How Attackers are Targeting Your Mobile Devices. Wade Williamson

Similar documents
Palo Alto Networks. October 6

Agenda , Palo Alto Networks. Confidential and Proprietary.

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Breaking the Cyber Attack Lifecycle

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Next Generation Enterprise Network Security Platform

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

WildFire. Preparing for Modern Network Attacks

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

Analyzing HTTP/HTTPS Traffic Logs

The Benefits of SSL Content Inspection ABSTRACT

Concierge SIEM Reporting Overview

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

FROM PRODUCT TO PLATFORM

Trend Micro Incorporated Research Paper Adding Android and Mac OS X Malware to the APT Toolbox

McAfee Network Security Platform

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

APPLICATION PROGRAMMING INTERFACE

Stallion SIA Seminar PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager

How To Monitor Network Activity On Palo Alto Network On Pnetorama On A Pcosa.Com (For Free)

WHITE PAPER. Understanding How File Size Affects Malware Detection

Monitor Network Activity

THREAT INTELLIGENCE CLOUD

4 Steps to Effective Mobile Application Security

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Comprehensive Advanced Threat Defense

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Securing the Virtualized Data Center With Next-Generation Firewalls

User Documentation Web Traffic Security. University of Stavanger

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Palo Alto Networks Next-Generation Firewall Overview

Doris Yang Vectra Networks, Inc. June 16, 2015 The World Ahead

Cisco RSA Announcement Update

Mobile App Reputation

Security Intelligence Services.

Content-ID. Content-ID URLS THREATS DATA

Securing Corporate on Personal Mobile Devices

Palo Alto Networks Next-generation Firewall Overview

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

Monitor Network Activity

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Check Point: Sandblast Zero-Day protection

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Cisco Advanced Malware Protection

Information Security for the Rest of Us

Billion Dollar Botnets:

聚 碩 科 技 主 題 : 如 何 幫 企 業 行 動 商 務 建 立 安 全 機 制 職 稱 : 技 術 顧 問

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Unified Security, ATP and more

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

WildFire Cloud File Analysis

Deep Discovery. Technical details

Automated Protection on UCS with Trend Micro Deep Security

Cloud Services Prevent Zero-day and Targeted Attacks

Data Center security trends

FIREWALL OVERVIEW. Palo Alto Networks Next-Generation Firewall

Enterprise Security Platform for Government

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

Secure Your Mobile Workplace

How Palo Alto Networks Can Help With ASD's Top Cyber Intrusion Mitigation Strategies

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Advanced Security and Risk Management for Cloud and Premise environments

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

Protecting the Infrastructure: Symantec Web Gateway

Websense Web Security Solutions

Protecting Your Organisation from Targeted Cyber Intrusion

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Cisco Advanced Malware Protection for Endpoints

Moving Beyond Proxies

CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati. Patrick Gada 18 March 2015 Senior Sales Engineer

Perspectives on Cybersecurity in Healthcare June 2015

Network Security Solution. Arktos Lam

Networking for Caribbean Development

TRENDS IN THE THREAT LANDSCAPE

The Hillstone and Trend Micro Joint Solution

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

SANS Top 20 Critical Controls for Effective Cyber Defense

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

IBM Security re-defines enterprise endpoint protection against advanced malware

Next-Generation Firewall Overview

Inspection of Encrypted HTTPS Traffic

Carbon Black and Palo Alto Networks

Fighting Advanced Threats

Advanced Persistent Threats

Threat Containment for Facebook

Protecting Android Mobile Devices from Known Threats

Transcription:

How Attackers are Targeting Your Mobile Devices Wade Williamson

Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best practices 2 2012, Palo Alto Networks. Confidential and Proprietary.

Mobile Buzz, Hype, and Risk 3 2012, Palo Alto Networks. Confidential and Proprietary.

Mobility is being adopted faster than any other technology Smart phone and tablet adoption is outpacing virtually every technology that came before it. 4 2012, Palo Alto Networks. Confidential and Proprietary.

Time to maturity Smart phone and tablet adoption is outpacing virtually every technology that came before it. 5 2012, Palo Alto Networks. Confidential and Proprietary.

Android has begun to dominate 6 2012, Palo Alto Networks. Confidential and Proprietary. Magic Software State of BYOD 2013

Android has begun to dominate part 2 Magic Software State of BYOD 2013 7 2012, Palo Alto Networks. Confidential and Proprietary.

Android has begun to dominate part 3 79% of mobile malware targets Android - US Department of Homeland Security Magic Software State of BYOD 2013 8 2012, Palo Alto Networks. Confidential and Proprietary.

Add it all up: Huge growth in the enterprise attack surface Massive new adoption of mobile computers A very large and unguarded attack surface for the bad-guys High level of functionality, comparable to PCs Largely undefended compared to PCs + + = 9 2012, Palo Alto Networks. Confidential and Proprietary.

Anatomy of a Network Compromise SMTP Brute-force Exploitation Command injection Phishing email (corporate email with link to malicious site) Corporate Email Server Application servers Hypervisor Virtual server host HTTP Exploitation, tool drops, credential and data theft Exploitation, tool drops, credential and data theft SSL Phishing email (web-based email with malicious attachment) Initially targeted client Domain Controller Network ownership complete Legitimate credentials used Compromise of mobile devices Exploit delivery Command-and-control Remote access tool download Command-and-control Data exfiltration Workstations harvested for IP and used as mules Mobile Devices 10 2012, Palo Alto Networks. Confidential and Proprietary.

Anatomy of a Network Compromise SMTP Brute-force Exploitation Command injection Phishing email (corporate email with link to malicious site) Corporate Email Server Application servers Hypervisor Virtual server host HTTP Exploitation, tool drops, credential and data theft Exploitation, tool drops, credential and data theft SSL Phishing email (web-based email with malicious attachment) Initially targeted client Domain Controller Network ownership complete Legitimate credentials used Compromise of mobile devices Exploit delivery Command-and-control Remote access tool download Command-and-control Data exfiltration Workstations harvested for IP and used as mules Mobile Devices 11 2012, Palo Alto Networks. Confidential and Proprietary.

Palo Alto Networks Platform for Advanced Threats Fully inspect all traffic Full Network Visibility Equal full-stack inspection of all traffic across all ports Decrypt SSL All hosts mobile and virtualized Control the attack surface Block whenever possible Take action on the unknowns Empower the security team Shared Context Application User File type URL Signature Technologies Exploit Malware C2 DNS Hacking & Reconnaissance Test and Manage Unknowns Unknown Malware Unknown Traffic Unknown URLs Investigation and Response Share IOCs PCAPs End-point integration SIEM integration Correlated anomalies automated feedback 12 2012, Palo Alto Networks. Confidential and Proprietary.

Palo Alto Networks Platform for Mobile Threats GlobalProtect (ios and Android) Full Network Visibility Equal full-stack inspection of all traffic across all ports Decrypt SSL All hosts mobile and virtualized App-IDs for mobile apps APK malware AV Signatures WildFire analysis of APKs Shared Context Application User File type URL Signature Technologies Exploit Malware C2 DNS Hacking & Reconnaissance Test and Manage Unknowns Unknown Malware Unknown Traffic Unknown URLs automated feedback Investigation and Response Share IOCs PCAPs End-point integration SIEM integration Correlated anomalies 13 2012, Palo Alto Networks. Confidential and Proprietary.

Zero-day discovery with WildFire 10Gbps advanced threat visibility and prevention on all traffic, all ports (web, email, SMB, etc.) Global intelligence and protection delivered to all users Anti-malware signatures DNS intelligence Malware URL database Anti-C2 signatures Malware run in the cloud with open internet access to discover C2 protocols, domains, URLs and staged malware downloads Malware, DNS, URL, and C2 signatures automatically created based on WildFire intelligence and delivered to customers globally Command-and-control Staged malware downloads Host ID and data exfil WildFire TM Soak sites, sinkholes, 3 rd party sources Stream-based malware engine performs true inline enforcement WildFire Appliance (optional) On-premises WildFire appliance available for additional data privacy WildFire Users 14 2012, Palo Alto Networks. Confidential and Proprietary.

New Delivery Vectors for Malware WildFire detected previously unknown malware being delivered by mobile ad networks. These mobile ad networks present a novel security challenge. App developers need to use them in order to make money. They often require the developer to embed software from the ad network within the application. Mobile ad networks are uniquely engrained in mobile apps If the ad network is malicious, an unsuspecting benign application can pull malicious content. 15 2012, Palo Alto Networks. Confidential and Proprietary.

16 2012, Palo Alto Networks. Confidential and Proprietary.

How a valid app from a valid store can deliver malware App Store 1 Malware Malicious ad network App SDK 2

Analysis of Parasites Malware Malicious code repackaged within a benign host application. Able to be called dynamically and independent of the host app Triggered to execute based on local events on the device A user unlocks the device Device connects to WiFi network New app is installed Able to add new malware into any app on the host So many choices 18 2012, Palo Alto Networks. Confidential and Proprietary.

Analysis of Parasites Malware Building a botnet out many different infected applications The malware can infect any app on the host, providing many places to hide Uses SMS to build a command and control channel Sends SMS to attacker controlled numbers Intercepts incoming SMS messages Uses both the device ID and infected app to identify hosts a build a botnet. Device: #1 App B Device: #2 App C Device: #3 App D 19 2012, Palo Alto Networks. Confidential and Proprietary.

Leveraging SMS for Instant Profit Malicious Ad Network Fake premium service Takes advantage of the compromised device to sign up for premium services. 1. Device is infected 2. SMS is used to sign up for a pay web service that likely does nothing at all. 3. Service is verified by capturing incoming SMS confirmation messages 4. The victim is completely unaware until his monthly bill arrives. Malware infection Sign me up! Are you sure? Yes! 20 2012, Palo Alto Networks. Confidential and Proprietary.

Anatomy of a Network Compromise SMTP Brute-force Exploitation Command injection Phishing email (corporate email with link to malicious site) Corporate Email Server Application servers Hypervisor Virtual server host HTTP Exploitation, tool drops, credential and data theft Exploitation, tool drops, credential and data theft SSL Phishing email (web-based email with malicious attachment) Initially targeted client Domain Controller Network ownership complete Legitimate credentials used Compromise of mobile devices Exploit delivery Command-and-control Remote access tool download Command-and-control Data exfiltration Workstations harvested for IP and used as mules Mobile Devices 21 2012, Palo Alto Networks. Confidential and Proprietary.

Palo Alto Networks Platform for Mobile Threats GlobalProtect (ios and Android) Full Network Visibility Equal full-stack inspection of all traffic across all ports Decrypt SSL All hosts mobile and virtualized App-IDs for mobile apps APK malware AV Signatures WildFire analysis of APKs Shared Context Application User File type URL Signature Technologies Exploit Malware C2 DNS Hacking & Reconnaissance Test and Manage Unknowns Unknown Malware Unknown Traffic Unknown URLs automated feedback Investigation and Response Share IOCs PCAPs End-point integration SIEM integration Correlated anomalies 22 2012, Palo Alto Networks. Confidential and Proprietary.

Questions

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information