Presentation is loading. Please wait.

Presentation is loading. Please wait.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Similar presentations

Presentation on theme: "Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO."— Presentation transcript:

1 Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO

2 2 CyberCrime: Threats Against Mobile Devices October 2012 “User-owned computers and smart phones are more than twice as likely to be infected with malware”

3 3 Advanced Persistent Threats APTs typically involve compromises of users’ devices or credentials 45% of enterprises see increase in spear phishing attacks targeting employees

4 4 9 Critical Threats Against Mobile Workers 1.Malware, Trojans, Zero-day Attacks 2.Key loggers 3.Compromised Wi-Fi Hotpots 4.Poisoned DNS 5.Malicious & Privacy Leaking Apps 6.Jail broken & Rooted Devices 7.Un-patched OS Versions 8.Spear Phishing 9.Advanced Persistent Threats

5 5 Bring Your Own Device = New Threats Multiple users per device, with many apps and websites visited Users connect to 10+ networks a month Attacks against end-users give access to corporate networks, data, and cloud services Cyber-criminals know this


7 7 Phishing Continues To Explode Phishing and Spear-Phishing is At Record Levels

8 8 Spear-Phishing Spear-phishing is the #1 way that APTs are instigated Use DNS blacklisting to prevent access to phishing sites

9 9

10 10

11 11 Email Service Providers Are An Important Attack Vector

12 12 RSA Security breached Targeted spear phishing infected several employees’ computers Seeds and serial numbers for tens of millions of SecureID tokens stolen Key customers attacked after this

13 13

14 14

15 15 Android Fragmentation

16 16 Exponential Growth in Mobile Malware Source: Kaspersky Labs, March 2013

17 17 Sites infected with bad iFrame Checks User-Agent Update.apk sent to browser Installed if device allows apps from unknown sources com.Security.Update

18 18 Hacked Apps Posted to Markets

19 19 Example: Fake Instagram

20 20 Example: Fake Authentication Apps

21 21 Example: Battery Monitor Trojan

22 22 Compromised WiFi Hotpots WiFi hotspots can intercept and redirect traffic Evil-Twin attacks, DNS attacks, network snooping, session hijacking & sidejacking You need a VPN service for all users, on every WiFi

23 23 Sidejacking on Public WiFi

24 24 Poisoned DNS DNS poisoning takes remote employees to criminal sites Can be poisoned upstream at the ISP, not just at the WiFi hotspot Apps are particularly vulnerable due to poor implementations of certificate validation

25 25 DNS attacks recently reported

26 26 Privacy Leaking Apps Legitimate apps may upload your corporate directory to a service in the cloud That service may be hacked or resold, exposing all of your employees to spear-phishing attacks You should deploy a cloud service to scan and analyze apps for malicious behavior and privacy violations

27 27 Jail-broken & Rooted Devices You should prevent access from jail-broken iPhones and rooted Android devices Jail-broken/rooted devices have almost zero security protections

28 28 Unpatched OS Versions Unpatched OS and plug-ins are the main attack vector of criminals against your users

29 29 Live Example This example is a live example of taking over the iTunes app on an iPad Click twice and enter your device password. You’re owned.

30 30 Phishing or Spear-Phishing Lure

31 31 iOS Allows Unsigned and Unverified Profiles

32 32 Click “Install Now”

33 33 Enter Your Device Password (if you have set one)

34 34 iTunes App Removed, Fake iTunes Installed

35 35 Use Fake iTunes To Steal Passwords, etc

36 36 Things That A Profile Can Change Safari security settings can be disabled Javascript settings Local app settings Allow untrusted TLS connections Device settings Install X.509 certificates

37 37 Even Worse: Hostile MDM Profile Expands the scope of malicious capabilities to include ‒ App replacement and installation ‒ OS replacement ‒ Delete data ‒ Route all traffic to Man-In-The-Middle sites

38 38 Architecture App Feeds Marble App Reputation Database Analyze and add to database Download App Prioritize App Marble App Analysis Instrumented Marble Access Networks WiFis DNS reports App reports Device fingerprints Marble Threat Database Marble Threat Reports Policies & Data Threat Detection Marble Control Marble Threat Lab Design PoC Implement and test Poc Monitor for threat Create Remediation or Detection in our Product Propose or discover threat Network Feeds Marble Access

39 39 App Analysis Architecture Rate High Priority App Download from client or app store Analyze automatically and possibly manually 3 rd Party Feeds Analyze and add to database Download App Prioritize App Marble App Reputation DB Rate by newness, behaviour, publisher, spread rates Download from various app stores & sideloading sites Use Android Grinder and other tools for analysis Incident Response & Analysts Team

40 40 Marble’s Dynamic App Security Architecture Google Play Marble Access Mobile Device Client User Interface Alerts & Reports Analytics Engine Rules Controller/ Scheduler App Crawler Risk Engine Correlation Engine Marble Security Lab Jammer Scanner Database Real-time user interface simulation DNS lookups, network threat correlation engine Network Information Network Threat Database Data FeedsStored Apps Customer’s Security Admin Marble Security Analysts Marble Control Service App Queue Analyzer Apple App Store Other App Stores Dynamic App Analysis Engine


Download ppt "Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO."

Similar presentations

Ads by Google