1 / 41

Latest Threats Against Mobile Devices

Latest Threats Against Mobile Devices. Dave Jevans Founder, Chairman and CTO. CyberCrime : Threats Against Mobile Devices. “User-owned computers and smart phones are more than twice as likely to be infected with malware”. October 2012. Advanced Persistent Threats.

alia
Download Presentation

Latest Threats Against Mobile Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO

  2. CyberCrime: Threats Against Mobile Devices “User-owned computers and smart phones are more than twice as likely to be infected with malware” October 2012

  3. Advanced Persistent Threats • APTs typically involve compromises of users’ devices or credentials • 45% of enterprises see increase in spear phishing attacks targeting employees

  4. 9 Critical Threats Against Mobile Workers Malware, Trojans, Zero-day Attacks Key loggers Compromised Wi-Fi Hotpots Poisoned DNS Malicious & Privacy Leaking Apps Jail broken & Rooted Devices Un-patched OS Versions Spear Phishing Advanced Persistent Threats

  5. Bring Your Own Device =New Threats • Multiple users per device, with many apps and websites visited • Users connect to 10+ networks a month • Attacks against end-users give access to corporate networks, data, and cloud services • Cyber-criminals know this

  6. Phishing Continues To Explode • Phishing and Spear-Phishing is At Record Levels

  7. Spear-Phishing • Spear-phishing is the #1 way that APTs are instigated • Use DNS blacklisting to prevent access to phishing sites

  8. Email Service ProvidersAre An Important Attack Vector

  9. RSA Security breached • Targeted spear phishing infected several employees’ computers • Seeds and serial numbers for tens of millions of SecureIDtokens stolen • Key customers attacked after this

  10. Android Fragmentation

  11. Exponential Growth in Mobile Malware Source: Kaspersky Labs, March 2013

  12. Sites infected with bad iFrame • Checks User-Agent • Update.apk sent to browser • Installed if device allows apps from unknown sources • com.Security.Update

  13. Hacked Apps Posted to Markets

  14. Example: Fake Instagram

  15. Example: Fake Authentication Apps

  16. Example: Battery Monitor Trojan

  17. Compromised WiFi Hotpots • WiFi hotspots can intercept and redirect traffic • Evil-Twin attacks, DNS attacks, network snooping, session hijacking & sidejacking • You need a VPN service for all users, on every WiFi

  18. Sidejacking on Public WiFi

  19. Poisoned DNS • DNS poisoning takes remote employees to criminal sites • Can be poisoned upstream at the ISP, not just at the WiFi hotspot • Apps are particularly vulnerable due to poor implementations of certificate validation

  20. DNS attacks recently reported

  21. Privacy Leaking Apps • Legitimate apps may upload your corporate directory to a service in the cloud • That service may be hacked or resold, exposing all of your employees to spear-phishing attacks • You should deploy a cloud service to scan and analyze apps for malicious behavior and privacy violations

  22. Jail-broken & Rooted Devices • You should prevent access from jail-broken iPhones and rooted Android devices • Jail-broken/rooted devices have almost zero security protections

  23. Unpatched OS Versions • Unpatched OS and plug-ins are the main attack vector of criminals against your users

  24. Live Example • This example is a live example of taking over the iTunes app on an iPad • Click twice and enter your device password. You’re owned.

  25. Phishingor Spear-Phishing Lure

  26. iOS Allows Unsigned and Unverified Profiles

  27. Click “Install Now”

  28. Enter Your Device Password(if you have set one)

  29. iTunes App Removed, Fake iTunes Installed

  30. Use Fake iTunes To Steal Passwords, etc

  31. Things That A Profile Can Change • Safari security settings can be disabled • Javascript settings • Local app settings • Allow untrusted TLS connections • Device settings • Install X.509 certificates

  32. Even Worse: Hostile MDM Profile • Expands the scope of malicious capabilities to include • App replacement and installation • OS replacement • Delete data • Route all traffic to Man-In-The-Middle sites

  33. Architecture Network Feeds App Feeds Marble Threat Lab Marble App Analysis Marble Access Marble Control Instrumented Marble Access Networks WiFis DNS reports App reports Device fingerprints Marble App Reputation Database Marble Threat Reports Marble Threat Database

  34. App Analysis Architecture Rate by newness, behaviour, publisher, spread rates 3rd Party Feeds Download from various app stores & sideloading sites Use Android Grinder and other tools for analysis Marble App Reputation DB Incident Response & Analysts Team

  35. Marble’s Dynamic App Security Architecture Google Play Apple App Store Other App Stores Marble Control Service Alerts & Reports Marble Access Mobile Device Client Rules User Interface Analytics Engine App Crawler Controller/Scheduler Database Database Risk Engine Correlation Engine App Queue Marble Security Lab Customer’s Security Admin Jammer Scanner Analyzer Dynamic App Analysis Engine DNS lookups, network threat correlation engine Real-time user interface simulation Network Information Marble Security Analysts Network Threat Database Stored Apps Data Feeds

More Related