MAN-IN-THE-MIDDLE ATTACKS TARGET ios AND ANDROID
|
|
- Christina Benson
- 7 years ago
- Views:
Transcription
1 1 TLP: GREEN GSI ID: 1084 MAN-IN-THE-MIDDLE ATTACKS TARGET ios AND ANDROID RISK FACTOR - HIGH 1.1 / OVERVIEW / Information from intelligence sources suggests ongoing efforts by an organized and resourceful group of malicious actors to target mobile devices, such as smartphones. Open-source intelligence suggests man-in-the-middle attacks are targeting owners of specific phone and software vendors with attempts to steal credentials or hijack browsing sessions in an effort to serve malicious applications. This activity has been observed primarily in Asia, beginning in September The attacks have targeted software vendors, Software-as-a-Service (SaaS) providers and Internet service providers in an attempt to acquire the sign-in credentials of their users. Attacks also attempt to serve malicious software, such as Remote Access Trojans (RATs), by the use of phishing techniques or by impersonating valid applications. Other attacks use phishing to solicit users to download applications being hosted on third-party repositories. Attackers first compromise a client device or network to use webinjects, however portions of these attacks might also be used in cross-site scripting (XSS), phishing, and drive-by download attacks. 1.2 / OPEN-SOURCE INTELLIGENCE / A variety of sources have publicized attacks involving mobile devices. Apple Daily, a site owned by Next Media, was said to have reported distributed denial of service (DDoS) attacks caused downtime and disruption in content publishing, according to Computer World Hong Kong. FireEye published research data that suggested the use of customized and sophisticated malware, which indicates a high-level of skill and resources typically only available to veteran criminals. Figure 1 shows captured traffic indicating the man-in-the-middle attack. Attacks on a large scale appear to have targeted companies that supply SaaS and application services, such as Microsoft online and Apple application services, by conducting man-in-the-middle attacks on the Internet infrastructure. GreatFire.org reported a man-in-the-middle attack against Microsoft, Yahoo and Apple icloud service. These attacks purportedly sought to obtain credentials of victims by intercepting traffic going to these sites. They were reported in October 2014 and coincided with the release of Apple s iphone 6 in Asia. Apple acknowledged the attack by producing a web page warning against the forged certificates and releasing a series of recommendations for users to avoid becoming victims of this type of attack. A forged security certificate is shown in Figure
2 2 Figure 1: GreatFire.org shared captured traffic indicating the man- in- the- middle attack Figure 2: A forged security site certificate for icloud.com 1.3 / TARGETED DEVICES: MOBILE / Open source intelligence suggests the active targeting of mobile devices. This targeting has been seen in the forms of phishing attacks, attempts to create man-in-the-middle application stores and impersonating an application so the attackers can compromise devices, redirect them or gather information about users browsing actions. The attacks require access to specific parts of the Internet infrastructure as well as specific knowledge of mobile operating system architecture in order to develop the customized malicious payload. In addition, the use of cell phone signal interception technology may have been used when targeting victims. By intercepting cellphone signals and data, attackers can pinpoint the user s approximate location, eavesdrop on communications, modify incoming transmissions, and view communication and application protocols being used by victims and proceed to target them. Previous research by Kristin Paget showed that actual interception of GSM traffic was possible by targeting GSM protocol vulnerabilities. Research also shows that CDMA protocol and mobiles can be targeted and compromised. 2 2
3 3 The use of this technology by attackers may have aided their efforts in targeting specific applications and generating customized malicious payloads. Apple ios and Android mobile operating system have been the primary mobile architectures targeted. The open-source Android architecture is more accessible to wouldbe attackers than ios, but both have been targeted. 1.3A / ANDROID / The exploitation of the Android platform can range from footprinting a specific operating system version to the complete takeover and command of the mobile device. Device users can allow installation of applications from third-party application stores, some of which are unsigned or unverified by the Google Play Store. Figure 3 shows how extensive exploitation of an Android mobile can be using current payloads available on the Internet. Figure 3: An example of Android operating system exploitation via Metasploit penetration testing software 1.3B / ios / The ios platform is closed-source and has a very restricted process of application verification, approval, review and publishing. It has multiple OS-based security controls. Companies must follow a process involving a number of formal requests and financial investments in order to be part of the Apple development program or even to get access to development resources. This makes ios more difficult to target than the Android platform and reinforces the thesis that higher-level skills and resources were needed to create the exploits. Due to this difficulty, malicious actors chose tactics such as impersonating or bypassing the Apple store in order to serve malicious payloads to targeted victims. This is often accomplished by targeting enterprise provisioning profiles and bypassing the Online Certificate Status Protocol (OCSP) check used to validate enterprise certificates. A detailed description of this type of attack was published by Virus Bulletin. In other cases, attackers will create clones of third-party applications in which they embed a targeted application bundle identifier. Once this cloned (and malicious) application is installed, it will replace the genuine application, bypassing security checks. This approach is feasible because ios does not enforce matching certificates for applications with the 3 3
4 4 same bundle identifier. A detailed account of an attack named ios Masque was published on the FireEye blog. 1.3C / THE JAILBREAKING FACTOR / Malicious actors have also targeted users that have used jailbreaking on their ios phones. Jailbreaking is the process of removing limitations and security checks in the ios operating system in order to allow users to install applications from other application stores. In China, for example, 14 percent of the 60 million ios devices have been jailbroken, often to support the use of third-party Chinese character keyboard apps. Cydia is the most popular third-party application store installed after jailbreaking an iphone 1.4 / MOBILE REMOTE ACCESS TROJAN: THE XSSER MRAT / Lacoon Mobile Security discovered the Xsser mrat, the first advanced Chinese ios Trojan, which is related to Android spyware already distributed broadly in Hong Kong. Both Android and ios payloads were found to be installed in the same command-and-control server. Xsser mrat was originally an Android-exclusive mobile Remote Access Trojan (mrat); however, a new variant aimed at infecting ios devices emerged in the jailbroken market. The app is installed via a rogue Cydia repository and once the bundle has been installed and executed, it gains persistence. It then makes server-side checks and proceeds to exfiltrate data from the user s device and executes remote commands from its commandand-control (C2) server. Applications bundled in Cydia use the popular Debian packaging system, where a.deb file contains the archive of files for the application. The Xsser mrat package consists of several installation scripts and a Mach-O (name associated with Apple binaries) executable. Following the extraction process, the postinst (post install) file shown in Figure 4 executes a series of bash commands to adjust the permissions of the files. Figure 4: The post- installation script packed with the ios XsserRAT Debian file It then executes the shell script xsser.0day_t.sh, shown in Figure 5, which is used to install the LaunchDaemon plist, giving the Trojan persistence. 4 4
5 5 Figure 5: The startup script executed after the post- installation script Once the launchctl load command is executed, the contents of the plist file will determine which application is launched. This will be the xsser.0day_t binary, which has now been renamed to xsser.0day. 1.5 / HOSTING THE MALICIOUS APPLICATION / In order for XsserRAT to be distributed, it must either be pushed onto the user s device or uploaded into a Cydia repository. Cydia repositories are sources where packages are maintained and distributed. They work in much the same way as Debian sources. Users must add these sources manually, or be tricked into adding them. Many jailbreak users add sources freely, without any guarantee that a source is safe from publishing malicious applications. There are a number of free sources where a user can host their applications. For example, a website called myrepospace provides free hosting for Cydia sources. This allows a malicious actor to host the offending application and phish users into adding the source with packages that target specific interests, such as popular games sold in the App Store. In Figure 6, a package disguised as the popular Flappy Bird game has been uploaded to a free source hosting webpage. 5 5
6 6 Figure 6: A malicious package disguised as the popular gaming app Flappy Bird, is listed on a free source hosting site Once a user has added the unsuspecting malicious source to his or her Cydia source list, the application is available for the user to download, as shown in Figure 7. No details are provided about the application, so the victim is unaware of the malicious binary. Figure 7: The malicious app shown in the Cydia sources page When the binary is executed, it will connect back to its C2 server. It will check the remote C2 against the local library file and attempt to update the local library if an outdated file is present. The check is made by the HTTP request CheckLibrary.aspx, as shown in Figure
7 7 The remote library that is downloaded contains the remaining portion of the Trojan code. Figure 8: The GET request checks f or the latest library component of the XsserRAT Trojan Figure 9 illustrates the strings and functions indicating capabilities for logging and remote updating by the downloader. Figure 9: XsserRAT downloader functionality At the time this threat advisory was published, the C2 had been taken down and attempts by the Trojan to download its extra library (in the lab environment) failed. Instead, PLXsert statically analyzed the missing library component. The library includes the main functionality of the XsserRAT Trojan, shown in Figure 10, such as functions to exfiltrate phone information, SMS text messages, and other sensitive data. 7 7
8 8 Figure 10: The data exfiltration functions within the library component of XsserRAT Trojan Once the user has been infected, the malicious actor will receive sensitive information about the user s device, providing an opportunity to perform follow-up attacks such as extortion or other social engineering-related attacks against a company or organization. Figure 11 shows a web archive of the maliciously hosted XsserRAT on a Cydia source. This source is where the Trojan was hosted and where subsequent callbacks were made. Figure 12 shows open source data on the xsser.com domain history. Figure 11: A query to a wayback machine, shows the Xsser.com domain was serving malware as early as January 7,
9 9 Figure 12: Open source data on the xsser.com domain history PLXsert has been able to verify that the xsser.com domain has been used extensively and modified to serve malware since at least January 7, There are also multiple randomlygenerated subdomains with dates older than January 7, / PREVENTING INFECTION / End-users will find it very difficult to detect whether their phones are under attack from malware such as Xsser mrat. The best approach is prevention. Several common sense protection measures apply: Avoid the use of free Internet hot spots. They can be readily compromised or set up to entrap unknowing users. Even if a free Wi-Fi SSID is familiar or known, it may be indistinguishable from a malicious one. Disable automatic Wi-Fi connections and disable Wi-Fi in public places. Disabling will prevent victimization by tools that impersonate known SSIDs. 9 9
10 0 When possible, use a virtual private network (VPN) service. VPNs provide protection against eavesdropping and man-in-the-middle attacks. Enable two-factor authentication when possible in any application that requires the input of user credentials. Two-factor authentication adds a layer of protection. Ignore sudden or unexpected communications that contain generic salutations, grammatical errors in URLs, unexpected attachments and attachments sent from unknown entities. Do not click anything in these communications. Do not respond with sensitive information without verifying the origin of such requests or communications. It is difficult to detect GSM and CDMA attacks; however, any sudden requests to install, upgrade or download applications should be distrusted. Certificate errors in websites or login errors in phone applications are an indicator of possible malicious activity. In addition, sudden signal intensity changes could indicate cell tower impersonation or tampering. Use peer-to-peer proximity networking technology to help avoid infrastructure eavesdropping or tampering, but be aware that attackers may join these networks and sniff traffic. Do not install any application from an untrusted and unsigned source. Caution will reduce the attack surface when mobile devices are being targeted. Do not jailbreak phones. Jailbreaking exposes the ios to a wide range of attacks. Consider the use of commercial phone applications that warn, discover and interrupt malicious processes
11 1 1.7 / CONCLUSION / The use of sophisticated attack methods against unsuspecting mobile device users shows the extent to which veteran criminals with resources will go to target mobiles phones. Only a well-funded and coordinated multi-member organization can execute such a campaign. Campaigns like this provide a warning message for the types of methods that can be used against users for the purpose of surveillance or profit. Attack vectors involving mobile technology include DDoS, compromise of the Internet infrastructure, man-in-the-middle attacks, customized malicious mobile operating system payloads, possible cellphone tower eavesdropping technology and social engineering
12 The Prolexic Security Engineering and Research Team (PLXsert) monitors malicious cyber threats globally and analyzes these attacks using proprietary techniques and equipment. Through research, digital forensics and post-event analysis, PLXsert is able to build a global view of security threats, vulnerabilities and trends, which is shared with customers and the security community. By identifying the sources and associated attributes of individual attacks, along with best practices to identify and mitigate security threats and vulnerabilities, PLXsert helps organizations make more informed, proactive decisions. Akamai is a leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the company s solutions is the Akamai Intelligent Platform providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit or blogs.akamai.com, and on Twitter. Akamai is headquartered in Cambridge, Massachusetts in the United States with operations in more than 40 offices around the world. Our services and renowned customer care enable businesses to provide an unparalleled Internet experience for their customers worldwide. Addresses, phone numbers and contact information for all locations are listed on Akamai Technologies, Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited. Akamai and the Akamai wave logo are registered trademarks. Other trademarks contained herein are the property of their respective owners. Akamai believes that the information in this publication is accurate as of its publication date; such information is subject to change without notice. Published 10/14. 12
The server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.
1 TLP: GREEN 02.11.15 GSI ID: 1086 SECURITY BULLETIN: MS SQL REFLECTION DDOS RISK FACTOR - MEDIUM 1.1 / OVERVIEW / Beginning in October 2014, PLXsert observed the use of a new type of reflection-based
More informationDNS FLOODER V1.1. akamai s [state of the internet] / Threat Advisory
GSI ID: 1065 DNS FLOODER V1.1 RISK FACTOR - HIGH 1.1 OVERVIEW / PLXSert has observed the release and rapid deployment of a new DNS reflection toolkit for distributed denial of service (DDoS) attacks. The
More informationJOOMLA REFLECTION DDOS-FOR-HIRE
1 TLP: GREEN GSI ID: 1085 JOOMLA REFLECTION DDOS-FOR-HIRE RISK FACTOR - HIGH 1.1 / OVERVIEW / Following a series of vulnerability disclosures throughout 2014, the popular content management framework Joomla
More informationSSDP REFLECTION DDOS ATTACKS
TLP: AMBER GSI ID: 1079 SSDP REFLECTION DDOS ATTACKS RISK FACTOR - HIGH 1.1 OVERVIEW / PLXsert has observed the use of a new reflection and amplification distributed denial of service (DDoS) attack that
More informationNTP-AMP: AMPLIFICATION TACTICS AND ANALYSIS
GSI ID: 1070 NTP-AMP: AMPLIFICATION TACTICS AND ANALYSIS RISK FACTOR - HIGH 1.1 OVERVIEW / Amplification is not a new distributed denial of service (DDoS) attack method, nor is the misuse of the Network
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationEnterprise Mobile Threat Report
Enterprise Mobile Threat Report The State of ios and Android Security Threats to Enterprise Mobility I. Introduction This report examines enterprise security threats for ios and Android. While Android
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationMonitoring mobile communication network, how does it work? How to prevent such thing about that?
Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘 維 亞 周 明 哲 劉 子 揚 (P78017058) (P48027049) (N96011156) 1 Contents How mobile communications work Why monitoring?
More informationSPEAR-PHISHING ATTACKS
SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT
More informationwhite paper Malware Security and the Bottom Line
Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware
More informationTrend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox
Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...
More informationAccount Checkers and Fraud
kamai Technologies Inc. Account Checkers and Fraud Carders in Action VERSION: 2013-0005-G Table of Contents Executive Summary... 2 Observed Behavior... 2 Attacker Tactics, Techniques and Procedures...
More informationof firms with remote users say Web-borne attacks impacted company financials.
Introduction As the number of users working from outside of the enterprise perimeter increases, the need for more efficient methods of securing the corporate network grows exponentially. In Part 1 of this
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationWeb Application Vulnerability Scanner: Skipfish
Web Application Vulnerability Scanner: Skipfish Page 1 of 7 EXECUTIVE SUMMARY Skipfish is an automated web application vulnerability scanner available for free download at Google s code website. It is
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationSecurity Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationThe dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more
The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationTrust Digital Best Practices
> ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationOUT OF POCKET: A Comprehensive Mobile Threat Assessment of 7 Million ios and Android Apps FEBRUARY 2015 SECURITY REIMAGINED
S P E C I A L R E P O R T OUT OF POCKET: A Comprehensive Mobile Threat Assessment of 7 Million ios and Android Apps FEBRUARY 2015 SECURITY REIMAGINED CONTENTS FEBRUARY 2015 Executive Summary 3 Introduction
More informationDATA SHEET. What Darktrace Finds
DATA SHEET What Darktrace Finds Darktrace finds anomalies that bypass other security tools, due to the uniqueness of the Enterprise Immune System, capable of detecting threats without reliance on rules,
More informationTHE BLACKSHADES RAT. akamai s [state of the internet] / Threat Advisory
GSI ID: 1076 THE BLACKSHADES RAT RISK FACTOR - HIGH 1.1 OVERVIEW / Malicious actors seek to monetize the exfiltration and compromise of information from the computers and devices of their victims. The
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationFidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1
Fidelis XPS Power Tools Gaining Visibility Into Your Cloud: Cloud Services Security February 2012 PAGE 1 PAGE 1 Introduction Enterprises worldwide are increasing their reliance on Cloud Service providers
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationHow To Protect Your Mobile Device From Attack
Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationHow To Protect Your Online Banking From Fraud
DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction
More informationMobile Threat Intelligence Report
Mobile Threat Intelligence Report Q1 2016 Overview Mobile malware has been around almost as long as mobile apps, but the worst malware of today is no longer just an annoying inconvenience to the user.
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationEnabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments
Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Efficiently and Cost- Effectively Managing Mobility Risks in the Age of IT Consumerization Table of Contents EXECUTIVE
More informationMOBILE SECURITY: DON T FENCE ME IN
MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY
More informationSecure Content Delivery Network
Akamai Technologies Inc. Akamai Security and Compliance Secure Content Delivery Network Physical Access Information May 13, 2014 Table of Contents Risk Analysis... 1-2 Physical Access... 2-3 Records...
More informationOperation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
More informationGOING BEYOND BLOCKING AN ATTACK
Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version
More informationUser Documentation Web Traffic Security. University of Stavanger
User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...
More informationState of App Security
State of App Security Recent attacks targeting mobile apps and operating systems have put an unprecedented amount of mobile business data at risk. Many enterprises are unprepared to combat the latest mobile
More informationProtecting Android Mobile Devices from Known Threats
Protecting Android Mobile Devices from Known Threats Android OS A Popular Target for Hacks White Paper Zero Trust Mobile Security An Introduction to the BETTER Mobile Security Platform BETTER at work.
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationKaspersky Security for Mobile Administrator's Guide
Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that
More informationHow to Evaluate DDoS Mitigation Providers:
Akamai White Paper How to Evaluate DDoS Mitigation Providers: Four Critical Criteria How to Evaluate DDoS Mitigation Providers 2 TABLE OF CONTENTS INTRODUCTION 3 CRITERIA #1: THREAT INTELLIGENCE 3 CRITERIA
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationVodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence
Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence White Paper Vodafone Global Enterprise 3 The Apple iphone has become a catalyst for changing the way both users
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationKaspersky Security 10 for Mobile Implementation Guide
Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationFive Trends to Track in E-Commerce Fraud
Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationAKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.
CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. Threat > The number and size of cyberattacks are increasing rapidly Website availability and rapid performance are critical factors in determining the success
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationWhite Paper. Three Steps To Mitigate Mobile Security Risks
White Paper Three Steps To Mitigate Mobile Security Risks Bring Your Own Device Growth The Bring Your Own Device (BYOD) trend caught on with users faster than IT expected, especially as ios and Android
More informationTransaction Anomaly Protection Stopping Malware At The Door. White Paper
Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side
More informationSecurity Intelligence Services. Cybersecurity training. www.kaspersky.com
Kaspersky Security Intelligence Services. Cybersecurity training www.kaspersky.com CYBERSECURITY TRAINING Leverage Kaspersky Lab s cybersecurity knowledge, experience and intelligence through these innovative
More informationPractical Attacks against MDM Solutions (and What Can You Do About It)
Practical Attacks against MDM Solutions (and What Can You Do About It) SESSION ID: MBS-R02 Michael Shaulov CEO and Co-Founder Lacoon Mobile Security @LacoonSecurity Agenda Your Data Exploits to target
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationSECURITY ADVISORY. December 2008 Barracuda Load Balancer admin login Cross-site Scripting
SECURITY ADVISORY December 2008 Barracuda Load Balancer admin login Cross-site Scripting Discovered in December 2008 by FortConsult s Security Research Team/Jan Skovgren WARNING NOT FOR DISCLOSURE BEFORE
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationDefense Media Activity Guide To Keeping Your Social Media Accounts Secure
Guide To Keeping Your Social Media Accounts Secure Social media is an integral part of the strategic communications and public affairs missions of the Department of Defense. Like any asset, it is something
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationTrends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationEnterprise Mobility Report 10/2014. Creation date: 31.10.2014. Vlastimil Turzík, Edward Plch
10/2014 Creation date: 31.10.2014 Author: Vlastimil Turzík, Edward Plch Content Content... 2 Introduction... 4 Interesting Articles... 4 95% of companies challenged by BYOD security... 4 ios... 4 Vulnerability...
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationTLP WHITE. Denial of service attacks: what you need to know
Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationThreat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?
More informationDRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario
DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One End User Security, IS Control Evaluation & Self- Assessment Information Security Trends and Countermeasures
More informationPractical Attacks against Mobile Device Management Solutions
Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly
More informationEnterprise Mobility Report 06/2015. Creation date: 1.7.2015. Vlastimil Turzík
06/2015 Creation date: 1.7.2015 Author: Vlastimil Turzík Content Content... 2 Introduction... 4 ios... 4 Vulnerability... 4 ios Mail App Vulnerability Allows Hackers To Steal icloud Passwords... 4 Versions:
More informationSix Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business
6 Six Essential Elements of Web Application Security Cost Effective Strategies for Defending Your Business An Introduction to Defending Your Business Against Today s Most Common Cyber Attacks When web
More informationOWASP AND APPLICATION SECURITY
SECURING THE 3DEXPERIENCE PLATFORM OWASP AND APPLICATION SECURITY Milan Bruchter/Shutterstock.com WHITE PAPER EXECUTIVE SUMMARY As part of Dassault Systèmes efforts to counter threats of hacking, particularly
More informationSkynax. Mobility Management System. System Manual
Skynax Mobility Management System System Manual Intermec by Honeywell 6001 36th Ave. W. Everett, WA 98203 U.S.A. www.intermec.com The information contained herein is provided solely for the purpose of
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More information[state of the internet] / DDoS Reflection Vectors. Threat Advisory: NetBIOS name server, RPC portmap and Sentinel reflection DDoS
TLP: GREEN Issue Date: 2015.10.28 Risk Factor- Medium Threat Advisory: NetBIOS name server, RPC portmap and Sentinel reflection DDoS 1.0 / OVERVIEW / In the third quarter of 2015, Akamai mitigated and
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More information