensitive data.
According to Gartner, the Cloud Access Security Broker market can be defined as “products and services that address security gaps in an organisation’s use of cloud services. They deliver differentiated, cloud-specific capabilities generally not available as features in other security controls such as web application firewalls (WAFs), secure web gateways (SWGs) and enterprise firewalls.”
The Censornet Web Security and CASB solution is fully integrated with the Censornet Platform that includes Email Security and Multi-Factor Authentication.
Our Platform also provides a single web interface for central policy configuration and management, as well as data visualization and reporting.
We cannot promise that none of your employees will download a dodgy fitness app, but we can protect your cloud apps to make sure remote or hybrid working is as safe as it can be.
Make sure you find out about the Four Pillars of CASB
