Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

Advanced Online Threat Protection: Defending Your Online Banking Customers Against Modern Malware and Fraud Andrew Bagnato Senior Systems Engineer

Agenda Modern malware a targets Account credentials Financial transactions Modern malware techniques Social engineering Browser injection System monitoring Mobile Threat Landscape Q&A 2 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Modern malware targets >50% of organized cybercrime attacks focus on financial i and e-commerce businesses and their users Account credentials are the primary target Email accounts are of especially high value as they provide access to all other online accounts Financial transactions are highly targeted Recording an online purchase provides key necessary data to recreate someone's credit card Name, card number, exp. date, CVV code 3 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Modern malware techniques Social engineering is extremely effective Well crafted phishing emails Telephone based attacks Browser injection is especially devious Extracts additional information Bypasses SSL/TLS Can bypass two factor authentication System monitoring Access to all other online accounts Leads to identity theft 4 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Mobile apps expand the issue Apple released the first iphone and ios in mid 2007 followed by Google s release of Android in the fall of 2008 By the end of 2010, there were roughly 300k iphone and 100k Android apps with more than 10 billion app downloads Today, both Google and Apple s app stores boast more than 800k apps and total downloads over 100 billion! The average smartphone users downloads 90 additional apps Webroot started collecting mobile apps in 2011 and has collected over 3.7 million unique mobile apps This number is much larger than the combined 1.6 million available on Apple and Google s markets The reason is there are numerous 3 rd party markets, mainly for Android apps Research shows nearly 30% of users acquire apps from 3 rd party markets Most malicious apps are found in 3 rd party markets as well as P2P networks 5 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Analyzing the risks of BYOD 88% of SMB s support mobile devices and 66% allow BYOD ios Version Distribution BYOD increases risk because it combines personal and 53% corporate data onto a single 29% device Compared to company provided devices, BYOD devices contain dozens of additional apps for personal use BYOD causes OS diversity concerns as users will have a 36% wide array of devices and OS versions, some which have known security vulnerabilities 26% 12% 5% 1% ios 6.1.1 ios 6.1.0 ios 6.0 ios 5 Earlier ios Android idversion Distribution ib ti <1% 3% 2% 33% Jelly Bean Ice Cream Sandwich Honeycomb Gingerbread Froyo Éclair 6 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Analyzing the risks of malicious apps Risks associate with malicious mobile apps: Information theft (adware/pua, spyware, trojans, apps from untrusted developers) Premium SMS charges (SMS trojans, repackaged/cracked apps) User tracking (spyware, legit tracking apps, trojans) Rootkits (repackaged/cracked apps, trojans) Consequences of malicious mobile apps: Spear-phishing Identity theft Financial loss Compromised network 7 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Malicious app trends With more than 3.7 million apps analyzed, 12% of Android apps are either malicious 4000000 or unwanted (PUA) and nearly 3% of ios 3000000 apps contain privacy violations Free apps are the biggest offender as developers look for ways to monetize their efforts Mobile app ad-engines typically pay based on the quantity of collected data 3 rd party markets and P2P networks are hotspots for malicious apps Some 3 rd party markets only distribute malicious apps often associated with cracking paid apps or translating apps into another language Malicious apps often perform the advertised task as a method to evade detection and as a way to make it onto legitimate app markets 2000000 1000000 0 Android Samples Total Apps Malicious Apps 8 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Malicious app trends cont. Over 12% of Android apps have malicious or unwanted behavior let s look at the breakdown PUA s PUAs account for 86% Largely due to pervasiveness of aggressive ad-engines (Airpush) Trojans, Spyware and Rootkits account for the remaining 14% This includes SMS trojans, botnets, t rooting apps and all other truly malicious apps 9 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Malicious app example Trojan/Rootkit Here we have a classic example of an infected app which requests more permissions than necessary In both cases the app plays the game but the example on the right also sends premium SMS texts as well as roots the device Rooted devices pose a much bigger risk as I they circumvent device security features 10 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Malicious app example Adware/PUA PUA s PUAs account for the biggest chunk of malicious apps In this example, the ad-engine is advertising Flash Player which is not needed and is also charging $34.95 for the bogus app 11 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Malicious app example Spyware Often masqueraded as a tracking app, spyware apps are available on both legit and 3 rd party markets and can be used for malicious purposes 12 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Surprising survey results Year over year, more mobile devices are connecting to corporate networks and BYOD is on the rise 13 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Surprising survey results cont. ios and Android are the most common OS s to connect to the corporate network 14 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Surprising survey results cont. IT Pros are right mobile malware is on the rise and Android poses the biggest risk 15 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Surprising survey results cont. IT Pros are also aware of the risks posed by malicious mobile apps 16 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Surprising survey results cont. Yet when IT Pros were asked how familiar they were with malicious mobile apps or if they were aware of rooted devices connecting to the network 17 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Surprising survey results cont. And what about mobile device policies, solutions and employee education? 18 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

What s next for MDM mobile app reputation Mobile app reputation is a service which helps inform users of which apps are safe vs. untrustworthy With many choices available, app rep helps inform users of apps which are safe to use and pose no security risk to private or corporate data 19 Thursday, June 20, 2013 Webroot, Inc. Proprietary and Confidential Information @gmilbourne #WebrootSIFMAtech

Q&A Andrew Bagnato abagnato@webroot.com #WebrootSIFMAtech