the state of cyber security in 2020

let’s get an overview about actual threads in 2020 – especially regarding spaming, phishing, whaling, vishing, etc.

30,000% increase in #COVID19 threats

The Evil Internet Minute 2020

as Jack Johnson already sang “Well I was sitting, waiting, pishing” … *just kidding*

phishing

is the primary way malicious actors trick people into downloading malware, which ultimately can allow attackers to access their organization’s network and steal sensitive corporate data

alongside with COVID19 phishing raised in importance and is further growing

since then google added proactive monitoring in place for COVID-19 related malware and phishing – 63% of the malicious docs blocked and block more than 100 million phishing emails per day with Machine Learning

Safari/iOS

it’s Safe Browsing feature also use Google, but be aware that “These safe browsing providers may also log your IP address”

Screenshot from Safari Setting at iOS

chrome

since a hyperlink doesn’t always target the name of the link, often pointing to another website URL

<a href='https://attack.com'>https://safe.com</a>

chrome is experimenting to easy spot spoof to determine the identity and authenticity of a site @blog

android

an example: an android app offers Coronavirus Safety Mask but delivers SMS trojan @zscaler

machine learning

“ML is rapidly becoming core to organizations’ value propositions (with a projected annual
growth rate of 39% for ML investments in 2020)” and it’s only natural that organizations
invest in protecting their crown jewels – Cyberattacks will further ultilize Artificial Intelligence (AI) @Microsoft Digital Defense Report

spear phishing vs. whaling

more tragetet with a reference to company, project or proposal – while whaling targets CEOs, CFOs, and other executives to gain access or steal bitcoin, with reported success rate up to 90% – even froms attackers that “not extremely technically advanced” @decrypt

new domains aren’t blocked and look as from corporate @zscaler

vishing

“criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information” targeting remote workers with social engineering and fake VPN page – the FBI warn in an Advisory

ransomware

it has been sneaking into our world at a remarkable rate, huge increase in the daily average of ransomware attacks, compared to the first half of the year – parallel is malware 39% down overall … “but trending upward”

Denial of Service

25% increase during the pandemic lockdown – unprecedented number of shorter, faster, more complex attacks – Hidden Impact: consume payed bandwidth & throughput

stay secure and healthy – both private and business

… use 2-Factor-Authentication

switch to modern authentication – sms as second factor is insecure

not only since twitter ceo jack dorsey was a victim with activated additional sms authentication for it’s account – now twitter disabled “temporarily” the ability to tweet via sms …that phone numbers and sms’s were not designed to be used as two-factor authentication systems, as they are insecure. Fabio Assolini, Senior Security Researcher at Kaspersky…

by matthias mader 9. September 2019

iOS client certificate authentication or iOS13.5 – the real important fix

“Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.”

https://nvd.nist.gov/vuln/detail/CVE-2015-1129#VulnChangeHistoryDiv

Impact: Users may be tracked by malicious websites using client certificates

Description: An issue existed in Safari’s client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates.

security content of iOS 9 @apple

deal of the day – mirror iOS to chromecast

today for free – mirror your iOS device even to chromecast, no need to connect an apple tv your probably already chromecast buildin tv – a lot apps also include chromecast – tab logo to appstore

---

---

read more about mirroring, casting, streaming and other possiblities to utilize mirroring

share everywhere – cloud clipboard and others handle your content

working with different devices and handling with content could be quite tricky – use the cloud-based clipboard to copy and paste images and text across devices

windows

in it’s may 2019 update, select start  > settings  > system  > clipboard , and then use the toggles to turn on both clipboard history and sync across devices. you can also press the windows logo key +V as a shortcut to easily access your clipboard – what’s also new in current windows update

to share just websites you could use continue on PC from mobile devices

apple

use Universal Clipboard with any Mac, iPhone, iPad, or iPod touch – read requirements here – sign in with your apple id, enable bluetooth, enable wifi and enabele handoff – copy the text, image, or other content content – is automatically added to the clipboard of your other nearby device

android

google’s device doen’t offer any buildin feature like cloud clipboard – between android you could use blueooth or ncf to share data

other android oem implent it’s own technology, like Huawei Share as an immediate file transfer tool just between Huawei mobiles, using bluetooth connection and wifi direct technology

on Samsung Galaxy phone utilize Direct share feature as a pipeline for instantly sharing photos, videos, and more

mixed

to share data between difference devices and vendors it’s quite tricky, the way touse to any of the following 3rd party services like OneNote, Google Keep or Pushbullet – additionally your able to enrich your content that copied with style and format

• 

  OneNote

• 

  Google Keep

• 

  Pushbullet

fortunately, there several option and a lot more apps available for android or in chrome webstore – but with all of it’s possiblity …

keep security and trust of your data in mind

mobile os version in 2019

with over 2 billions of android device world wide running android but with a large version fragmentation, google is acting with project treble to push faster updates, for enterprise recommended devices has to push security update within 90 days – attached current version spread of android versions

firstclass support for it’s iOS devices, good choise in regarding return of invest – my 5 years old test device iPhone 6s already updated to the current iOS13

.. and even new releases got a great adoption rate for apple devices, already half of all iOS devices running the latest release

• 

• 

kaiOS quietly gained to one of the most used mobile operating system, it bridges the gap between feature phones and smartphones

current bundle id’s of iOS devices

the bundle id’s of apple current ios 13 are useful to sort icons in homescreen layout or to block dedicated app for supervised iOS devices

Activity	com.apple.Fitness
Apple TV Remote	com.apple.TVRemote
AppStore	com.apple.AppStore
Books	com.apple.iBooks
Calculator	com.apple.calculator
Calendar	com.apple.mobilecal
Camera	com.apple.camera
Classroom	com.apple.classroom
Clips	com.apple.clips
Clock	com.apple.mobiletimer
Compass	com.apple.compass
Contacts	com.apple.MobileAddressBook
Facetime	com.apple.facetime
Feedback Assistant	com.apple.appleseed.FeedbackAssistant
File	com.apple.DocumentsApp
Find Friends	com.apple.mobileme.fmf1
Find iPhone	com.apple.mobileme.fmip1
Find My	com.apple.findmy
GarageBand	com.apple.mobilegarageband
Health	com.apple.Health
Home	com.apple.Home
iCloud Drive	com.apple.iCloudDriveApp
iMovie	com.apple.imovie
iTunes Store	com.apple.MobileStore
iTunes U	com.apple.itunesu
Mail	com.apple.mobilemail
Maps	com.apple.Maps
Messages	com.apple.MobileSMS
Measure	com.apple.measure
Music	com.apple.Music
News	com.apple.news
Notes	com.apple.mobilenotes
Phone	com.apple.mobilephone
Photos	com.apple.mobileslideshow
Photo Booth	com.apple.Photo-Booth
Podcasts	com.apple.podcasts
Reminder	com.apple.reminders
Safari	com.apple.mobilesafari
Settings	com.apple.Preferences
Shortscuts	com.apple.shortcuts
Stocks	com.apple.stocks
Tips	com.apple.tips
TV	com.apple.tv
Videos	com.apple.videos
Voice Memos	com.apple.VoiceMemos
Wallet	com.apple.Passbook
Watch	com.apple.Bridge
Weather	com.apple.weather

you may also interessted in

it`s getting dark out there

dark modes raises in every corner, either to save battery life or better for your eyes – fresh released android 10 as well

reddit, slack, ios, gmail, chrome, windows and many more …

• 

• 

• 

• 

whole new iOS13 with more privacy in enterprise

tim cook recently spoke about user data and privacy, while criticizing technology companies, like google or facebook

iOS is enterprise’s first choice for mobile activity, egnyte‘s enterprise insight showed a clear weighting and content is getting more more mobile

the biggest change since iOS5 introduced supervised devices and open-in management debuted in iOS7

iOS 13 will available in fall 2019 – since google is pushing hard with android enterprise to fit business needs, with it’s buildin containerization based on samsung’s KNOX – iOS 13 provide more granular security and better privacy restriction

enrollment methods

there are already rolled out thousands of iOS devices with either manually installing a mdm profile (uamdm) or centralized with device enrollment program (dep) to get the device under control of a unified endpoint management (uem) – additionally you can enable your iOS device as supervised either while dep enrolled or via apple configurator connected to a mac

newly added – user enrollment – previously an administrator of a managed device was able to retrieve the installed apps, remove the passcode or wipe the entire device – at least the privacy controls of the registered uem prohibit this features to individuals – with user enrollment there are huge improvements to the users privacy

• user needs to login with managed apple id
• uem unable to retrieve device information like IMEI, serial or mac address
• private apps aren’t reported to uem
• no control about device passcode or to wipe the entire device
• still the configuration of wifi, vpn or exchange accounts will available
• other existing restrictions reserved for supervised devices, see listing below

restriction changes

• allowSafari, available since iOS 4, require supervised device as of iOS 13
• allowVideoConferencing, available since iOS 4, require supervised device as of iOS 13
• allowWiFiPowerModification, available for supervised iOS 13 devices
• safariAllowAutoFill, available since iOS 4, require supervised device as of iOS 13
• allowAddingGameCenterFriends, available since iOS 4.2.1, require supervised device as of iOS 13
• allowAppInstallation, available since iOS 4, require supervised device as of iOS 13
• allowCamera, available since iOS 4, require supervised device as of iOS 13
• allowCloudBackup, available since iOS 5, require supervised device as of iOS 13
• allowCloudDocumentSync, available since iOS 5, require supervised device as of iOS 13
• allowCloudKeychainSync, available since iOS 7, require supervised device as of iOS 13
• allowContinuousPathKeyboard, available for supervised iOS 13 devices
• allowExplicitContent, available since iOS 4, require supervised device as of iOS 13
• allowFindMyDevice, available for supervised iOS 13 devices
• allowFindMyFriends, available for supervised iOS 13 devices
• allowiTunes, available since iOS 4, require supervised device as of iOS 13
• allowMultiplayerGaming, available since iOS 4.1, require supervised device as of iOS 13

read a full list of apple’s device management restrictions here

Sign in with Apple vs. managed Apple ID

while sign in with apple is the approach to to compete with google or facebook as a identity provider (idp) for external services, for business on the other hand managed Apple IDs were so far to manage functions of Apple Business Manager, since WWDC 2019 it’s necessary to register with user  enrollment, enterprise create additional account’s for byod user to add to their device, keeps data completely separated between both accounts, hopefully compared to now:

iPadOS

along with iOS13 apple separate to path between iPhone and iPad with a standalone OS, finally iPadOS can provide more feature to the tablet, a classic desktop replacement could possible – view the demo below

stay tuned for final release around mid-september with likely new 2019 iPhone

---

• deal of the day – mirror iOS to chromecast
• share everywhere – cloud clipboard and others handle your content
• mobile os version in 2019
• current bundle id’s of iOS devices
• it`s getting dark out there
• whole new iOS13 with more privacy in enterprise
• windows 10 is (still) mobile
• downgrade beta
• apple adds more barriers to increase security
• progressive web apps

windows 10 is (still) mobile

by the end of this year microsoft will end the support for windows 10 mobile on december 10 2019, the october release 1709 was the last update back in 2017

since microsoft wasn’t able to get a markable footprint in mobile business, windows phone failed, relaunched a windows 10 mobile .. there are still ways to combine windows 10 and mobile

launcher 10 – android launcher

i was a huge fan of windows 10 mobile and it’s live tile design, but missing enterprise features und apps forced me to look for other opportunities

launcher 10 offers the beloved windows phone design for android smarthphones as seaperate launcher, sort and resize your tiles including a paid feature of live tiles

live tiles are deprecated of microsoft, and microsoft missed to remove all refences, so it’s possible to do a sub domain tack over, the the service is still online http://www.buildmypinnedsite.com/

your phone app companion

every windows 10 embed a feature to connect your ios or android phone to be able to remote use features like sending messages or access media remotely from your device or synchronize file changes between devices

with is current windows 10 insider preview build 18885 (20H1) microsoft added notification for android devices – stop reaching for your phone to check your with features like

• see incoming phone notifications in real-time
• view all of your phone notifications in one place
• customize which notifications you want to receive
• clear notifications individually or all at once

read more about productivity with a second screen

3rd party services

other apps like airdroid pushbulltet, mightytext and others offer the also the ability to compose and receive messages from desktop , transfer files without a wired connection and for sure receive push notifications directly from device – additionally
possible within your browser, independent from your platfrom os or even device with when using a webservice

apple

if your using an apple device you’d probably own a mac and should use features like
universal clipboard, make calls with your mac, send and receive messages or handoff immediately between devices where your stopped before, everything connected to icloud

use continuity to connect your mac, iphone, ipad, ipod touch, and apple watch

downgrade beta

…it’s quite easy to join a public beta, a lot of chinese vendor develop there software while customer already using it – for ios and android it is possible to get a sneak look into new features or test changes behaviour in your enterprise environment before public rollout

join beta at

• https://beta.apple.com/
• https://www.google.com/android/beta

top 3 features of upcoming mobile os

ios 13 “yukon”	android q “quinoa/quiche”
split view	more granular location control
multi-user ipad	undo app removal
dark mode	dark mode

but when it comes to downgrade from a current beta, android raise the bar

ios can easiely opt out of beta, but to download grade you finally need to restore your entire device locally with itunes