Securing your Mobile Environment. Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank

Transcription

1 Securing your Mobile Environment Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank

2 These things are everywhere

3 These things are everywhere

4 These things are everywhere

5 These things are everywhere

6 TARGET: SMARTPHONE. WHY? Your device contains a lot of interesting things: incoming and outgoing SMS messages work s personal photos business contacts GPS coordinates online banking credentials trip calendar various installed apps

7 Layers of weak spots Network: Man-in-the-middle interception of data over the air HARDWARE: Baseband-layer attacks OPERATING SYSTEM: Flaws and defects in kernel code APPLICATION: Apps with vulnerabilities and malicious code have access to your data and device censors

8 The current rise of malware New Threats Every Day 200K Malicious programs specifically targeting mobile devices >35K Malware files in Kaspersky Lab collection Jan 2013 >100m

9 WHAT ABOUT MOBILE MALWARE? ,193 mobile malware samples 1,160 mobile malware samples December 2,137 mobile malware samples What about 2012?

10 Explosive Growth of Mobile 30,000 25,000 20,000 15,000 Malware Mobile Malware in ,000+ New Unique Samples 480% Increase! 10,000 5,

11 Q Mobile Malware Observations Number of mobile malware families to-date: 533 Number of mobile malware modifications to-date: 70,133 Mobile malware found in March 2013: 9,423 new modifications A total of 22,750 new modifications of malicious programs targeting mobile devices were detected this past quarter that s more than half of the total number of modifications detected in all of Perkel- Banking Trojan effecting users in 69 countries MTK Botnet- Effected 1,000,000 + Android devices in China PAGE 11 Mobile malware written for specific platforms: Android, 95.98% WinCE; 2,31% Symbian, 0.55% J2ME, 3.25%

12 Mobile malware Distribution of malware targeting Android OS detected on user devices by behavior, Q Source: Kaspersky Lab December 2012 PAGE 12

13

14 Rooting and Jailbreaking Root Access Enabled Expanded Functionality Security Controls Reduced

15 The threat to businesses 33% Companies that allow their staff unrestricted access to corporate resources from their smartphones. SOURCE: B2B International/Kaspersky Lab

16 The threat to businesses 23% Businesses that faced the loss of business data due to the loss or theft of mobile devices. SOURCE: B2B International/Kaspersky Lab

17 I saw this just before a flight

18 FBI Alert (October 2012)

19 Mobile Pwn2Own

20 IS ios SECURE?

21 Mobile Pwn2Own

22 There s an app for that IDC: Smart phone users will download more than 182 billion mobile apps in 2015

23 Do you know what that app is doing?

24 Malicious apps

25 A malicious app can do Monitor activity and retrieve sensitive data Trigger unauthorized dialing, SMS, and payments Command and control a mobile botnet Impersonate the device UI Modify the system (rootkit, persistent infection)

26 B Y O D The Effects of Consumerization Dual use of computers for personal and business purposes Trojan Infections Puts VPN Credential at risk Increased risk of data loss (theft)

27 Mobile Attacks to Watch For

28 BRING YOUR OWNED DEVICE Mobile Attacks to Watch For Toll Fraud by far most profitable type of mobile attack 8 of 10 are SMS-based toll fraud Run up huge premium SMS charges; attackers getting rich Prevalent in Eastern Europe Dupe victim into installing malicious app; think it s a game App sends premium SMS messages at victim s expense to service controlled by hacker

29 BRING YOUR OWNED DEVICE Mobile Attacks to Watch For Zitmo: Zeus in the Mobile Zeus = Dangerous banking Trojan Spreads via phishing campaigns Steals online banking credentials Attacker inserts own Web form field to legitimate site masquerading as security update Users enter credentials into fields; accounts emptied Eurograbber (30K victims, 36M)

30

31 Remote lock/wipe and data encryption are the top 2 must-haves to alleviate concerns with BYOD at companies of all sizes Which of the following security technologies and policies, if any, would alleviate your concerns? [Concerned about employee-provisioned devices] VSB (2-19 employees) SMB ( employees) Enterprise (1,000 or more employees) Remote lock and remote wipe in case the device is 71% 84% 83% Encryption capabilities for data on the device 66% 73% 80% Anti-malware protection for the device 62% 70% 73% Password entry for device access 65% 66% 73% Network security features like encrypted 60% 71% 72% Selective wipe 47% 65% 66% Application control 41% 55% 57% Transparency and auditing of what data consumer 53% 46% 47% Base= 1508 Security Decision-Makers Source: Forrsights Security Survey, Q2 2012

32 Staying Secure Uninstall crapware/bloatware, turn off unnecessary features Check app permissions carefully; delete high-risk apps Use available encryption Enable VPN usage for employees Invest in technology for auto-lock/auto-wipe on lost devices Use strong passcode lock (avoid 4-digit pins) Invest in anti-malware technology Chose a product with robust MDM (mobile device management) File integrity can thwart rogue applications Understand danger of geo-location apps Stalkers and burglars are already using this Can be used for reconnaissance in targeted attacks

33 Staying Secure Beware of Wi-Fi networks Rogue access points are a real danger (airports, coffee shops) Stay on the patching treadmill Choose an Android carrier based on patching/updating history Apply ios updates whenever available; they usually fix major security bugs Keep legit apps updated as much as possible Do not jailbreak! Jailbreaks use unpatched security vulnerabilities, leaving device exposed You are disabling every bit of security on the device Avoid clicking on unsolicited links Don t download apps from the web or unofficial app stores Beware the porn player

34 The impact on IT security Malware The #1 target: applications! Response: Systems / patch management Response: Anti-malware plus management tool / dashboard Your data is on the move! Response: Data encryption YOUR DATA Mobile / BYOD Response: Mobile device management (MDM) 34

35 The impact on IT security Malware The #1 target: applications! Response: Systems / patch management Response: Anti-malware plus management tool / dashboard This is complexity COMPLEXITY IS THE ENEMY OF IT SECURITY Your data is on the move! Response: Data encryption YOUR DATA Mobile / BYOD Response: Mobile device management (MDM) 35

36 What if? Malware The #1 target: applications! Your data is on the move! 1 PLATFORM MANAGEMENT CONSOLE COST YOUR DATA Mobile / BYOD 36

37 Kaspersky Endpoint Security for Business This single platform contains: 37 Anti-malware traditional & cloud-assisted Systems management including patch management Endpoint control tools: application, device and web control Mobile security MDM plus mobile security agent Data encryption file / folder, full-disk

38 Kaspersky Endpoint Security for Business All managed through a single management console: Kaspersky Security Center 38 Anti-malware traditional & cloud-assisted Systems Management including patch management Endpoint control tools: application, device and web control Mobile security MDM plus mobile security agent Data encryption file / folder, full-disk

39 Mobile endpoint + MDM Mobile security Mobile Device Management (MDM) Kaspersky Security Center MDM Two components Microsoft Exchange ActiveSync Apple MDM ANTI MALWARE DATA ENCRYPTION Mobile Security SYSTEMS MANAGEMENT CONTROL TOOLS Endpoint Agent for * Mobile Devices * * Smartphones Infrastructure Tablets Android Windows Symbian Blackberry ios devices

40 Mobile solution features CONFIGURE/DEPLOY Via SMS, or tether SECURITY Anti-malware Anti-phishing Anti-spam GPS find ANTI-THEFT Remote block POLICY COMPLIANCE Set password Jailbreak / Root notice Force settings APPLICATIONS Containerization Data access restriction DATA ACCESS Data Encryption Remote wipe ANTI MALWARE DATA ENCRYPTION Mobile Security SYSTEMS MANAGEMENT CONTROL TOOLS Infrastructure

41 Data encryption Keeping your data safe, wherever it goes Encryption features File / folder or full-disk Transparent to end-users Integrates with device control and application control Inside the Network Outside the Network Transparent encryption and decryption ANTI MALWARE DATA ENCRYPTION Mobile Security 41 SYSTEMS MANAGEMENT CONTROL TOOLS Infrastructure

42 Gorham Savings Bank Observations Jeremy Clough Information Security Officer

43 Gorham Savings Bank Bank $900+ million in assets 10 branches in southern Maine 13 locations plus remote VPN users 175 employees including IT staff of 6 Risk management staff of active vendors w/112 rated as significant Member FDIC

44 Gorham Value Of Savings A Hacked PC Bank Member FDIC Source: KrebsOnSecurity.com

45 Gorham Online Fraud Savings Prevention Layers Bank Strong C Level Support (avoid FUD!!) Patch, Update, Test Out of Band Authentication Dual Control/Segregation of duties (prevent insider fraud too!) Enable Activity Alerts via Review Transactions Daily Network/PC/Server Monitoring Member FDIC

46 Gorham Savings Bank Enhanced Transaction Authentication for All Accounts All GSB Online logins are now subject advanced login logic. Non-routine logins will require a second factor authentication. Member FDIC

47 Enhanced Gorham High Risk Savings Business Transaction Bank Authentication Two Easy Steps to Secure Your Online ACH & Wire Transactions with PhoneVerify Step 1 When an online banking transaction is submitted, PhoneVerify calls you for approval. Details about the transaction are played during the call. For example: This is Gorham Savings Bank calling to verify your online banking transaction Step 2 To approve the transaction, the user simply presses # on the phone keypad. To stop a transaction, hang up or enter 999#. Member FDIC

48 Gorham Lock Down Savings Your Accounts Bank ACH Debit Block or Filter ACH Debit Block Prevents ACH Debits from posting to your account (including converted check items) ACH Filter Provide your bank with a list of companies that are authorized to electronically debit your account and block all others Member FDIC

49 Gorham Help Prevent Savings Account Takeover Bank Reg E Protects Consumers only Uniform Commercial Code (UCC) Article 4a: Notify your bank immediately if you detect a suspicious transaction in your account. Use at least 8 characters including letters, number & special characters. H@rd2Cr@k! Change at least every 90 days. Don t use the same password for personal and business use Use an ios decice (iphone/ipad) Member FDIC

50 Help Prevent Gorham Account Savings Takeover-Social Bank Engineering Never click on links or attachments from untrusted sources You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation. -Kevin Mitnick Member FDIC

51 Gorham Mobile Device Savings Enterprise Bank Risk The cost of compliance lapses ranges from $10,000 to $491,000 per instance, with one lost, stolen, or hacked mobile device now powerful enough to cause several lapses Violations of the Health Insurance Portability and Accountability Act (HIPAA) are some of the most costly, averaging over $147,000 per lapse -A. Marcella Ph.D., CISA, CISM Member FDIC

52 Member FDIC Gorham The Good Old Savings Days.2012 Bank

53 Member FDIC Gorham 2013: Yet Another Savings Brave Bank New World

54 Member FDIC Gorham 2013 Policy Savings Best Practices Bank

55 Member FDIC Gorham 2013 Policy Savings Best Practices Bank

56 Member FDIC Gorham 2013 Policy Savings Best Practices Bank

57 Member FDIC Gorham 2013 Policy Savings Best Practices Bank

58 Gorham 2013 Policy Savings Best Practices Bank Applies to smart phones, tablets, and USB drives Applies to company and any BYOD devices used for company business Passcode required to unlock device Set an idle timeout to lock the device Keep all software and operating system up to date Required enrollment in company mobile device management service Enable encryption Do not jailbreak or root the device A. Marcella Ph.D., CISA, CISM Member FDIC

59 Gorham Savings Bank You Are The Best Defense Against Cybercrime! Q&A Member FDIC

60 Gorham Online Savings Resources Bank CyberCrime Blog: KrebsOnSecurity.com Phishing Information: nophishing.org Technical Phishing Information: antiphishing.org Online Security: onguardonline.gov Protect Yourself: GorhamSavingsBank.com/protect-yourself Member FDIC