Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Project Team: Sukhada Kulkarni Anoop Vintha Yashwanth Takena Shajay Jayaprakasan 1.

Similar presentations


Presentation on theme: "Cyber Security Project Team: Sukhada Kulkarni Anoop Vintha Yashwanth Takena Shajay Jayaprakasan 1."— Presentation transcript:

1 Cyber Security Project Team: Sukhada Kulkarni Anoop Vintha Yashwanth Takena Shajay Jayaprakasan 1

2 Research Topics  Smartphone Malware  Cross-site scripting  CloudFlare  Social Engineering 2

3 Smartphone Malware  85% of the world population uses smartphone  Android OS to suffer more cybercriminal attacks  Increased by 63% between  Malicious Google Apps in Google play quadrupled between Source: 3

4 Different ways to hack  Apps Downloadable from Google Play  Constructing Malware Apps as Legitimate as possible  More Chargeware type of Apps which employs deceptive charging practices to siphon payments  Targeting most addictive and popular Android games like FlappyBird  Inserted Malware in game sends mobile related information like IMEI number or mobile OS version number to hackers Source:http://blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular-android-app-providers/ 4

5 Different ways to hack  Mobile Botnets  Gain control of the victim’s handset, collects contact lists, phone numbers, message details, geo-location data from the compromised device.  MDK Trojan, which uses Advanced Encryption Standard (AES) algorithms to encrypt data and remain in stealthy mode and thus closing the way for security researchers to conduct malware analysis.  MisoSMS, mobile botnet known to steal SMS messages from the infected phone. 5

6 Different ways to hack  Mobile Banking Trojans  Majority of mobile malware targeted user’s money and bankcards  Zeus in the Mobile (ZITMO), designed to run on Android operating system which steal the Mobile Transaction Authorization Numbers (mTANs) without mobile users noticing  Malware in QR code scanners  MQR Codes are growing in popularity and seem to be popping up everywhere.  Hackers are using them to disguise the ultimate address stored in the QR code which may lead to maliciously install malware on devices, or direct them to questionable websites. 6

7 Android: SHODAN Findings  Used Python program and the API to extract android related data  Performed penetration testing to check for Android devices which are vulnerable SEARCH CRITERIARESULTS Mobile Phones found on Shodan United States7290 Android os8940 Android (200)5600 Android authenticate (401)1595 Android last modified www-authenticate (403)76 7

8 Android: HackerWeb Analytics Android Related Posts Author Rankings RankAuthorNameForum Reputation score Number Of Posts 1 virus_cvctool859 2 karlosvctool516 3 Tech-Botvctool013 4NiTrOwowhackhound The Systemelitehack59 6Hesshackhound3208 7Rein0elitehack95 8delphifocushackhound425 9LeFFhackhound DrunKnHack0rvctool04 8

9 Cross Site Scripting  Cross-site scripting was revealed as the most common weakness making up to 55% of vulnerabilities in  Cross-site scripting is increasingly common in the cloud computing world, up more than 160% in the fourth quarter of  Cross-site scripting has become the most common security vulnerability with 68% of websites as likely open to XSS attacks. 9

10 Findings from Shodan  The following logic is used to decide if the site is secured or not: X-XSS-Protection: 1; mode=block  Site is secured X-XSS-Protection: 0  Site is not secured  Using Sodan search, we found sites which are not secured by finding the string “ X-XSS-Protection: 0 across the various sites. The distribution of the unsecured sites was plotted using the data collected. 10

11 Findings from HackerWeb  The theme breakdown shows common motives behind the exploited cross site scripting. 11

12 CloudFlare Security  CloudFlare provides performance and security for any website. Hundreds of thousands of websites use CloudFlare  CloudFlare is neither hardware nor software. It works at the DNS level  CloudFlare learns from data, it tracks traffic and any sudden change/increase is investigated to asses whether it is legitimate or an attack. 12

13 CloudFlare IP Resolvers  From Hacker Web posts we found some of the ways to hack cloudflare and get the website real IP address. A quick way to get the real IP off of any forum which uses CloudFlare DDoS protection  Go to and copy the 3rd link in the boxes  Go to any forum where you can change your avatar. /usercp.php?action=avatarStep  Paste the image url retrieved from IPLogger earlier and click on change avatar.  Get back to IPLogger and click "View Log." button. This forwards to a statistics page where real IP address can be found. 13

14 CloudFlare Hacker’s Solution The following steps can ensure proper protection and does not allow any malware into the cloudflare community  Go to CloudFlare.com, login to your account and add your domain to account.  It scans all your DNS Records and let you update name servers to cloudflare’s  Update your name servers and wait for cloudflare to activate. Wait for CloudFlare to activate your domain (You will get an when it is done).  Go Login to your cloudflare account  Click the gear beside your domain name and click DNS settings  Delete all the records except these two and click on I'm done 14

15 CloudFlare: HackerWeb Analytics CloudFlare Related Posts Author Rankings RankAuthorNameForum Reputation Score Number of Posts 1NiTrOwowhackhound virus_cvctool84 3Hesshackhound3203 4Ravagehackhound5343 5Neelixhackhound l1v3r Q33nelitehack42 7Nighthawkanon01 8 tezhostvctool01 9 lucienxvctool01 10EviL.rOminaelitehack181 15

16 Sentiment Analysis: Threats  Analysis of hackerweb forums reveal IP resolver and DDoS attacks are mostly talked about  Text analysis is done to find what kind of attacks is Cloudflare mostly prune to  HackerWeb forums analyzed: Vctool, Anon, elitehack, hackhoud, icode 16

17 Social Engineering  Popular tool for cybercriminals to get hands on confidential information  The attack vector is a combination of psychological and technical ploys  Social engineering attacks are on the rise, 48 percent of large companies have been targeted past 2 years  The volume and sophistication of the mobile threats are also increasing. The mobile world makes it much easier for hackers to monetize attacks. 17

18 Sentiment Analysis: targets  Analysis of hackerweb forums reveal financial services such as bank accounts are the primary targets  Retail outlets payment services and accounts follow closely in the list  HackerWeb forums analyzed: Vctool, Anon, elitehack, hackhoud, icode 18

19 Sentiment Analysis: Medium  Software and Internet are the primary channel of attacks  Phone and SMS Phishing has also surged in the past few years.  The common targets of social engineering are students, corporate executives, countries and religious groups. 19

20 References    play-store play-store   https://www.cloudflare.com/ https://www.cloudflare.com/  network/ network/   https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer- SHODAN.pdf https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer- SHODAN.pdf  https://www.virusbtn.com/index https://www.virusbtn.com/index 20


Download ppt "Cyber Security Project Team: Sukhada Kulkarni Anoop Vintha Yashwanth Takena Shajay Jayaprakasan 1."

Similar presentations


Ads by Google