The Mobile Malware Problem



Similar documents
Attacks from the Inside

Cybercrime & solutions for Home users and Small Businesses

Protecting against Mobile Attacks

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

Secure Your Mobile Workplace

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

Mobile Security Framework; Advances in Mobile Governance in Korea. TaeKyung Kim

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security

Sophos Mobile Security Threat Report. Launched at Mobile World Congress, By Vanja Svajcer, Principal Researcher, SophosLabs

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Defending Behind The Device Mobile Application Risks

Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices

Tutorial on Smartphone Security

... Lecture 11. Market Overview of Mobile Operating Systems and Security Aspects. Mobile Business I (WS 2014/15) Prof. Dr.

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them

Guideline on Safe BYOD Management

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Securing mobile devices in the business environment

Current counter-measures and responses by CERTs

OS Security. Malware (Part 2) & Intrusion Detection and Prevention. Radboud University Nijmegen, The Netherlands. Winter 2015/2016

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN:

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

Control Issues and Mobile Devices

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

McAfee Enterprise Mobility

ASEC REPORT VOL AhnLab Monthly Security Report. Malicious Code Trend Security Trend Web Security Trend

Kaspersky Security 10 for Mobile Implementation Guide

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

WHITE PAPER. Understanding How File Size Affects Malware Detection

Using big data analytics to identify malicious content: a case study on spam s

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee

Emerging Security Technological Threats

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Perception and knowledge of IT threats: the consumer s point of view

Introduction (Contd )

Study Group on Information Security Issues of Smartphone and Cloud Computing Final Report - Measures to be Taken for the Safe Use of Smartphones -

MOBILE MALWARE REPORT

Information Security Threat Trends

Security A to Z the most important terms

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

Automated Protection on UCS with Trend Micro Deep Security

Cloud Services Prevent Zero-day and Targeted Attacks

Security Threats for Mobile Platforms

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

WHITE PAPER > THE RISKS & REWARDS OF MOBILE BANKING APPS. The Risks & Rewards of Mobile Banking Apps

Report on Consumer Behaviors and Perceptions of Mobile Security. Presented by NQ Mobile & NCSA January 25, 2012

2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE

Network Security and the Small Business

Deep Security Vulnerability Protection Summary

Kaspersky Security for Mobile

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Dr. David Turahi Director for IT&IMS - MOICT Uganda

INTERNET SECURITY THREAT REPORT

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

EC Council Certified Ethical Hacker V8

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Security Best Practices for Mobile Devices

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

CEH Version8 Course Outline

A Review of Different Comparative Studies on Mobile Operating System

G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Transcription:

The Mobile Malware Problem Eddy Willems Security Evangelist G Data Security Labs Director Security Industry Relationships - EICAR eddy.willems@gdata.de

Introduction Security Evangelist at G Data: Privately owned - Established 1985 in Germany (Bochum) First Atari AV software Security solutions for end users and companies Personally Involved in the industry since 1989 Worked as Senior Consultant/Anti-Virus Expert for several CERT-organisations and commercial enterprises like Kaspersky Lab, Westcon(Noxs), etc Co-founder of EICAR Press officeratamtso

Some History: The olddays!

Some years ago Virus Spam Worm Trojan

Current threats...

The Number Game About 70.000 new threats per day => +70.000.000 Threats/Malware Under the Radar = Money is involved

Today s Networks Lack Boundaries Internal/External network Individual Users connect from multiple locations Managed/Unmanaged devices Individual devices operate both inside the network, and on public networks New Devices on the Network eg. Netbooks, Mobile devices, etc Internet Question: Who has an Android phone? iphone? Symbian? BlackBerry? Other? Network Telecommuters Contractors Mobile Users Wireless Users

Mobile threats... Going back to the roots The first incidents: Liberty Horse Trojan Sept 2000 Telefonica SMS Mailer Dec 2000 911 DoS SMS Mailer in Japan April 2001 Flooder sending not wanted SMS Aug 2001 Phage destroys files on Palm Sept 2001 Vapor Trojan Horse hides applications Oct 2001 GPRS hack into 2.5G US network devices Nov 2002 Nokia 6210 V-card Exploit Feb 25, 2003 Siemens %String Exploit March 2, 2003 AT&T SMS Trojan May 5, 2003 First Symbian based Trojan Sept 2003

Cabir Phone worm (2003) Only works on Series 60 mobile devices, Eg. Nokia 3650, 6600, N-Gage. Siemens, Samsung, Sendo en Panasonic UsesBluetooth too spread each 15-20 seconds You must accept the transmission You must accept the installation Long term: battery drain

Some known malware (2006) Total: 27 families (f), 170 modificaties(m) Symbian: Flexispy, Comwarrior, Windows Mobile: Brador and Duts Java 2 Micro Edition: RedBrowser => Not many mobile malware

Spyware the other wave eg. Flexispy

Huike 3D anti-terrorist Story

70% 60% Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected) 50% 40% 30% 20% Symbian iphone Blackberry Win Mobile Android 10% 0% 2007 2008 2009 2010 2011e 2012e Source: Gartner

Fakeplayer Beginning of 2010 SMS Trojan Pornplayer SMS are send 3x (mostly) 8+ variants Different names/icon Different premium numbers http://skamv.wordpress.com/2010/11/02/kiss/

Geimini Attackin China Android trojan Infected hundreds of thousands of chinese Android smartphones Sended mobile data to servers Remote controlled as a botnet for calls and text messages

DroidDream Steals information Drops more malware Download code from the internet Misuses 2 vulnerabilities in the Android OS ( patched already) Download updates Apps released under the names Kingmall2010, we20090202 and Myournet with DroidDreamattached > Removed from the official Android Market, More than 50 Apps affected

DroidDream Google s removal tool Which is the real tool?

ZITMO Zeus In The Mobile Steals mtans Target = Spanish (online) banks Replication via PC by Zeus botnet

The Update Problem

Mobile Malware Situation... End of the year... > 800% increase = Android Malware

The Real Problem with Android The higher the marketsharethe more interesting it becomes for the cybercriminal > money How easier the distribution of the malware the more interesting it becomes for the cybercriminal > via several channels, not only via official online Apps Markets/Shops Uncontrolled=better/attractive. Android=Windows? The Permission problem Use of exploits are easy because updates of Android are not always easy to install More possibilities in the future: more entrance/backdoor possibilities to spread other malware into businesses and corporates

THE FUTURE Exponential rise of Malicious Apps => Mobile Malware Mobile malware targetting Social Media / Mobile Payments(NFC) / Banking Targetted attacks via Mobile Malware Under the radar of the public...

Another Secure Solution :-) Thank you! Questions? Twitter: @EddyWillems

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information