Protecting against Mobile Attacks

Similar documents
Mobile Malware Network View. Kevin McNamee : Alcatel-Lucent

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Tutorial on Smartphone Security

Secure Your Mobile Workplace

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation

G Data Mobile MalwareReport. Half-Year Report July December G Data SecurityLabs

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

Dr. David Turahi Director for IT&IMS - MOICT Uganda

Secure Use of Electronic Banking Services. George Chou Hong Kong Monetary Authority Dec 2013

Defending Behind The Device Mobile Application Risks

The Mobile Malware Problem

Future of Mobile App Security. Vincent Sritapan Program Manager Cyber Security Division Science and Technology Directorate

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

CSUF Tech Day Security Awareness Overview Dale Coddington, Information Security Office

Sophos Mobile Security Threat Report. Launched at Mobile World Congress, By Vanja Svajcer, Principal Researcher, SophosLabs

Information Security Threat Trends

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

Security Threats for Mobile Platforms

Using big data analytics to identify malicious content: a case study on spam s

Security Best Practices for Mobile Devices

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Phishing Scams Security Update Best Practices for General User

IAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner IAIK

How To Understand The Impact Of Malware On A Network

BE SAFE ONLINE: Lesson Plan

MOBILE MALWARE REPORT

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

10 Quick Tips to Mobile Security

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them

Loophole+ with Ethical Hacking and Penetration Testing

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

OS Security. Malware (Part 2) & Intrusion Detection and Prevention. Radboud University Nijmegen, The Netherlands. Winter 2015/2016

Berlin Institute of Technology FG Security in Telecommunications

Certified Secure Computer User

Securing mobile devices in the business environment

Malware & Botnets. Botnets

Protecting your Identity, Computer and Property

FORBIDDEN - Ethical Hacking Workshop Duration

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Mobile Malware and Spyware: Working Through the Bugs. Detective Cindy Murphy

Mobile Device Management

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Protect Yourself in the Cloud Age

Recognizing Spam. IT Computer Technical Support Newsletter

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

Innovations in Network Security

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

6. ecommerce Security and Payment Systems. Alexander Nikov. Teaching Objectives. Video: Online Banking, Is It Secure?

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Chris Boykin VP of Professional Services

Course Content: Session 1. Ethics & Hacking

Malware. Björn Victor 1 Feb [Based on Stallings&Brown]

Enterprise Mobile Threat Report

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

Introduction to Android

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

INTERNET SECURITY THREAT REPORT

Spam in Q Contents. Fake notifications from mobile applications. Darya Gudkova

Cyber liability threats, trends and pointers for the future

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

999GPS.net Tracking Platform Operation Guide

Monitoring mobile communication network, how does it work? How to prevent such thing about that?

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security

EC Council Certified Ethical Hacker V8

Transcription:

2014-APR-17 Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537

2 Agenda Attacks moving to mobile Birthday to mobile malware Mobile malware trend Protect your devices HKCERT Supports Q & A Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537

3 Attacks moving to mobile Image source: http://universalmobileinterface.wordpress.com/

4 Attacks moving to mobile Why?

5 Attacks moving to mobile 1. Mobile devices are connection-enabled 2. Valuable data 3. Valuable resource 4. High penetration 5. Smart OS eco-system

6 Attacks moving to mobile 1. Mobile devices are connection-enabled 3G/LTE Wi-Fi Bluetooth NFC Camera QR Code GSM SMS Image source: http://www.hightech-edge.com/wireless-communications/14037/

7 Attacks moving to mobile 2. Valuable data Phone information IMEI, Phone number, SMS history, etc. Contact list Social engineering, Spam database Geo-location information Spy, Track history Images/Camera Spy, Surrounding environment Documents *.doc; *.pdf Image source: http://blogs.gartner.com/svetlana-sicular/data-scientist-mystified/

8 Attacks moving to mobile 3. Valuable resource High speed CPU Powerful computing Always-On Internet connection Image source: http://www.digitaltrends.com/mobile/mobile-phone-world-population-2014/

9

10 Attacks moving to mobile 4. High penetration Image source: http://www.slideshare.net/wearesocialsg/social-digital-mobile-around-the-world-january-2014

11 Attacks moving to mobile 5. Smart OS eco-system App store market Easy access Simple install Awareness Permission review Security tools PC threats in mobile: email, links, browsers, flash, etc.

12 Birthday to mobile malware Image source: http://www.cultofmac.com/102888/happy-birthday-iphone-eat-your-way-through-four-years-of-iphone-birthday-cakes-gallery/

13 Birthday to mobile malware How old? 10 Years

14 Birthday to mobile malware Image source: https://blog.fortinet.com/10-years-of-mobile-malware/

15 Birthday to mobile malware 2004 2014 Propagation via Bluetooth Propagation mix with MMS Premium SMS Mobile botnet Banking Trojan PC-mobile cross infection Ransomware

16 Mobile malware trend Image source: http://autoblog.johnhughes.com.au/wp-content/uploads/2012/04/mobile-trend.jpg

17 Mobile malware trends Image source: http://www.mcafee.com/au/resources/reports/rp-quarterly-threat-q4-2013.pdf

18 Mobile malware trends Premium SMS Mobile botnet Cross platform infection Ransomware CryptoCurrency Miner

19 Mobile malware trends Premium SMS Image source: https://blog.lookout.com/blog/2012/10/03/avoid-premium-sms-scams/

20 Mobile malware trends Mobile botnet (2009) SMS attacks on iphones (2011) DroidDream compromised Android (2012) Zitmo (Zeus-in-the-mobile) targeted Blackberry and Android Image source: http://www.pcworld.com/article/2048199/botnet-likely-caused-spike-in-number-of-tor-clients.html

21 Mobile malware trends Mobile botnet (2014) idroidbot targets phones running ios 7.1 and earlier as well as Android 2.2 and later Support web administration Support TOR (anonymous) / proxy connection Tap mobile wallets Visa QIWI Wallet WebMoney Keeper Mobile Yandex Image source: http://blogs.mcafee.com/mcafee-labs/idroid-bot-for-sale-taps-into-mobile-wallets

22 Mobile malware trends Mobile botnet Image source: http://www.f-secure.com/static/doc/labs_global/research/threat_report_h2_2013.pdf

23 Mobile malware trends Cross platform infection Android malware infects Windows (2013) Auto-Run attack Windows malware infects Android devices (2014) adb (Android debug bridge) push Image source: http://www.wpcentral.com/asus-still-bets-androidwindows-8-hybrid-introduces-td300-ces-2014

24 Mobile malware trends Ransomware Blackmail: Fake Anti-virus on Android (2013) Fraud: Fake Anti-virus Virus Shield on Android (2014) Image source: http://ictpost.com/2013/11/12/mobile-malware-crosses-one-million-mark-says-trend-micro/

25 Mobile malware trends CryptoCurrency Miner BitCoin / LiteCoin / DogeCoin [2014-Mar] CryptoCurrency mining malware found in Play Store Image source: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/03/dogecoinfigure5.png Image source: http://b-i.forbesimg.com/robertwood/files/2013/05/22.jpg

26 Protect your devices Image source: http://blog.mobpartner.com/2012/10/19/android-mobile-threats/

27 Protect your devices How? What?

28 Protect your devices Things to protect Information Device information Personal information Resource Network resource CPU resource Image source: http://chicagoagentmagazine.com/3-awesome-apps-for-protecting-your-smartphone/

29 Protect your devices used by ad libraries to geo-target ads. for spyware, it provides location data data helps botnets keep track of their bots. Image source: http://www.mcafee.com/hk/resources/reports/rp-mobile-security-consumer-trends.pdf

30 Protect your devices Identify the enemy 1. Phishing 2. Malware 3. Vulnerability Image source: http://www.thetechherald.com/articles/syrian-activists-targeted-by-phishing-campaigns-and-malware/16429/

31 Protect your devices Against Phishing 1. Against Phishing Shorten URL / Long Domain Email / SMS / IM message (e.g. WhatsApp, LINE, WeChat, etc.) Social networking website (e.g. Facebook) Advertisements QR-Code / NFC Wi-Fi / Bluetooth connection AWARE

32 Protect your devices Against Phishing [2014-Apr] Apple ID Phishing Scam Image source: http://www.redmondpie.com/new-apple-id-phishing-scam-looks-plausible-enough-to-fool-anyone/

33 Protect your devices Against Malware 2. Against Malware Don t install untrusted apps Don t download from the 3 rd party markets

34 Protect your devices Against Malware Re-package the legitimate app with additional permissions Image source: http://www.f-secure.com/static/doc/labs_global/research/threat_report_h2_2013.pdf

35 Protect your devices Malware in Play Store ~ 0.1% Install apps only from the official store Against Malware Image source: http://www.f-secure.com/static/doc/labs_global/research/threat_report_h2_2013.pdf

36 Protect your devices Against Malware Disable installation from Unknown sources Image source: http://www.androidguys.com/2014/04/05/install-amazon-app-store-android/

37 Protect your devices Install mobile security tools Against Malware Image source: http://www.av-test.org/en/tests/mobile-devices/android/

38 Protect your devices Against Vulnerability 3. Against Vulnerability Keep your System up-to-date Always update your Apps

39 Protect your devices Against Vulnerability [2013-Jul] Vulnerability in WhatsApp for Android Priyanka worm spreading Image source: http://www.theandroidsoul.com/remove-priyanka-whatsapp-virus/

40 Protect your devices Against Vulnerability [2014-Feb] ios flaw allows malicious apps to record touch screen presses Image source: http://www.fireeye.com/blog/technical/2014/02/background-monitoring-on-non-jailbroken-ios-7-devices-and-a-mitigation.html

41 Protect your devices Conclusion Beware of phishing message Install apps from official store Review permissions before apps installation Keep your System/Apps up-to-date Install mobile security tools Image source: http://www.smallbiztechnology.com/archive/2013/05/12-mobile-security-tips-all-small-businesses-must-be-aware-of.html/

42 HKCERT Supports HK Google Play Store s Apps Security Risk Report (https://www.hkcert.org/play-store-srr) Monthly report, 1st released in Jul-2013 HKCERT + NINIS in China Detect malicious/suspicious behaviors apps in Hong Kong Google Play Store

43 HKCERT Supports Guidelines on Mobile Guideline of Mobile Security BYOD Security Guidelines NFC Security Guidelines

Q&A Thank you Website: www.hkcert.org Hotline: 8105-6060 44

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information