Today our Sophos firewall Advanced Threat Protection rule was triggered by an attempt to connect to a Botnet. The internal IP was an IPhone 10 connected to the protected WIFI guest network trying to connect to an external IP address that triggered the Sophos firewall.
The employee said he was trying to open a whatsapp video on his private IPhone and forwarding it which didn't work. I warned him that his phone was trying to connect to an IP address associated with a RF domain/company and also comes up as associated with Stuckworm. I advised him to update his IOS to 17.4 and download Intercept X free. Company policy is to use IPhones because it used to be more safe.
We do not manage private phones and allow limited protocol connections to the internet using a protected closed off WIFI guest network while they are in the office.
My question is this: would Intercept X have detected this attempt to connect to a Botnet? Our Firewall did. But what if he uses 5G or his home WIFI?
Anyone familiar with how watching a video in whatsapp can be misused? I've not witnessed it myself so I have to take his word for it that this was what triggered our firewall. It seems more lickely he clicked a link he received.
Will try to get him to let me have have a look at his phone tomorrow :-;
TIA,
Fred
Edit Tags
[edited by: GlennSen at 7:56 AM (GMT -7) on 25 Mar 2024]
