Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Mobile Threats at the Tipping Point<br />Jan Volzke<br />Director, Product Management<br />McAfee, Inc.<br />June 2011<br />
Mobile Malware Trend and Outlook<br />- A new Generation of Malware Writers<br />Mobile Threat Research McAfee, Inc., June...
Malware Authors <br />- Focus is Shifting to Android<br />New mobile malware by platform Q2 2010- May 2011<br /><ul><li>45...
Why Mobile Threats are Expected to Rise<br />- Key Accelerating Trends<br />User Aggregation<br />2015 OS shipments<br />I...
Mobile Malware Life Cycle- Show me the Money<br />R&D<br />Reuse<br />Profit Taking<br />Mobile malware monetization metho...
Recent Malware Examples - DrdDream, Zeus Mobile, 09Droid<br />DrdDream<br /><ul><li>1st major Trojan embedded in app
50+ apps removed from Android Market
Steals information and waits for instructions from C&C server </li></ul>Zeus<br /><ul><li>Targeting banks using mTAN authe...
Used against major Spanish institution
Signed app for BB, WM, Symbian S60</li></ul>09Droid<br /><ul><li>Not Malware but fake banking apps sold at $1.49
Upcoming SlideShare
Loading in …5
×

Mobile Threats at the Tipping Point, Jan Volzke, McAfee

1,344 views

Published on

Published in: Technology
  • Be the first to comment

Mobile Threats at the Tipping Point, Jan Volzke, McAfee

  1. 1. Mobile Threats at the Tipping Point<br />Jan Volzke<br />Director, Product Management<br />McAfee, Inc.<br />June 2011<br />
  2. 2. Mobile Malware Trend and Outlook<br />- A new Generation of Malware Writers<br />Mobile Threat Research McAfee, Inc., June 2011<br />Mobile Threats at the Tipping Point, Jan Volzke<br />2<br />
  3. 3. Malware Authors <br />- Focus is Shifting to Android<br />New mobile malware by platform Q2 2010- May 2011<br /><ul><li>450+ new variants</li></ul>Mobile Threat Research McAfee, Inc., June 2011<br />Mobile Threats at the Tipping Point, Jan Volzke<br />3<br />
  4. 4. Why Mobile Threats are Expected to Rise<br />- Key Accelerating Trends<br />User Aggregation<br />2015 OS shipments<br />IDCJune’11<br />Protection Gap<br />Mobile Money<br />Reliance on User<br />Alternative Access<br />Sensitivity of Data <br />Mobile Threats at the Tipping Point, Jan Volzke<br />4<br />
  5. 5. Mobile Malware Life Cycle- Show me the Money<br />R&D<br />Reuse<br />Profit Taking<br />Mobile malware monetization methods:<br />Sell stolen information, Premium SMS/Calls, Click Fraud, Traffic generation, Cash out account balances, Malware for sale, Subscription scams, Mobile banking attacks, Ransom ware extortion, Resell pirated apps <br />Mobile Threats at the Tipping Point, Jan Volzke<br />5<br />
  6. 6. Recent Malware Examples - DrdDream, Zeus Mobile, 09Droid<br />DrdDream<br /><ul><li>1st major Trojan embedded in app
  7. 7. 50+ apps removed from Android Market
  8. 8. Steals information and waits for instructions from C&C server </li></ul>Zeus<br /><ul><li>Targeting banks using mTAN authentication
  9. 9. Used against major Spanish institution
  10. 10. Signed app for BB, WM, Symbian S60</li></ul>09Droid<br /><ul><li>Not Malware but fake banking apps sold at $1.49
  11. 11. Linking to bank’s own web site
  12. 12. Apps targeted 35 banks of all sizes</li></ul>Mobile Threats at the Tipping Point, Jan Volzke<br />6<br />
  13. 13. Phishing is a Cross Device Threat<br />- Mobile Phishing Sites<br /><ul><li>Spoofedbanking sites are riskier onfor Mobile browsers than PC browsers
  14. 14. Lack of SSL indicators
  15. 15. Auto hiding URL bar
  16. 16. Scotiabank’s mobile banking attack:
  17. 17. Requested the users card number and 3digit security code
  18. 18. The attacker gains access to the victim’s bank account</li></ul>McAfee Global Threat Report Q1’2011<br />Opening the page on a PC browser unveils a dubious URL<br />Mobile Threats at the Tipping Point, Jan Volzke<br />7<br />
  19. 19. Industry Recommendations for Next 12 Months- Prepare for the Unexpected<br />Enterprises:<br /><ul><li>Data Loss Prevention via email and apps</li></ul>Developers:<br /><ul><li>Code protection
  20. 20. Security certification</li></ul>Individuals:<br /><ul><li>Common sense
  21. 21. Protect yourself</li></ul>AppStores:<br /><ul><li>Security testing
  22. 22. Field revocation</li></ul>Carriers:<br /><ul><li>Protect billing infra
  23. 23. Use cloud & network </li></ul>Manufacturers:<br /><ul><li>Shorten update cycles
  24. 24. Embedded security </li></ul>Mobile Threats at the Tipping Point, Jan Volzke<br />8<br />
  25. 25. Questions?<br />Advertisement<br />Contact:<br />Jan Volzke<br />McAfee, Inc.<br />Jan_Volzke@mcafee.com <br />Comprehensive Protection Against Viruses, Data Loss and Web Threats<br />http://McAfeeMobileSecurity.com <br />Mobile Threats at the Tipping Point<br />9<br />
  26. 26. References and Acknowledgements<br /><ul><li>Android/DrdDream</li></ul>http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=399522<br /><ul><li>Symbian/Zeus/Zitmo</li></ul>http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=290717<br /><ul><li>Android/09Droid</li></ul>https://www.bayportcu.org/site/mobilesecurityupdates.html<br /><ul><li>mPhishing site</li></ul>http://www.malwarecity.com/blog/mobile-phishing-do-you-know-where-that-link-leads-to-1021.html <br /><ul><li>OSX/RRoll.C</li></ul>http://vil.nai.com/vil/content/v_244695.htm<br /><ul><li> OSX/iPHDownloader.A</li></ul>http://vil.nai.com/vil/content/v_244696.htm<br /><ul><li>General banking risks</li></ul>http://blogs.mcafee.com/mcafee-labs/mobile-reunion-hackers-and-banks<br />http://blogs.mcafee.com/mcafee-labs/get-out-of-jail-not-so-free<br /><ul><li>General Android risks</li></ul>http://blogs.mcafee.com/enterprise/mobile/mcafee-for-android-a-mobile-security-update<br />Acknowledgements:<br />Jimmy Shah (McAfee), Jon Oberheide (Duo Security), Dan Cornell (Denim Group), AlinDamian (Bitdefender), Roland Schmitz (Stuttgart Media University), Fabio Pietrosanti (PrivateWave), Rich Cannings (Google), Chris Clark, Alex Stamos (iSec)<br />Mobile Threats at the Tipping Point, Jan Volzke<br />10<br />

×