2014 MOBILE THREAT REPORT
|
|
- Alexis Jean Wiggins
- 8 years ago
- Views:
Transcription
1 0 MOBILE THREAT REPORT Introduction In 0 the notable trend in mobile security was the geographic diversification of mobile threats, such as the prevalence of chargeware in Western Europe, where the popularity of premium-rate SMS billing made this path to monetization more viable than in geographies where this billing mechanism is largely prohibited, such as the United States. In 0 this pattern of regional adaptation continued, but the new and noteworthy mobile security trend this year has been the emergence of new mobile threat tactics (such as ransomware) and an increase in threat sophistication. This is a reaction, no doubt, to mobile operators stepping up their threat countermeasures around the world and a general crackdown on premium-rate SMS abuse. For example, in 0 Lookout observed a handful of mobile threats, such as DeathRing and a new variant of Mouabad, that suggested the compromise of mobile supply chains and the pre-loading of malware on factory-shipped devices. In addition, a new variant of the threat NotCompatible, a sophisticated mobile threat with layers of complex self-defense mechanisms that evade detection and countermeasures, gained considerable traction in the U.S. and Western Europe. Methodology To prepare this report Lookout analyzed security detections from its dataset of more than 60 million global users. The encounter rate measurement used in this report reflects the percentage of unique Android devices that encountered a given threat or threat type during the year. Please note, encounter rates are weighted calculations that account for varying user lifecycles and moreover these rates cannot be added since a unique device could be counted multiple times in such calculations. Lastly, at the highest level Lookout classifies app-based threats using three categories (defined at the beginning of this report): malware, chargeware, and adware. 0 MOBILE THREAT REPORT
2 KEY HIGHLIGHTS Mobile threat highlights from 0 include: Malware grew substantially in the U.S. - 0 saw an astounding 7 increase in Android mobile malware encounter rates in the United States compared to 0 (a vs. 7 encounter rate), an increase driven largely by prolific mobile threats that hold victims mobile devices hostage in exchange for payment, using a variety of coercion schemes. 6 Device-for-ransom malware schemes surged globally - Ransomware, a type of malware that locks users out of their mobile devices in a pay-to-unlock-your-device ploy, grew by leaps and bounds as a threat category in 0, with ransomware such as ScareMeNot and ScarePakage finishing in the top five most-prevalent mobile threats in countries such as the U.S., U.K., and Germany. Mobile threat sophistication and experimentation is on the rise - As mobile operators and platforms have continued to crack down on mobile attackers and their monetization methods, the attackers strategies have shifted. In 0 Lookout observed, for example, one of the first instances of attackers attempting to use compromised mobile devices for cryptocurrency mining -- a novel, if ultimately unprofitable scheme. 7 Adware prevalence fell dramatically in 0 and risks losing its crown as the most prevalent mobile threat - Adware encounters fell dramatically in 0, evidence that Google s crackdown 8 on adware in the latter half of 0 and its continued policing of the Play Store has substantially reduced the prevalence of abusive mobile advertising practices in Android applications. In some countries, such as the U.K., adware encounter rates are now surpassed by other threats like chargeware! Chargeware prevalence fell in the U.K. and France, but exploded in Germany - In 0 chargeware continued to be a regional phenomenon, with encounter rates in Western Europe (9 in France, in the U.K.) averaging much higher than those in countries like the U.S. (). Notably, chargeware encounter rates did fall in the U.K. and France in 0, a sign, perhaps, that the efforts of regulatory bodies such as PhonepayPlus have become more effective at curbing premium-rate service abuse. Premium-rate service abuse has historically been a popular monetization method for both chargeware and malware threats globally. Germany, however, experienced a 0 surge in chargeware encounter rates in 0 ( vs. 7 encounter rate) due to the prolific success of the SMSCapers threat. Mobile Threat Definitions Apps that steal user data, commit financial fraud, and/or negatively impact device performance. Malware includes threats such as viruses, trojans, worms, spyware, and ransomware. Apps that charge users for content or services without clear notification or the opportunity to provide informed consent. Apps that serve obtrusive ads that interfere with standard mobile operating experiences and/or collect excessive personal data that exceeds standard advertising practices. 0 MOBILE THREAT REPORT
3 NOTABLE NEW DETECTED BY LOOKOUT IN 0 FRANCE UNITED STATES ScarePakage RANSOMWARE CoinKrypt TROJAN SOUTH KOREA ShrewdCKSpy SPYWARE VIETNAM, INDONESIA, INDIA, NIGERIA, TAIWAN, AND CHINA DeathRing TROJAN ScarePackage RANSOMWARE ScarePakage masquerades as an Adobe Flash update or a variety of anti-virus apps, and is distributed as a drive-by-download. When downloaded, it pretends to scan victims phones and then locks the device after falsely reporting that its scan found illicit content. ScarePakage then displays a fake message from the FBI and attempts to coerce victims into paying them to avoid criminal charges and regain control of their device. 9 DeathRing TROJAN DeathRing poses as a ringtone app and then surreptitiously downloads fake SMS content to infected devices, in a possible attempt to capture victim login credentials by impersonating trusted entities like banks via SMS. Notably, DeathRing appears to come pre-installed on certain devices, suggesting its authors were able to infiltrate the device supply chain and inject their malware into factory-shipped devices. 0 CoinKrypt TROJAN CoinKrypt infects phones and harnesses their processing power to mine cryptocurrency. This activity can drain a device s battery and its monthly data allotment. While this is one of the first examples of malware using smartphone computing power for digital currency mining, Lookout estimates that these activities yield minimal profits given the immense processing power required to mine cryptocurrencies. ShrewdCKSpy SPYWARE ShrewdCKSpy pretends to be an app marketplace, but the market icon disappears on first launch and the malware starts to run in the background, intercepting and recording victims SMS and phone calls and uploading them to a remote server. ShrewdCKSpy also has the ability to auto-accept and record calls, which means attackers could possibly turn a victim s phone into a de facto bugging device by auto-accepting their own call.
4 United States 7 0 In the U.S. ransomware such as ScarePakage, ScareMeNot, ColdBrother, and Koler dominated the mobile threat list in 0 and largely drove the 7 increase in malware encounter rates. Millions of U.S. mobile users were targeted by ransomware attacks, resulting in an untold number of victims paying hundreds of dollars each to unlock their devices and avoid fraudulent criminal charges. In the non-ransomware category, the trojan NotCompatible emerged as the top mobile threat in the U.S. in 0, enabling its operators to harness a considerable mobile botnet to do their bidding. In one instance, Lookout observed attackers using NotCompatible-infected mobile devices to purchase tickets en masse to circumvent anti-fraud measures on ticketing websites. 0 TOP THREATS NotCompatible NotCompatible is a trojan that surreptitiously acts as a network proxy, allowing attackers to send and receive traffic through a victim s mobile device onto connected networks for fraudulent purposes. Koler Koler is a trojan disguised as a media app that then locks a victim s device after falsely reporting the discovery of illegal activity. Koler attempts to coerce victims into paying them to avoid criminal charges and regain control of their device. ScareMeNot ScareMeNot is a trojan that pretends to scan victims phones for security issues and then locks their device after falsely reporting that its scan found illicit content. It attempts to coerce victims into paying them to avoid criminal charges and regain control of their device. ColdBrother ColdBrother is a trojan that pretends to scan victims phones for security issues, but then locks their device after falsely reporting that its scan found illicit content. It can also take a front-facing camera photo and attempts to coerce victims into paying them to avoid criminal charges and regain control of their device. ScarePackage ScarePakage is a trojan that pretends to scan victims phones for security issues and then locks their device after falsely reporting that its scan found illicit content. ScarePakage attempts to coerce victims into paying them to avoid criminal charges and regain control of their device.
5 United Kingdom 0 9 While malware and chargeware rates fell in the U.K. they remained significant: of all Lookout users in the U.K. encountered malware this year and more than in 0 encountered chargeware threats. Just as in 0, chargeware, and more specifically the threat SMSCapers, emerged as the top threat in the U.K. this year. SMS premium-rate billing is a common billing practice in the U.K. and attackers have leveraged this capability as an effective monetization technique in the past, although a year-over-year decline in chargeware and malware encounter rates in the U.K. suggests this may be a decreasingly effective monetization path given countermeasures by regulatory bodies like PhonepayPlus. In 0 the U.K. was also hit with ransomware attacks much like the U.S., with ransomware threat ScareMeNot emerging as the second most prevalent threat to U.K. users. 0 TOP THREATS SMSCapers SMSCapers is a pornographic app for viewing pictures or videos that charges users without providing clear notification and offering users the opportunity to provide informed consent for the charges. ScareMeNot ScareMeNot pretends to scan victims phones and then locks their device after falsely reporting that its scan found illicit content. ScareMeNot attempts to coerce victims into paying them to avoid criminal charges and regain control of their device. ActSpat ActSpat is a trojan that commits premium-rate SMS fraud and may push obtrusive ads to the notification bar, create pop-up ads, place shortcuts on the device s home screen and download large files without asking. Tornika Tornika is a trojan disguised as a media player that sends personal information from compromised devices to third parties and may attempt to charge victims money. It can also enable third parties to display ads without a way to opt out. NotCompatible NotCompatible is a trojan that surreptitiously acts as a network proxy, allowing attackers to send and receive traffic through a victim s mobile device onto connected networks for fraudulent purposes.
6 France In 0 France experienced an overall decline in mobile threat encounter rates, though of French Lookout users still encountered malware this year and almost in 0 encountered a chargeware threat. Chargeware, and its reliance on premium-rate abuse for monetization, still remains among the more prevalent mobile threat types, with threats such as SMSCapers and SMSYou emerging in the top five mobile threats in France this year. Like in the U.K., a decline in malware and chargeware encounter rates in France may be a sign of increased regulatory pressure. In August of 0, for example, PhonepayPlus fined a French app company for abuse of premium-rate phone services. 0 TOP THREATS Tornika Tornika is a trojan disguised as a media player that sends personal information from compromised devices to third parties and may attempt to charge victims money. It can also enable third parties to display ads without a way to opt out. ActSpat ActSpat is a trojan that commits premium-rate SMS fraud and may push obtrusive ads to the notification bar, create pop-up ads, place shortcuts on the device s home screen and download large files without asking. SMSCapers SMSCapers is a pornographic app that charges users without providing clear notification and the opportunity to provide informed consent for the charges. SmsYou SMSYou is a pornographic app that charges users without providing clear notification and the opportunity to provide informed consent for the charges. Spytic Spytic is a form of surveillanceware that enables remote monitoring of the activity and information on compromised devices by third parties. 6
7 Germany In 0 malware encounter rates held steady in Germany at, but the country saw an absolute explosion in chargeware this year (0 increase), due largely to the successful proliferation of SMSCapers, which emerged at the top of the list of mobile threats encountered by German users this year. Germany also saw ransomware encounters grow - as they did in the U.S. and elsewhere in Western Europe - with ScareMeNot emerging at the number two spot for top mobile threats in Germany. 0 TOP THREATS SMSCapers SMSCapers is a pornographic app that charges users without providing clear notification and the opportunity to provide informed consent for the charges. ScareMeNot ScareMeNot is a trojan that pretends to scan victims phones for security issues and then locks their device after falsely reporting that its scan found illicit content. It attempts to coerce victims into paying them to avoid criminal charges and regain control of their device. ActSpat ActSpat is a trojan that commits premium-rate SMS fraud and may push obtrusive ads to the notification bar, create pop-up ads, place shortcuts on the device s home screen and download large files without asking. ScarePackage ScarePakage is a trojan that pretends to scan victims phones for security issues and then locks their device after falsely reporting that its scan found illicit content. ScarePakage attempts to coerce victims into paying them to avoid criminal charges and regain control of their device. NotCompatible NotCompatible is a trojan that surreptitiously acts as a network proxy, allowing attackers to send and receive traffic through a victim s mobile device onto connected networks for fraudulent purposes. 7
8 Japan 0 9 < < In 0 Japan continued to enjoy one of the most favorable threat encounter rates in the world, with approximately of Japanese Lookout users encountering malware this year and less than encountering chargeware threats. While in 0 adware lost its title in some countries as the most prevalent mobile threat, but adware continues to be the top threat in Japan with a encounter rate. 0 TOP THREATS ActSpat ActSpat is a trojan that commits premium rate SMS fraud and may push obtrusive ads to the notification bar, create pop-up ads, place shortcuts on the device s home screen and download large files without asking. Ackposts Ackposts is a trojan that steals device contacts and sends them to a third party server, showing an error message claiming device incompatibility to disguise its activity. OneClickFraud OneClickFraud is a trojan that visits web pages while a victim s device screen is turned off in an attempt to defraud third parties with fake pageviews. CreepyBanner CreepyBanner is a trojan disguised as an Adobe Flash player that attempts to install another application which serves obtrusive ads. ConeSMS ConeSMS is a trojan that advertises itself as pornographic app, but actually commits premium rate SMS fraud in the background. 8
9 CONCLUSION In 0 the new and noteworthy mobile security trend was a surge in new mobile threat tactics like ransomware and an increase in threat sophistication and experimentation. This is likely a reaction to mobile operators increasing their threat countermeasures and a general crackdown on premium-rate SMS abuse, which has historically been the primary monetization path for malware and chargeware threats. Premium-rate SMS was low-hanging fruit that attackers could easily exploit and they did so with great success in 0. Fortunately, premium-rate SMS abuse is also low-hanging fruit for countermeasures, since sending text messages to a premium rate number is a rather obvious behavior that can be flagged and blocked by security vendors, mobile operators, and platforms. The apparent success of these threat countermeasures in 0 is a double-edged sword: while it seems to have lowered threat encounter rates in certain geographies, it also seems to have driven attackers toward developing more insidious threats like ransomware. The individual impact of premium-rate SMS abuse is a handful of nominal charges to a victim s monthly bill. The individual impact of a ransomware threat like ScarePakage, however, is the complete loss of device functionality and potential mental anguish from false criminal accusations, as well as substantial financial loss if a victim elects to pay the ransom. The success of ransomware in the United States (where it largely drove a 7 year-over-year increase in malware) and Western Europe indicates that when thwarted, mobile attackers will innovate and pivot to maintain an edge. The discovery of threats injected in mobile supply chains (e.g. DeathRing) and the rise of technically sophisticated threats (e.g. NotCompatible.C) reveals that attackers are upping their threat construction and deployment game. In the face of more sophisticated adversaries, consumers can stay one step ahead by remaining vigilant, installing apps from trusted app marketplaces, and installing advanced mobile security solutions like Lookout on their devices. ENDNOTES 0 Lookout Mobile Threat Report: Mobile Threats, Made to Measure. Lookout DeathRing: Pre-loaded malware hits smartphones for the second time in 0. Lookout. December 0. MouaBad: When your phone comes pre-loaded with malware. Lookout. April 0. The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Lookout. November 0. NotCompatible.C: A Sophisticated Mobile Threat that Puts Protected Networks at Risk. Lookout. November Android Phones Hit by Ransomware. New York Times. August Sorry, mobile mining likely isn t going to be profitable unless you re criminal. Lookout. July The war against mobile adware isn t over yet, warns Lookout. The Guardian. February U.S. targeted by coercive mobile ransomware impersonating the FBI. Lookout. July DeathRing: Pre-loaded malware hits smartphones for the second time in 0. Lookout. December 0. CoinKrypt: How criminals use your phone to mine digital currency. Lookout. March 0. ShrewdCKSpy: Mobile Spyware With A Hidden Agenda, Lookout. March ,000 fines issued to UK companies over mobile malware and WAP opt-in. PhonepayPlus. Premium-rate voice changer service fined 60,000 for children s apps ads. August MOBILE THREAT REPORT 9
ENTERPRISE MOBILE THREATS. 2014: A Year In Review. I. Introduction. Methodology. Key Highlights ENTERPRISE
ENTERPRISE ENTERPRISE MOBILE THREATS 04: A Year In Review that a single security breach on a mobile device can put an entire organization at risk. Specifically, organizations face three types of security
More informationG DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015
G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015 CONTENTS At a glance 03-03 Forecasts and trends 03-03 Current situation: 4,900 new Android malware samples every day 04-04 Half of Android malware is
More informationG DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015
G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015 CONTENTS At a glance 03-03 Forecasts and trends 03-03 Current situation: 4,900 new Android malware samples every day 04-04 Half of Android malware is
More informationHow To Protect Your Online Banking From Fraud
DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationSTOP. THINK. CONNECT. Online Safety Quiz
STOP. THINK. CONNECT. Online Safety Quiz Round 1: Safety and Security Kristina is on Facebook and receives a friend request from a boy she doesn t know. What should she do? A. Accept the friend request.
More informationEnterprise Mobile Threat Report
Enterprise Mobile Threat Report The State of ios and Android Security Threats to Enterprise Mobility I. Introduction This report examines enterprise security threats for ios and Android. While Android
More informationTypes of cyber-attacks. And how to prevent them
Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual
More informationMobile Malware Network View. Kevin McNamee : Alcatel-Lucent
Mobile Malware Network View Kevin McNamee : Alcatel-Lucent Agenda Introduction How the data is collected Lies, Damn Lies and Statistics Windows PC Malware Android Malware Network Impact Examples of malware
More informationSECTOR 2015 Malware Activity in Mobile Networks Kevin McNamee (Alcatel-Lucent)
SECTOR 2015 Malware Activity in Mobile Networks Kevin McNamee (Alcatel-Lucent) Agenda How the data is collected Lies, Damn Lies and Statistics Windows PC Malware Android Malware Examples of malware Conclusion
More informationWhite paper. Phishing, Vishing and Smishing: Old Threats Present New Risks
White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have
More informationG DATA MOBILE MALWARE REPORT
G DATA MOBILE MALWARE REPORT THREAT REPORT: Q2/2015 1 CONTENTS At a glance 03-03 Forecasts and trends 03-03 Current situation: 6,100 new Android malware instances every day 04-04 Monitoring apps on mobile
More informationIT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA
IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly
More informationIntroduction The Case Study Technical Background The Underground Economy The Economic Model Discussion
Internet Security Seminar 2013 Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion An overview of the paper In-depth analysis of fake Antivirus companies
More informationG Data Mobile MalwareReport. Half-Year Report July December 2013. G Data SecurityLabs
G Data Mobile MalwareReport Half-Year Report July December 2013 G Data SecurityLabs Contents At a glance... 2 Android malware: share of PUPs increasing significantly... 3 Android.Application consists of
More informationAdvanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer
Advanced Online Threat Protection: Defending Your Online Banking Customers Against Modern Malware and Fraud Andrew Bagnato Senior Systems Engineer Agenda Modern malware a targets Account credentials Financial
More informationMOBILE MALWARE REPORT
TRUST IN MOBILE MALWARE REPORT THREAT REPORT: H2/2014 CONTENTS At a Glance 03-03 Forecasts and trends 04-04 Current situation: 4.500 new Android malware instances every day 05-05 Third-party App-Stores
More informationUser Manual. HitmanPro.Kickstart User Manual Page 1
User Manual HitmanPro.Kickstart User Manual Page 1 Table of Contents 1 Introduction to HitmanPro.Kickstart... 3 2 What is ransomware?... 4 3 Why do I need HitmanPro.Kickstart?... 6 4 Creating a HitmanPro.Kickstart
More informationThe Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them
The Increasing Threat of Malware for Android Devices 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them INTRODUCTION If you own a smartphone running the Android operating system, like the
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness 1 The information contained in this presentation may contain privileged and confidential information. This presentation is for information purposes
More informationAgenda. John Veldhuis, Sophos The playing field Threats Mobile Device Management. Pagina 2
Mobile Security Agenda John Veldhuis, Sophos The playing field Threats Mobile Device Management Pagina 2 The Changing Mobile World Powerful devices Access everywhere Mixed ownership User in charge Powerful
More informationMobile App Reputation
Mobile App Reputation A Webroot Security Intelligence Service Timur Kovalev and Darren Niller April 2013 2012 Webroot Inc. All rights reserved. Contents Rise of the Malicious App Machine... 3 Webroot App
More informationThe Advanced Cyber Attack Landscape
The Advanced Cyber Attack Landscape FireEye, Inc. The Advanced Cyber Attack Landscape 1 Contents Executive Summary 3 Introduction 4 The Data Source for this Report 5 Finding 1 5 Malware has become a multinational
More informationCorporate Account Takeover & Information Security Awareness. Customer Training
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
More informationFive Trends to Track in E-Commerce Fraud
Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other
More informationplatforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential
Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.
More informationPractical guide for secure Christmas shopping. Navid
Practical guide for secure Christmas shopping Navid 1 CONTENTS 1. Introduction 3 2. Internet risks: Threats to secure transactions 3 3. What criteria should a secure e-commerce page meet?...4 4. What security
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationwhite paper Malware Security and the Bottom Line
Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware
More informationHow To Get Rid Of A Phish Locker On A Computer (For A Bank)
PHISH LOCKERS OUT IN THE WILD August 2013 RSA researchers have been increasingly witnessing the activity of highly targeted Trojans, dubbed Phish Lockers, used at the hands of cybercriminals to steal credentials.
More informationPHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD
PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD April 2013 As cybercriminals will have it, phishing attacks are quite the seasonal trend. It seems that every April, after showing a slight decline
More informationMifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness
Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationPhishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud
1 st Half 2009 Committed to Wiping Out Internet Scams and Fraud January June 2009 Phishing Report Scope The quarterly APWG analyzes phishing attacks reported to the APWG by its member companies, its Global
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes
More informationProtecting against Mobile Attacks
2014-APR-17 Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537 2 Agenda Attacks moving to mobile
More informationTHE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness
THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationINTERNET SECURITY THREAT REPORT
APRIL 2015 VOLUME 20 INTERNET SECURITY THREAT REPORT APPENDICES 2 2015 Internet Security Threat Report Appendices THREAT ACTIVITY TRENDS MALICIOUS CODE TRENDS SPAM & FRAUD ACTIVITY TRENDS VULNERABILITY
More informationBad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads
Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves
More informationThe information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.
The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. Before acting on any ideas presented in this session;
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationTRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness
TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This
More informationProblematic, Unloved and Argumentative: What is a potentially unwanted application (PUA)?
Problematic, Unloved and Argumentative: What is a potentially unwanted application (PUA)? Revised 11-29-2011 Aryeh Goretsky, MVP, ZCSE Table of Contents Introduction 3 The formal definition 3 Here s a
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationChristos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus
cdoulig at unipi dot gr Department of Informatics University of Piraeus Safety & Security in Cyber Space: Building up Trust in the EU Athens, 6-7 March 2014 Cybersecurity: where do we stand? Major Trends
More informationEmerging Trends in Malware - Antivirus and Beyond
Malware White Paper April 2011 Emerging Trends in Malware - Antivirus and Beyond One need only listen to the news or read the latest Twitter and media updates to hear about cyber crime and be reminded
More informationOVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft
OVERVIEW 2 1. Cyber Crime Unit organization 2. Legal framework 3. Identity theft modus operandi 4. How to avoid online identity theft 5. Main challenges for investigation 6. Conclusions ORGANIZATION 3
More informationCyber liability threats, trends and pointers for the future
Cyber liability threats, trends and pointers for the future Tim Smith Partner, BLM t: 020 7865 3313 e: tim.smith@blm-law.com February 2013 Cyber liability threats, trends and pointers for the future The
More informationMITB Grabbing Login Credentials
MITB Grabbing Login Credentials Original pre-login fields UID, password & site Modified pre-login fields Now with ATM details and MMN New fields added MITB malware inserted additional fields. Records them,
More informationAlmost 400 million people 1 fall victim to cybercrime every year.
400,000000 Almost 400 million people 1 fall victim to cybercrime every year. A common way for criminals to attack people is via websites, unfortunately this includes legitimate sites that have been hacked
More informationSpyware: Securing gateway and endpoint against data theft
Spyware: Securing gateway and endpoint against data theft The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation
More informationInformation Security Updates Mobile Security Best Practices for General User
Information Security Updates Mobile Security Best Practices for General User A ccording to research figures from Business Intelligence 1, the number of smartphones sold worldwide has already surpassed
More informationINTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org
INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationContact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
More informationFraud Trends. HSBCnet Online Security Controls PUBLIC
Fraud Trends HSBCnet Online Security Controls العربیة 文 En français En Español 繁 體 中 文 简 体 中 Contents Types of Fraud Malware Attacks Business E-mail Compromise Voice Phishing ( Vishing ) Short Message
More informationMonitoring mobile communication network, how does it work? How to prevent such thing about that?
Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘 維 亞 周 明 哲 劉 子 揚 (P78017058) (P48027049) (N96011156) 1 Contents How mobile communications work Why monitoring?
More informationINSIGHTS FROM OPERA MEDIAWORKS
INSIGHTS FROM OPERA MEDIAWORKS 9 of the top AD AGE GLOBAL ADVERTISERS OVER 800M UNIQUE USERS OVER 18,000 SITES AND APPLICATIONS Year closes out with Apple No. 1 for revenue, Android leading in traffic
More informationWeb. Paul Pajares and Max Goncharov. Connection. Edition. ios platform are also at risk, as. numbers via browser-based social.
RESEARCHBRIEF Fake Apps, Russia, and the Mobile Making the SMSS Fraud Connection Paul Pajares and Max Goncharov Web News of an SMS fraud service affecting many countries first broke out in Russia in 2010.
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationThe State of Spam A Monthly Report August 2008. Generated by Symantec Messaging and Web Security
The State of Spam A Monthly Report August 2008 Generated by Symantec Messaging and Web Security Doug Bowers Executive Editor Antispam Engineering Dermot Harnett Editor Antispam Engineering Joseph Long
More informationBUGAT TROJAN JOINS THE MOBILE REVOLUTION
BUGAT TROJAN JOINS THE MOBILE REVOLUTION June 2013 RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat s developers managed to develop and deploy mobile malware designed to
More informationAT&T Toggle. 4/23/2014 Page i
Page i Go Ahead Bring Your Own Device to Work... 1 Requirements... 1 1: AT&T Toggle Overview... 1 Personal Icon... 2 ToggleHub... 2 AT&T Toggle Browser... 2 Downloads... 2 Data Usage App... 3 Media...
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationDNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS
DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS December 2011 November saw DNS Poisoning, aka Pharming, making the headlines on more than one occasion: To name a few, the online threat
More informationProtection for Mac and Linux computers: genuine need or nice to have?
Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationCSUF Tech Day 2015. Security Awareness Overview Dale Coddington, Information Security Office dcoddington@fullerton.edu
CSUF Tech Day 2015 Security Awareness Overview Dale Coddington, Information Security Office dcoddington@fullerton.edu Agenda Introduction Large scale data breaches: 2014 and beyond Email based attacks:
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationExposing the Money Behind the Malware
Exposing the Money Behind the Malware How cybercrime works and what to do about it By Chester Wisniewski, Senior Security Advisor It s important to understand the motivation behind the onslaught of malicious
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationInsights from Opera The world s leading mobile ad platform
The State of Mobile Advertising Q3 2012 Insights from Opera The world s leading mobile ad platform 10,000 + 40 BILLION + sites & applications ad impressions per month Publishers include $400 MILLION +
More informationSpam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning
Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans
More informationInformation Security Awareness
Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation
More informationSecurity Challenges and Solutions for Higher Education. May 2011
Security Challenges and Solutions for Higher Education May 2011 Discussion Topics Security Threats and Challenges Education Risks and Trends ACH and Wire Fraud Malware and Phishing Techniques Prevention
More informationA TASTE OF HTTP BOTNETS
Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with
More informationFraud and Abuse Policy
Fraud and Abuse Policy 2015 FRAUD AND ABUSE POLICY 2015 1 Contents 4. Introduction 6. Policy Goal 7. Combatting Customer Fraud and Abuse 8. Reporting Breaches 9. How Alleged Breaches Will Be Investigated
More informationWhat you need to know to keep your computer safe on the Internet
What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security
More informationHow To Protect Your Network From Threats From Your Network (For A Mobile) And From Your Customers (For An Enterprise)
Plugging the Holes in Mobile Security: The Rising Threat Jennifer M. Pigg, VP of Research, Yankee Group Nick Wade, Group Product Manager, Symantec June 2011 Copyright 2011. Yankee Group Research, Inc.
More informationTrust the Innovator to Simplify Cloud Security
Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like
More informationBEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION
BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION December 2013 In the last few years, we have seen the mobile space explode with malware. According to a recent report by Trend Micro, the number of
More informationEco and Ego Apps in Japan
Eco and Ego Apps in Japan A special report based on the Trend Micro research paper written by senior threat researcher Noriaki Hayashi 1 Users face various unwanted app routines in the current mobile landscape.
More informationLASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages
LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,
More informationInformation Security. Be Aware, Secure, and Vigilant. https://www.gosafeonline.sg/ Be vigilant about information security and enjoy using the internet
Be Aware, Secure, and Vigilant Information Security Use the Internet with Confidence Be vigilant about information security and enjoy using the internet https://www.gosafeonline.sg/ The Smartphone Security
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationElevation of Mobile Security Risks in the Enterprise Threat Landscape
March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest
More information2. RESISTANCE TO NETWORK-BASED DETECTION
Mobile Threats NotCompatible.C Research by Tim Strazzere NOTCOMPATIBLE.C A Sophisticated Mobile Threat that Puts Protected Networks at Risk Introduction Malicious actors now view mobile devices as a viable
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record
More informationIdentity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office
Identity Theft CHRISTOS TOPAKAS Head of Group IT Security and Control Office Agenda Identity Theft Threats and Techniques Identity Theft Definition and Facts Identity Theft & Financial Institutions Prevention
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationPANDALABS REPORT Q1 2015 January - March 2015
PANDALABS REPORT Q1 2015 January - March 2015 1. Introduction 2. The quarter in numbers 3. The quarter at a glance Cyber-Crime Social Networks Mobile Malware Cyber-War 4. Conclusion 5. About PandaLabs
More informationHesperbot. Analysts at IKARUS Security Software GmbH successfully removed a self-locking Android Malware from an infected smartphone
Hesperbot Analysts at IKARUS Security Software GmbH successfully removed a self-locking Android Malware from an infected smartphone Android malware is evolving at an alarming rate and becoming more aggressive
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationHOW LOOKOUT S PREDICTIVE SECURITY UNMASKED A MOBILE THREAT
Mobile Threats MalApp HOW LOOKOUT S PREDICTIVE SECURITY UNMASKED A MOBILE THREAT Introduction To detect advanced threats that can evade signatures and behavioral analyses, Lookout developed a platform
More informationSecuring the Mobile App Market
WHITE PAPER: SECURING THE MOBILE APP MARKET White Paper Securing the Mobile App Market How Code Signing Can Bolster Security for Mobile Applications Securing the Mobile App Market How Code Signing Can
More information