trends in mobile malware and importance of network based user protection



Similar documents
Security MWC Nokia Solutions and Networks. All rights reserved.

Mobile Malware Network View. Kevin McNamee : Alcatel-Lucent

Secure Your Mobile Workplace

Protecting the Infrastructure: Symantec Web Gateway

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Nokia Networks. security you can rely on

Streamlining Web and Security

The Hillstone and Trend Micro Joint Solution

LTE Overview October 6, 2011

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Symantec Advanced Threat Protection: Network

Types of cyber-attacks. And how to prevent them

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

UMTS/GPRS system overview from an IP addressing perspective. David Kessens Jonne Soininen

On and off premises technologies Which is best for you?

Mobile App Reputation

LTE Attach and Default Bearer Setup Messaging

Getting Ahead of Malware

10 Things Every Web Application Firewall Should Provide Share this ebook

4G Mobile Networks At Risk

ENABLING FAST RESPONSES THREAT MONITORING

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

End to End Security do Endpoint ao Datacenter

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Achieve Deeper Network Security

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

RETHINK SECURITY FOR UNKNOWN ATTACKS

Beyond the Hype: Advanced Persistent Threats

G Data Mobile MalwareReport. Half-Year Report July December G Data SecurityLabs

Achieve Deeper Network Security and Application Control

Threat Containment for Facebook

Next Generation IPS and Reputation Services

Nokia E61i Configuring connection settings

How To Understand The Impact Of Malware On A Network

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Cisco RSA Announcement Update

You ll learn about our roadmap across the Symantec and gateway security offerings.

Zscaler Cloud Web Gateway Test

Configuring connection settings

Nokia for Business. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

V1.4. Spambrella Continuity SaaS. August 2

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

Securing the endpoint and your data

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

IT Sicherheit im Web 2.0 Zeitalter

Kaspersky Security Network

Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Networking for Caribbean Development

24/7 Visibility into Advanced Malware on Networks and Endpoints

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems

Fighting Advanced Threats

Security strategies to stay off the Børsen front page

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

Are free Android virus scanners any good?

Trend Micro OfficeScan Best Practice Guide for Malware

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Security A to Z the most important terms

IBM Advanced Threat Protection Solution

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

End-to-End Application Security from the Cloud

How to deal with a thousand nodes: M2M communication over cellular networks. A. Maeder NEC Laboratories Europe andreas.maeder@neclab.

How To Protect Your Mobile From Attack From A Signalling Storm

GFI Product Comparison. GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

White Paper. Copyright 2012, Juniper Networks, Inc. 1

Firewall Testing Methodology W H I T E P A P E R

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Network Optimization based on performance and capacity criteria

Introducing IBM s Advanced Threat Protection Platform

U.S. Cellular Mobile Data Security. User Guide Version 00.01

Innovations in Network Security

How To Create An Insight Analysis For Cyber Security

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Netsweeper Whitepaper

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

Security Testing 4G (LTE) Networks 44con 6th September 2012 Martyn Ruks & Nils

VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Practical Security Testing for LTE Networks BlackHat Abu Dhabi December 2012 Martyn Ruks & Nils

Uncover security risks on your enterprise network

WildFire. Preparing for Modern Network Attacks

Web. Paul Pajares and Max Goncharov. Connection. Edition. ios platform are also at risk, as. numbers via browser-based social.

ThreatSTOP Technology Overview

Symantec Security Information Manager 4.8 Release Notes

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

Transcription:

trends in mobile malware and importance of network based user protection Sicherheitsnetzwerk München: Praxisforum Anwender und Anbieter im Dialog Mobile Sicherheit im Unternehmen Joachim Lüken, Nokia Networks, 04-12-2014 1 Nokia Solutions and Networks 2014 Public

Threat landscape Subscribers are unaware > Not aware of security threats (Trojans, ) > Do not install a mobile AV client Growing security threats > Total mobile malware grew 614% from 03/12 to 03/13 2 2012 2013 Operators are at risk > Increased claims > Increased churn > Brand erosion > Threats to the network Mobile phones are attractive targets > Personal information > Device location > Billing possibilities Telco fraud loss > $46.3 B in 2013 2 > $4.73 B due to Premium Rate Services 2 New opportunities > Security is top concern for new services 3 > Security is pre-condition and enabler for new business 1) Juniper Networks Third Annual Mobile Threats Report 2013, 2) Communication Fraud Control Association estimation, 3) Nokia Acquisition and Retention Study 2013 2 Nokia Solutions and Networks 2014

Trends in mobile malware less families more variants more intelligent customizable configurable 3 Nokia Solutions and Networks 2014 Public

Anti-virus is dead? most modern antivirus programs don t really do that great a job, only blocking around 45 percent of attacks. antivirus software will protect you from all the random unsophisticated New attacks concepts out there: the "background radiation" of the Internet. focus on tracking attacks as they are needed! take place, mitigating them, giving advice and investigating who s doing the attacking. 4 Nokia Solutions and Networks 2014 Public

Best-in-class protection = Network traffic pattern detection + device Anti- Virus Client-based approach > Signature-based detection > Protects only if AV client is installed > Device-dependent limitations > Time gap for new malware detection Nokia approach Network-based approach > Analysis of traffic pattern behavior > Protects all subscribers against fraud > Device-independent > Immediate detection of new malware > New signatures but same behavior detection rate Traffic patterns Signatures time 5 Nokia Solutions and Networks 2014

Mobile Malware detection, mitigation and prevention Levels of Defense External Analysis (offline) Mobile Guard: Orchestration Detection Mitigation Prevention Analysis 3 2 Prevent malicious activity (Fraud, final attack) Prevent intra Malware / Botnet Communication Solutions for specific frauds, e.g. P-SMS sending and MTAN stealing use cases Detect and optionally block Malware and Botnet setup and configuration Learn! Detect new malware and add to covered cases. 1 Prevent attempt to infect UE Filter out Malware Code 6 Nokia Solutions and Networks 2014 Confidential

Network based real-time intelligence Mobile Guard: Real-time monitoring / detection / mitigation Content security: In-line web and e-mail filtering GSM Core SMSC P-SMS Mobile Guard Content Security Radio Packet Core GSM/3G/LTE SGSN Gn Fibre Tap GGSN Gi PDN (Internet, Enterprise) 7 Nokia Solutions and Networks 2014

Network based malware detection Detect: Identify devices and subscribers, visualize event details and related threats and provide statistics. Mobile Guard Security Insight (Dashboard) Action Engine (automated actions) Mitigate: Minimize impact by applying automated actions, e.g.: Inform subscriber Block value added services Monitor: Correlate traffic patterns from telco network with malware patterns from: Malware intelligence database Self-learned patterns Malware intelligence DB Correlation of traffic patterns System intelligence is located here: smart detection of malware behaviour allows to close the gap Radio Core Clean: Device AV client cleans malware on the device GSM/3G/LTE SGSN GGSN SMSC 8 Nokia Solutions and Networks 2014

Detection taking advantage of mobile network data Integration with GTP context data (IMEI, MSISDN, etc.) > Native device-based view > Visibility of internal traffic (also attacks against infrastructure) Blacklists > IP addresses, domains, URLs, packet payload signatures of CnC server,s, dropzones, etc. > SMS numbers and content signatures Extended detection intelligence > Failed DNS queries reveal Bots and Botnet structure using domain generation algorithms (DGA) > Suspicious DNS results using round robin DNS, potentially with short TTL > Characteristic communication patterns (e.g. ratio of numerical characters in the DNS names, ) Mobile network context data > Geo location correlation > Device type and uage expectation Advanced Correlation > Cross-interface correlation (e.g. Gn vs. SMS) 9 Nokia Solutions and Networks 2014 Confidential

Nokia Security Center Berlin Own and partner products solutions testing Offering of deep insights in 3G/4G/LTE threat scenarios Platform for exchange à On-site testing of miscellaneous scenarios. à Interoperability testing à Integration testing à NSC offers insights in latest threat scenarios and is furnished with real equipment which provides chances for hands-on enabling to eliminate security issues. à NSC serves as a platform for open exchange between several stakeholders about security solutions that protect mobile networks infrastructure, services and end-users. 11 Nokia Solutions and Networks 2014

Security you can rely on Security in networks Security in cloud Security for end user Security in future Radio access transport security Secured cloud architecture Malware monitoring and detection Backdoor detection Core network security Professional security services Web content filtering Security trends and vision Network operation security Air interface security 12 Nokia Solutions and Networks 2014

Sensors GTP sensor MS Other PLMN UTRAN SGSN > Gn and Gp reference points are supported with GTP-C and GTP-U v1 protocols > For LTE S5 and S8 reference points are required with GTP-C v2, or, in case of a combined S/ PDN GW S1-U and S11 instead of S5 MS MS MS S1-MME MME S11 E-UTRAN S1-U enb S12 UTRAN NB RNS IuPS GERAN BTS BSC Gb S-GW SGSN SGSN S4 Gn IuPS S5 (Note) Gn PDN GW Gn GGSN S8 Gp Note: In case of a combined S/PDN GW (where S5 is internal) S1- U and S11 will be monitored instead of S5. SGi Gi PDN TE Other PLMN MS UTRAN IuPS SGSN 13 Nokia Solutions and Networks 2014 Confidential

Malware classification according to MNO s needs Nokia s Threat Classification Schema high Premium SMS Fraud DDoS Premium Phone Call Fraud IP Reputation App Purchase Fraud mtan Stealing Phone Calls Spy SMS Spy Private Data Theft Media Theft Severity level medium SMS Spam SMS Fraud E-mail Spam Phone Call Fraud Wangiri Signaling Flood Device Data Theft Browser History Collection Location Tracking Unwanted App Install and De-installation Browser Bookmark Collection and Modification Scam/Hoax App Purchase Fake Application Settings Modification low No threats here No threats here Links to insecure App Stores Aggressive Advertisement MNO Services 14 Nokia Solutions and Networks 2014 Confidential MNO Infrastructure Assets Device Home Screen Modification Subscriber Privacy and Security

P-SMS trojans Severity: High Trojan:Android/OpFake.M: - Fake Opera Mini browser secretly sends SMSes to premium numbers. Trojan:Android/Fakeinst variants: - Steal private data on phones, send SMSes to premium numbers Trojan:Android/Mseg.A: - Steal private data on phones, secretly send SMSes to premium numbers Android Vidro / EClips - Fake video player application secretly sends SMSes to premium numbers Trojan:Android/SmsSend.AC: - Sends SMSes to premium numbers. 15 Nokia Solutions and Networks 2014 Confidential

Trojans stealing device data Severity: High Trojan:Android/Fakeinst variants: Appears as a downloader application, but secretly steals contact information from the infected phones Trojan:Android/Mseg.A: Secretly sends contact list and other private information from the infected phones to a remote server Trojan:Android/GinMaster variants: Secretly steals device specific data and submits them to a remote server Trojan:Android/FakeBattScar variants: Trojan:Android/QdPlugin.A, Temai.B Secretly steals device specific data and submits them to a remote server Trojan:Android/Vdloader.A Secretly steals device specific data and submits them to a remote server Trojan:Android/GoldDream.C Secretly steals device specific data and submits them to a remote server Hoax battery life optimiser program secretly tracks and submits phone location data 16 Nokia Solutions and Networks 2014 Confidential

Copyright and confidentiality The contents of this document are proprietary and confidential property of Nokia Solutions and Networks. This document is provided subject to confidentiality obligations of the applicable agreement(s). This document is intended for use of Nokia Solutions and Networks customers and collaborators only for the purpose for which this document is submitted by Nokia Solution and Networks. No part of this document may be reproduced or made available to the public or to any third party in any form or means without the prior written permission of Nokia Solutions and Networks. This document is to be used by properly trained professional personnel. Any use of the contents in this document is limited strictly to the use(s) specifically created in the applicable agreement(s) under which the document is submitted. The user of this document may voluntarily provide suggestions, comments or other feedback to Nokia Solutions and Networks in respect of the contents of this document ("Feedback"). Such Feedback may be used in Nokia Solutions and Networks products and related specifications or other documentation. Accordingly, if the user of this document gives Nokia Solutions and Networks Feedback on the contents of this document, Nokia Solutions and Networks may freely use, disclose, reproduce, license, distribute and otherwise commercialize the feedback in any Nokia Solutions and Networks product, technology, service, specification or other documentation. Nokia Solutions and Networks operates a policy of ongoing development. Nokia Solutions and Networks reserves the right to make changes and improvements to any of the products and/or services described in this document or withdraw this document at any time without prior notice. The contents of this document are provided "as is". Except as required by applicable law, no warranties of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose, are made in relation to the accuracy, reliability or contents of this document. NOKIA SOLUTIONS AND NETWORKS SHALL NOT BE RESPONSIBLE IN ANY EVENT FOR ERRORS IN THIS DOCUMENT or for any loss of data or income or any special, incidental, consequential, indirect or direct damages howsoever caused, that might arise from the use of this document or any contents of this document. This document and the product(s) it describes are protected by copyright according to the applicable laws. Nokia is a registered trademark of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of their respective owners. Nokia Solutions and Networks 2014 17 Nokia Solutions and Networks 2014 Public

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information