Three Steps to Combat Mobile Malware


Published on

As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to a users confidential personal and financial information. Mobile applications are the primary way users access information via mobile devices, and as a result the majority of mobile malware is embedded in applications that once downloaded on the device can gain access to this valuable information. But creating policies and understanding the risk of mobile malware, can often be easier said than done. Join Saj Sahay, Senior Product Marketing Director at Rapid7 for an interactive webcast where Saj discusses the mobile malware landscape and how organizations can limit their risk.

To download a free Mobilsafe demo, click here:

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Three Steps to Combat Mobile Malware

  1. 1. Three Steps To Combat Mobile Malware Sajal Sahay Senior Director Product Marketing, Mobilisafe
  2. 2. 2 Saj Sahay Sr. Director of Product Marketing, Rapid7 Presenters
  3. 3. Short for “Malicious Software”, there are multiple types of malware • Software that can disrupt device operations, gather sensitive information or gain undue access to the device BYOD explosion is the malware growth story • Attackers adapting and quickly moving to mobile • Mostly embedded in apps as they are the primary way users access information on mobile devices What Is Malware? 3
  4. 4. Key Types Of Mobile Malware 4 Trojans • Once installed provide access to the device for the person who originated the program • Usually in untrustworthy applications in 3rd party app stores • Can exfiltrate information and lead to significant financial and organizational harm RootKits • Activate every time your system boots up • Can be very difficult to detect • Can allow the installation of hidden files, hidden user accounts etc.
  5. 5. Why Is Mobile Malware Growing? 5 Cybercriminals see a rich target given that mobile devices usually have a lot of personal & financial information on them Spam/Phishing was very successful on desktops, and attackers feel that end users are susceptible to the same failings on mobile devices Most popular apps are from lesser known companies so it’s difficult for consumers to know which ones to trust
  6. 6. The Growth Is Astounding!* 6 123% growth in malware discoveries in ’12 vs. ‘11 95% of infections on Android given diversity of OS versions still being used Common ways to exploit the OS were through application repackaging, malicious URLs & SMS phishing Total of 32.8 million Android devices infected in ‘12, a 200% growth from ’11 * From NQ Mobile’s Yr 2012 Mobile Security Report
  7. 7. So, What Can You Do? 7 Every company should have written mobile usage policies for their employees! • Make sure they are easy to understand • Make sure that all employees go through the necessary training for successful company-wide implementation Include the following three malware focused policies in your company’s written document
  8. 8. Malware Focused Policy #1 Employees Should Only Download Applications From Trusted Sources 8 Google Play (Android) and the iOS App Store (iOS) are administered by Google & Apple • Strict requirements for applications submitted for inclusion • Utilize sophisticated filtering mechanisms to discover and remove apps that may contain malware Apps should not be downloaded from untrustworthy 3rd party app stores
  9. 9. 9 Malware Focused Policy #2 Employees Should Always Update Their Mobile Devices To The Latest Firmware Extend the same patch requirements for your corporate network to mobile Updating firmware is the best way to patch vulnerabilities on mobile devices
  10. 10. 10 Mobile Malware Example: DroidKungFu This type of malware can be considered both a Trojan and a Rootkit • Unique because it can avoid detection by anti malware software • Works by installing a backdoor in the Android OS • Gives the attacker full control of the user’s mobile device • Mainly affects devices running Android 2.2, exploiting two vulnerabilities in the OS version
  11. 11. Malware Focused Policy #3 Employees Shouldn’t Click Unfamiliar Links Sent Via SMS Or E-mail 11 Employees should be very careful when receiving an SMS or email containing a link If the URL of the link seems suspicious they should not click the link Inform the Security Department instead to investigate the URL
  12. 12. Mobile Malware Example: Zitmo (Zeus in the Mobile) 12 A Trojan that can forward SMS’s with confidential information from the device to other phone numbers • Can steal a user’s username and password • A SMS is sent with a link to update the ‘security certificate’, while it actually directs the user to install Zitmo • Once the installation is completed and info is received, attackers usually log-into user’s confidential sites like bank accounts to initiate unauthorized transactions
  13. 13. 1. Employees Should Only Download Applications From Trusted Sources 2. Employees Should Always Update Their Mobile Devices To The Latest Firmware 3. Employees Shouldn’t Click Unfamiliar Links Sent Via SMS Or E-mail 13 Summary - Three Steps To Combat Mobile Malware
  14. 14. Try Moblisafe for yourself - demo.html 14 Thank you!