FRAMEWORK FOR MOBILE APPLICATION INCIDENT RESPONSE
P2273379A
1. INTRODUCTION
Mobile technology has penetrated people’s daily lives. Mobile technology brings a lot of positive effects to human lives, ranging from education, research, entertainment, health sector, social media, shopping and banking. However, the development of mobile technology has also a negative effect. As an example, people can do mobile banking, checking balance, transferring money, purchasing online and the like. These are positive effects. But there are a lot of problems related to it like loss of money, unknown withdrawals, over debits and many other incidents.
These incidents can be brought about by bugs in applications, data security issues, malicious software attacks or commonly known as virus attacks. These incidents are not left unattended. An incident response is being done in mobile applications.
This document presents the framework for Mobile Application Incident Response focusing on incidents related to virus management within the bank. The framework is meant to serve as a guide and is not exhaustive to the extent of excluding the exercise of good judgment and discretion. The framework explains the need to neutralize the virus in motion, and to prevent the replication to other mobile connected to wireless network.
In order to do this, the virus must first be identified before it can be managed. The core components of the framework are made up of strategy, policy, guidelines and procedures. It ensures that the process is in-line within this framework.
It should also be noted that a key part of the process is the people who execute the incident response activities.
The scope, techniques and costs associated with the incident are directly related to the value and sensitivity of involving information data being exposed.
2. OBJECTIVES
The framework ensures the bank to make the appropriate decisions and quick actions and support the ability to exercise guidance over incident activities.
The objective of having a Mobile incident response framework includes:
Analyzing the incidents and events. The goal here is to identify the incident, the scope of the incident, document the extent of the damage it may cause, and provide effective response or action plan. Incidents will be properly handled through thorough analysis of the incident, collection of evidence, track the origins (if possible), and immediate response support for the affected unit or victim.
Managing Vulnerability. Need to gather data about the running IOS/Android operating system and vulnerabilities of the applications installed. The easiest way to do this is scan the device to determine and verify the suspected vulnerabilities and apply patches or updates to prevent the exploitation. Then notify others the need to know basis to prevent more damage.
Evidence. It can be defined as any object found that could be the threat involved in attack not only on the device itself but to prevent the spread to other devices as well. . There are viruses that spread like ‘HummingBad’ as a living proof.
Reporting. The goal is to document what happened and how the bank can protect their devices and device defense mechanism for future attacks. Furthermore, there should be a meeting to discuss the incident and educate the management. Any kind of weaknesses, suspected or verified, in the Smartphone systems and services must be reported by employees using those systems and services.
Awareness. This part is a must to educate the bank, building awareness through newsletters, posters, announcements, lessons learned and websites. An assessment can be done to know the knowledge of each and every employee about the incident.
3. THE FRAMEWORK
Basically the incident response is a process and must be built upon a solid framework. These should be well defined plan and must address the stages of the framework as follows:
• Preparation
• Detection and Analysis
• Containment, Eradication and Recovery
• Post Incident Activity
For every mobile incident the preparation activity is a must and it involves several steps stipulated in the incident handling procedure for virus management, it is then followed by detection and analysis of the threat to alert the bank for possible occurrence of infection. Through this an appropriate response as per severity of an incident will be done to mitigate the impact, that is, by containing and eradicating the infection for possible recovery. And lastly, a post incident activity should follow, this is the life-cycle of the above framework.
4. COMMON TYPES OF PHONE VIRUSES
Trojan. A type of virus that attached itself as a legitimate app in Smartphone, once installed it start infecting the browser thru hijacking, it can send text without knowing or can freeze you mobile apps.
Adware/Spyware. This type of virus is the same as above, it collect all information in your phone like contacts, location, browsing history, preferences. Also a popup ads like advertising.
Phishing. Is one of the common types of viruses that really if you are not aware, it will infect your Smartphone thru clicking a link in social media and emails. Mask themselves a legitimate website, after clicking, it may ask you to login or register then from there your information will be collected.
Ransomware. A much known virus that encrypt and lock your Smartphone. It will ask for payment to unlock it again. This type of virus came from untrusted websites or by just downloading apps.
Worm. A common type of virus came from unreliable text and MMS messages, once you have this, it will send test messages using your contacts without your authority.
5. PLAN GUIDE
How to prevent infection and control spread of malicious apps and threats
A policy should be imposed and implemented as a process to protect Smartphone, tablet or mobile devices against malicious software and scripts.
The implementation should be automated solutions and procedures to prevent and defend against the introduction of malicious software into the system. An approach for this prevention should consider all possible entry point/source for this malicious software.
a. Timely updates should be incorporated in the procedures to be sure of the effectiveness of the solution. Reports of incidents, prevention and vaulting should be provided to evaluate the effectiveness of the solution in place and types of attacks being encountered.
b. Uniformity of software to be installed in end-user Smartphone based on what the equipment will be used for.
c. Antivirus solution must be part of the security setup and set to automatic scan/update.
d. Any files received either electronically sent or through removable media should be scanned for probable malicious software content.
e. Electronic mail attachments and downloads should be checked for malicious software before use. The corporate email system should be protected against this and “SPAM”.
f. An incident response procedures and team should be established to deal with the outbreak of this malicious software.
g. User awareness and training should be periodically done to inform users of the risks associated with obtaining files and software either from non-trusted websites, or on any other medium, indicating what protective measures should be taken. Bulletins and other informational messages should be regularly released for this purpose.
h. Regular update of the operating system and applications should be done to avoid vulnerabilities to these malicious attacks.
i. Consider a regular backup or automatic backup to the cloud.
Conclusion
An incident is considered to be any adverse event that threatens the security, progress, integrity or availability of bank objectives or resources. Incidents like malware attacks threaten data security and may cause detrimental impact in the business. Incidents like these should not be treated lightly considering the extent of damage it might cause. An Incident Response policy and guidelines is a must and needs to be implemented to quickly contain and mitigate an incident.
References
Math Burls (2017, April 17). The Top 5 Most Common Types of Phone Viruses and How to Know If You Have One
http://www.solveyourtech.com/top-5-common-phone-viruses-know-one/
University of Maryland (n.d.). APA Citation Examples, Based on APA Publication Manual, 6th Edition (2009) and Style Guide to Electronic References (2012)
http://sites.umuc.edu/library/libhow/apa_examples.cfm#websites
Wikipedia (n.d.). Mobile malware, Notable mobile malicious programs
https://en.wikipedia.org/wiki/Mobile_malware
SANS Institute InfoSec Reading Room (n.d.). Managing Incident Response
https://www.sans.org/reading-room/whitepapers/incident/creating-managing-incident-response-team-large-company-1821
OWASP (2015, December 2). Top 10 Considerations For Incident Response
https://www.owasp.org/images/9/92/Top10ConsiderationsForIncidentResponse.pdf