Successfully reported this slideshow.
THREAT LANDS<br />Presented by Goh, Su Gim<br />Security Advisor, Asia <br />F-Secure Response Labs<br />
About me<br />10 years in the IT Security industry<br />IT network security infrastructure design<br />Assessment and pene...
Agenda<br />About F-Secure<br />The Threat Landscape today<br />Social Media Networking<br />More than just $$<br />The un...
4 July, 2011<br />
© F-Secure / Public<br />04 April, 2011<br />6<br />
1988<br />Founded<br />1999<br />IPO (Helsinki Stock Exchange)<br />Today<br /> “Protecting the irreplaceable”<br /> Enabl...
F-Secure in Malaysia	<br />04 July, 2011<br />8<br />Operations started 2006<br />KL Sentral office opened 2006<br />Moved...
The Virus Eras<br />© F-Secure / Public<br />04 July, 2011<br />9<br />FLOPPY <br />LAN <br />EMAIL <br />WEB <br />FA...
http://campaigns.f-secure.com/brain/index.html<br />© F-Secure / Public<br />04 July, 2011<br />10<br />
Malware Attacks 1986 - 2011<br />1986 -	Hobbyist attacks<br />2002 - 	Financial attacks<br />2005 - 	Spying / Espionage<br...
© F-Secure / Public<br />04 July, 2011<br />17<br />
© F-Secure / Public<br />04 July, 2011<br />18<br />
Hmm.. Is that my ex-girlfriend viewing my profile?<br />© F-Secure / Public<br />04 July, 2011<br />19<br />
© F-Secure / Public<br />04 July, 2011<br />20<br />
© F-Secure / Public<br />04 July, 2011<br />21<br />
FB’s FAQ<br />© F-Secure / Public<br />04 July, 2011<br />22<br />
LIKE JACKING<br />© F-Secure / Public<br />04 July, 2011<br />23<br />
© F-Secure / Public<br />04 July, 2011<br />24<br />
© F-Secure / Public<br />04 July, 2011<br />25<br />
© F-Secure / Public<br />04 July, 2011<br />26<br />
Critical Infrastructure<br />
Stuxnet<br />
STUXNET<br />Uses 5<br />Vulnerabilities*<br />Windows <br />Worm<br />Spreads via USB sticks<br />* 4 zero-days<br />
Signedcomponent – thestolencertificate<br />
Stuxnetisbig<br />Stuxnet<br />1,5 MB<br />AverageMalware<br />50-100 KB<br />
Siemens Simatic Step7 WinCC PLC<br />
6es7-417<br />
Bushehr  / Natanz<br />
CASE: hosting.ua – the Ukrainian Datacenter<br />© F-Secure / Public<br />04 July, 2011<br />40<br />
Spring cleaning gone bad…<br />© F-Secure / Public<br />04 July, 2011<br />42<br />
UNTETHERED<br />© F-Secure / Public<br />04 July, 2011<br />45<br />
The big brother aka   大哥大<br />04 July, 2011<br />46<br />
The battlefield today..<br />04 July, 2011<br />47<br />
The ever growing Smartphone…<br />04 July, 2011<br />48<br />“Smartphones to break 100 million shipment mark in Asia/Pacif...
Smartphone market share: Today and Tomorrow<br />04 July, 2011<br />49<br />
Android overtakes BlackBerry as Top US Smartphone platform<br />04 July, 2011<br />50<br />
WHAT CAN MOBILE MALWARE DO???<br />PERSONAL DATA DISCLOSURE<br />PHISHING<br />SPYWARE<br />DIALERWARE<br />FINANCIAL MALW...
Huike.cn serving Windows Mobile apps<br />04 July, 2011<br />52<br />
3D Anti-Terrorist <br />04 July, 2011<br />53<br />
Windows Mobile Trojan<br />Poses as 3D Anti-Terrorist Action War Game<br />Developed by Beijing Huike Technology in China<...
A Dialerware example<br />04 July, 2011<br />55<br />
Dialerware continued..<br />04 July, 2011<br />56<br />
The numbers<br />+882346077 		Antarctica<br />+17675033611		Dominican republic<br />+88213213214 	EMSAT satellite prefix<b...
www.keyzone-telemedia.com<br />04 July, 2011<br />58<br />
www.premium-rates.com<br />04 July, 2011<br />59<br />
Geinimi, Aka 給你米<br />Android BOT<br />Opens a backdoor and calls home<br />Calls home to various servers:<br />04 July, 2...
The Variants… HongTouTou紅頭頭 / ADRD<br />Targeting users in China<br />Distributed on free file sharing websites as wallpap...
Do Androids Dream? [THE MOTHER OF THEM ALL]<br />Root your phone (Admin access)<br />Sends IMEI/IMSI to remote server<br /...
Trojanised apps by Myournet<br />04 July, 2011<br />64<br />Falling Down<br />Super Guitar Solo<br />Super History Eraser<...
Real App on left and virused-up version (Myournet)<br />04 July, 2011<br />65<br />
In case of emergency, press this:<br />04 July, 2011<br />66<br />The KILL SWITCH<br />
On March 1st 2011, Google yanked 58 apps in Android Market<br />March 6th, Google created the Android Market Security Tool...
04 July, 2011<br />68<br />And so it was nice and dandy...<br />Fake Google Security <br />Patch<br />4 days later..<br />...
Distributed by an unregulated Chinese app market
Detected by Symantec as BgServicerunning on infected devices
Trojan sends SMS to a command and control server</li></li></ul><li>Multiple Sources for App Downloading “SIDELOADING” <br ...
Yingyonghui.com<br />© F-Secure Confidential<br />04 July, 2011<br />70<br />
© F-Secure Confidential<br />04 July, 2011<br />71<br />
“SIDELOADING” : Androiddownloadz.com<br />04 July, 2011<br />72<br />
04 July, 2011<br />73<br />Eventually, virus writerswill realize it's easier to makemoney by infecting phonesthan by infec...
So how do I protect myself?<br />04 July, 2011<br />74<br />
(1) TRUSTED & REPUTABLE SOURCES<br />Download from reputable app markets<br />Avoid third party app stores (Sideloading)<b...
(2) Scrutinize permissions <br />Check on permissions when installing an app<br />Ensure the  permissions match the featur...
(3) Auto-locking, reset and wipe (Housekeeping)<br />Automatic locking after a few minutes of no activity<br />Reset and w...
(4) Install a mobile security app<br />Install an Anti-virus for your SmartPhone against trojans/viruses/malware<br />Othe...
Upcoming SlideShare
Loading in …5
×

Threat Lands

705 views

Published on

Bangsar South City Knowledge Clinics - Online Security & Data Protection on 30 June 2011

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Threat Lands

  1. 1. THREAT LANDS<br />Presented by Goh, Su Gim<br />Security Advisor, Asia <br />F-Secure Response Labs<br />
  2. 2. About me<br />10 years in the IT Security industry<br />IT network security infrastructure design<br />Assessment and penetration testing<br />Standards and Compliance<br />Security Operation Center / Incident Response<br />Born and Raised in Malaysia<br />Spent 12 years in Hawaii, USA<br />Joined F-Secure about 9 months ago, now based in F-Secure Response Labs, Kuala Lumpur <br />04 July, 2011<br />2<br />
  3. 3. Agenda<br />About F-Secure<br />The Threat Landscape today<br />Social Media Networking<br />More than just $$<br />The un-tethered world<br />Malware for the mobile world<br />
  4. 4. 4 July, 2011<br />
  5. 5.
  6. 6. © F-Secure / Public<br />04 April, 2011<br />6<br />
  7. 7. 1988<br />Founded<br />1999<br />IPO (Helsinki Stock Exchange)<br />Today<br /> “Protecting the irreplaceable”<br /> Enabling the safe use of computers and smartphones<br /> Strong solution portfolio covering both consumers and business <br />The leading Software as a Service (SaaS) partner for operators globally<br /> Over 200 operator partnerships in more than 40 countries<br />Strong market presence in Europe, North America and Asia <br />Distributors/resellers in more than 100 countries<br />20 offices globally and over 800 professionals worldwide<br />F-Secure - Summary <br />2007<br />
  8. 8. F-Secure in Malaysia <br />04 July, 2011<br />8<br />Operations started 2006<br />KL Sentral office opened 2006<br />Moved to Bangsar South May 2009<br />Today, 2011, 25% of the employees in Asia<br />2005<br />2006<br />2007<br />2008<br />2009<br />2011<br />
  9. 9. The Virus Eras<br />© F-Secure / Public<br />04 July, 2011<br />9<br />FLOPPY <br />LAN <br />EMAIL <br />WEB <br />FACEBOOK, MYSPACE, TWITTER, LINKEDIN?<br />MOBILE MALWARE???<br />
  10. 10. http://campaigns.f-secure.com/brain/index.html<br />© F-Secure / Public<br />04 July, 2011<br />10<br />
  11. 11. Malware Attacks 1986 - 2011<br />1986 - Hobbyist attacks<br />2002 - Financial attacks<br />2005 - Spying / Espionage<br />2010 - Cyber Sabotage<br />© F-Secure Corporation<br />April 28, 2010<br />11<br />
  12. 12.
  13. 13.
  14. 14.
  15. 15.
  16. 16.
  17. 17. © F-Secure / Public<br />04 July, 2011<br />17<br />
  18. 18. © F-Secure / Public<br />04 July, 2011<br />18<br />
  19. 19. Hmm.. Is that my ex-girlfriend viewing my profile?<br />© F-Secure / Public<br />04 July, 2011<br />19<br />
  20. 20. © F-Secure / Public<br />04 July, 2011<br />20<br />
  21. 21. © F-Secure / Public<br />04 July, 2011<br />21<br />
  22. 22. FB’s FAQ<br />© F-Secure / Public<br />04 July, 2011<br />22<br />
  23. 23. LIKE JACKING<br />© F-Secure / Public<br />04 July, 2011<br />23<br />
  24. 24. © F-Secure / Public<br />04 July, 2011<br />24<br />
  25. 25. © F-Secure / Public<br />04 July, 2011<br />25<br />
  26. 26. © F-Secure / Public<br />04 July, 2011<br />26<br />
  27. 27. Critical Infrastructure<br />
  28. 28.
  29. 29.
  30. 30.
  31. 31. Stuxnet<br />
  32. 32.
  33. 33. STUXNET<br />Uses 5<br />Vulnerabilities*<br />Windows <br />Worm<br />Spreads via USB sticks<br />* 4 zero-days<br />
  34. 34. Signedcomponent – thestolencertificate<br />
  35. 35. Stuxnetisbig<br />Stuxnet<br />1,5 MB<br />AverageMalware<br />50-100 KB<br />
  36. 36. Siemens Simatic Step7 WinCC PLC<br />
  37. 37. 6es7-417<br />
  38. 38.
  39. 39. Bushehr  / Natanz<br />
  40. 40. CASE: hosting.ua – the Ukrainian Datacenter<br />© F-Secure / Public<br />04 July, 2011<br />40<br />
  41. 41.
  42. 42. Spring cleaning gone bad…<br />© F-Secure / Public<br />04 July, 2011<br />42<br />
  43. 43.
  44. 44.
  45. 45. UNTETHERED<br />© F-Secure / Public<br />04 July, 2011<br />45<br />
  46. 46. The big brother aka 大哥大<br />04 July, 2011<br />46<br />
  47. 47. The battlefield today..<br />04 July, 2011<br />47<br />
  48. 48. The ever growing Smartphone…<br />04 July, 2011<br />48<br />“Smartphones to break 100 million shipment mark in Asia/Pacific (Excluding Japan) by 2011” - IDC<br />“IDC expects 137 million units in 2011, double the units in 2010”<br />“53% of Chinese citizens in key urban centres own a smartphone, well ahead of countries like the US, where penetration stands at around 30%, and Japan, on 10%” Consultancy Accenture<br />
  49. 49. Smartphone market share: Today and Tomorrow<br />04 July, 2011<br />49<br />
  50. 50. Android overtakes BlackBerry as Top US Smartphone platform<br />04 July, 2011<br />50<br />
  51. 51. WHAT CAN MOBILE MALWARE DO???<br />PERSONAL DATA DISCLOSURE<br />PHISHING<br />SPYWARE<br />DIALERWARE<br />FINANCIAL MALWARE<br />04 July, 2011<br />51<br />
  52. 52. Huike.cn serving Windows Mobile apps<br />04 July, 2011<br />52<br />
  53. 53. 3D Anti-Terrorist <br />04 July, 2011<br />53<br />
  54. 54. Windows Mobile Trojan<br />Poses as 3D Anti-Terrorist Action War Game<br />Developed by Beijing Huike Technology in China<br />Distributed in windows freeware download sites<br />Packaged with virus written in Russia<br />Malicious code initiate silently international calls to Premium Numbers<br />04 July, 2011<br />54<br />
  55. 55. A Dialerware example<br />04 July, 2011<br />55<br />
  56. 56. Dialerware continued..<br />04 July, 2011<br />56<br />
  57. 57. The numbers<br />+882346077 Antarctica<br />+17675033611 Dominican republic<br />+88213213214 EMSAT satellite prefix<br />+25240221601 Somalia<br />+2392283261 São Tomé and Príncipe <br />+881842011123 Globalstar satellite prefix<br />
  58. 58. www.keyzone-telemedia.com<br />04 July, 2011<br />58<br />
  59. 59. www.premium-rates.com<br />04 July, 2011<br />59<br />
  60. 60.
  61. 61. Geinimi, Aka 給你米<br />Android BOT<br />Opens a backdoor and calls home<br />Calls home to various servers:<br />04 July, 2011<br />61<br />www.frijd.comwww.aiucr.com <br />www.uisoa.comwww.islpast.comwww.piajesj.comwww.qoewsl.com<br />www.weolir.comwww.riusdu.comwww.widifu.comwww.udaore.com<br />
  62. 62. The Variants… HongTouTou紅頭頭 / ADRD<br />Targeting users in China<br />Distributed on free file sharing websites as wallpaper apps<br />Gather IMEI/IMSI - encrypted<br />Search as a mobile user <br />Emulate clicks as a mobile user<br />Monitor SMS conversations<br />04 July, 2011<br />62<br />
  63. 63. Do Androids Dream? [THE MOTHER OF THEM ALL]<br />Root your phone (Admin access)<br />Sends IMEI/IMSI to remote server<br />Steals sensitive data<br />More than 50 applications infected<br />Repackaged by app developer by<br />Myournet<br />Kingmail2010<br /> we20090202<br />Hosted on Android Market<br />50,000 to 200,000 downloads in 4 days<br />04 July, 2011<br />63<br />DroidDream<br />
  64. 64. Trojanised apps by Myournet<br />04 July, 2011<br />64<br />Falling Down<br />Super Guitar Solo<br />Super History Eraser<br />Photo Editor<br />Super Ringtone Maker<br />Super Sex Positions<br />Hot Sexy Videos<br />Chess<br />下坠滚球_Falldown<br />Hilton Sex Sound<br />Screaming Sexy Japanese Girls<br />Falling Ball Dodge<br />Scientific Calculator<br />Dice Roller<br />躲避弹球<br />Advanced Currency Converter<br />App Uninstaller<br />几何战机_PewPew<br />Funny Paint<br />Spider Man<br />蜘蛛侠<br />
  65. 65. Real App on left and virused-up version (Myournet)<br />04 July, 2011<br />65<br />
  66. 66. In case of emergency, press this:<br />04 July, 2011<br />66<br />The KILL SWITCH<br />
  67. 67. On March 1st 2011, Google yanked 58 apps in Android Market<br />March 6th, Google created the Android Market Security Tool to REMOTELY remove the malicious apps and the DroidDreamtrojan from hundreds of thousands of devices<br />Gives me a mixed feeling…<br />04 July, 2011<br />67<br />The Google KILL SWITCH<br />
  68. 68. 04 July, 2011<br />68<br />And so it was nice and dandy...<br />Fake Google Security <br />Patch<br />4 days later..<br /><ul><li>Hijacked and retooled Google’s Android Market Security Tool
  69. 69. Distributed by an unregulated Chinese app market
  70. 70. Detected by Symantec as BgServicerunning on infected devices
  71. 71. Trojan sends SMS to a command and control server</li></li></ul><li>Multiple Sources for App Downloading “SIDELOADING” <br />© F-Secure / Confidential<br />04 July, 2011<br />69<br />
  72. 72. Yingyonghui.com<br />© F-Secure Confidential<br />04 July, 2011<br />70<br />
  73. 73. © F-Secure Confidential<br />04 July, 2011<br />71<br />
  74. 74. “SIDELOADING” : Androiddownloadz.com<br />04 July, 2011<br />72<br />
  75. 75. 04 July, 2011<br />73<br />Eventually, virus writerswill realize it's easier to makemoney by infecting phonesthan by infecting computers<br />
  76. 76. So how do I protect myself?<br />04 July, 2011<br />74<br />
  77. 77. (1) TRUSTED & REPUTABLE SOURCES<br />Download from reputable app markets<br />Avoid third party app stores (Sideloading)<br />Review developer name, reviews and star ratings<br />If it is too good to be true.. IT IS<br />There is NO FREE LUNCH<br />04 July, 2011<br />75<br />
  78. 78. (2) Scrutinize permissions <br />Check on permissions when installing an app<br />Ensure the permissions match the features it provides<br />04 July, 2011<br />76<br />
  79. 79. (3) Auto-locking, reset and wipe (Housekeeping)<br />Automatic locking after a few minutes of no activity<br />Reset and wipe when disposing or recycling your phone <br />04 July, 2011<br />77<br />
  80. 80. (4) Install a mobile security app<br />Install an Anti-virus for your SmartPhone against trojans/viruses/malware<br />Other security vendor features (Anti Theft) include<br />Remote Wipe, Lock & Alarm<br />Remote Alarm<br />GPS Locator<br />Remote backup <br />04 July, 2011<br />78<br />
  81. 81. Keeping yourself posted…<br />www.f-secure.com/weblog<br />Twitter<br />F-Secure<br />mikkohypponen<br />sugimgoh<br />04 July, 2011<br />79<br />
  82. 82. THE END<br /> Q&A?<br />04 July, 2011<br />80<br />

×