SlideShare a Scribd company logo

Malware on Smartphones and Tablets: The Inconvenient Truth

IBM Security
IBM Security

View on-demand webinar: http://ibm.co/21C0aKO Recent research shows that mobile has become the hackers’ new playground. However, most users and IT professionals do not think this is a real and substantial threat. In this on-demand session, we will outline the broad scope of risk that mobile malware poses today on iOS and Android, and explain the potential business threats. The enterprise is at a critical juncture where advanced cyber-attacks targeting mobile users are now threatening both corporate and personal information. Listen in to IBM Security product specialist, Shaked Vax to learn how to reduce risk of data leakage and protect against malicious activity with a comprehensive approach that combines enterprise mobility management (EMM) and mobile threat management.

Technology
1 of 38
Download to read offline
© 2016 IBM Corporation Shaked Vax Trusteer Products Strategist IBM Security Malware on Smartphones and Tablets - The Inconvenient Truth
2© 2016 IBM Corporation Agenda !  Mobile is everywhere – Mobile Threats !  A look at Mobile Malware !  Threat landscape –  iOS –  Android !  Safeguard mobile devices with MaaS360 + Trusteer !  View consolidated MaaS360 event reports on QRadar
3© 2016 IBM Corporation Mobile banking channel development is the #1 technology priority of N.A. retail banks (2013) #1 Channel Of customers won't mobile bank because of security fears 19% Mobile Access to Everything All businesses are leveraging mobile these days as a main communication channel with customers, as well as collaboration and productivity tool for employees !  In Banking: –  Mobile banking is the most important deciding factor when switching banks (32%) –  More important than fees (24%) or branch location (21%) or services (21%)… a survey of mobile banking customers in the U.S. 1 !  However for many end-users – Security concerns are a main inhibitor to adoption !  And apparently….. For a good reason.
4© 2016 IBM Corporation Mobile Malware Threats Scope Line of Business Threats (Customer Facing) • Credential stealing via phishing / malware • In App session fraud (from mobile) • Account take over (from / using mobile) • 2nd Factor Authentication circumvention Enterprise Threats (Employees) • Employee identity theft by stealing contacts / emails / calendar / SMS / location • Tempering/Stealing corporate data and IP • Files • Photos of whiteboard drawings • Recordings of phone calls / meetings • Use stolen data to perform actions on employee’s behalf: • Send Mail/SMS • Perform phone calls Threats for individuals • Monetary losses • Ransomware • Premium rate SMS/calls • Apps purchase • Privacy loss • Mobile RATs • InfoStealers • Extortionware • Device abuse • Advertisement hijacking • Illicit use of B/W, CPU
5© 2016 IBM Corporation Mobile Malware Threats Scope Line of Business Threats (Customer Facing) • Credential stealing via phishing / malware • In App session fraud (from mobile) • Account take over (from mobile) • 2nd Factor Authentication circumvention Enterprise Threats (Employees) • Employee identity theft by stealing contacts / emails / calendar / SMS / location • Tempering/Stealing corporate data and IP • Files • Photos of whiteboard drawings • Recordings of phone calls / meetings • Use stolen data to perform actions on behalf of employee: • Send Mail/SMS • Perform phone calls Threats for individuals • Monetary losses • Ransomware • Premium rate SMS/calls • Apps purchase • Privacy loss • Mobile RATs • InfoStealers • Extortionware • Device abuse • Advertisement hijacking • Illicit use of B/W, CPU Sensitive Information Stealing Using the Mobile device/ channel to perform Attack/ Fraud Monetary loss to the user
6© 2016 IBM Corporation Anatomy of a Mobile Attack – How to Get In? Attack Surface: Data Center WEB SERVER Platform Vulnerabilities Server Misconfiguration Cross-Site Scripting (XSS) Cross Site Request Forgery (CSRF) Weak Input Validation Brute Force Attacks DATABASE SQL Injection Privilege Escalation Data Dumping OS Command Execution Attack Surface: Network Wi-Fi (No/Weak Encryption) Rouge Access Point Packet Sniffing Man-in-the-Middle (MiTM) Session Hijacking DNS Poisoning SSL Stripping Fake SSL Certificate Attack Surface: Mobile Device BROWSER Phishing Pharming Clickjacking Man-in-the-Middle (MitM) Buffer overflow Data Caching PHONE/SMS Baseband Attacks SMishing APPS Sensitive Data Storage No/Weak Encryption Improper SSL Validation Dynamic Runtime Injection Unintended Permissions garneting OPERATING SYSTEM No/Weak Passcode iOS Jailbreak Android Root OS Data Caching Vendor/Carrier loaded OS/Apps No/Weak Encryption
© 2016 IBM Corporation Threat Landscape - iOS
8© 2016 IBM Corporation Apple’s Walled Garden Security by Design !  Looking at the Apple eco-system “as designed” - legit devices without Jail-Break !  Only Apple controls AppStore –  No “alternative market” support* –  Apple reviews all apps –  Apple can remove apps and ban developers !  iOS Enforces Integrity –  Boot chain is signed –  Only signed code can be installed and executed !  iOS Sandbox –  Process memory isolation –  Filesystem isolation –  Some operations require entitlements (e.g., change passcode, access camera)
9© 2016 IBM Corporation Infection Vectors of Non-JB Devices !  Enterprise provisioning (299$/y, valid credit card, D-U-N-S) !  Distributed mostly via link (email/webpage/SMS), or USB !  Legitimate use –  MDM providers and “alternative markets” to some degree –  Other “alternative” markets (Emu4iOS, iNoCydia, …) !  Used maliciously in APT/targeted attacks Pop Quiz: Which of the below pop-ups is legit?
10© 2016 IBM Corporation Infection Vectors of Non-JB Devices !  Enterprise provisioning (299$/y, valid credit card, D-U-N-S) !  Distributed mostly via link (email/webpage/SMS), or USB !  Legitimate use –  MDM providers and “alternative markets” to some degree –  Other “alternative” markets (Emu4iOS, iNoCydia, …) !  Used maliciously in APT/targeted attacks !  xCode Ghost (Sept 2015) – –  Infecting Apps through rouge App development environment targeted at credentials stealing –  300 (or more…) rouge apps removed by Apple from AppStore
11© 2016 IBM Corporation What Can Be Done Inside the Garden (non-JB)? !  Everything legitimately allowed to an app !  Private APIs and vulnerabilities – Masque attack – replacing legit app with another app •  Trojanized versions of social apps found in Hakcing Team’s leak (August 2015)
12© 2016 IBM Corporation Example of Trojanized Facebook App behavior
13© 2016 IBM Corporation What Can Be Done Inside the Garden (non-JB)? !  Everything legitimately allowed to an app !  Private APIs and vulnerabilities – Masque attack – replacing legit app with another app •  Trojanized versions of social apps found in Hakcing Team’s leak (August 2015) –  Hiding apps –  Running in background " background keylogging –  Running on boot –  Taking screenshots –  Simulating screen/button presses –  Blocking OCSP (online certificate status protocol) –  Privilege escalation / sandbox escape
14© 2016 IBM Corporation What Can Be Done Inside the Garden (non-JB)? !  APT/Malware – RCS (2015) – installs alternative keyboard for keylogging + trojanized apps – WireLurker (2014) – installs additional apps (Chinese game, 3rd party AppStore client, comic reader) – Find and Call (2012) – steal user’s contacts !  Apple usually responds fast – eliminating the Apps from the AppStore
15© 2016 IBM Corporation Jailbreak Land !  What is Jailbreak process? – Disables iOS enforcements / sandbox – Introduces 3rd party application stores (e.g., Cydia) !  WW General estimation (2014): ~ 8% of all devices are JB, in China: ~14% !  Trusteer stats (2015) shows only 0.15%, however it may be attributed to the fact it is detected and enforced by most customers !  Jailbreak hiders attempting to hide the device state – xCON – FLEX !  Infection vectors of JB devices – Rogue apps via 3rd party AppStores – USB (WireLurker, CloudAtlas)
16© 2016 IBM Corporation Malware for Jailbroken Devices !  APT / targeted attacks – Hacking Team RCS – steals contacts, calendar, screen, monitors user inputs, location, network traffic. Remote exploit to crack device passcode – Xsser mRAT – Chinese Trojan that steals device info, SMS and emails. Installed via rogue Cydia – CloudAtlas – steals device information, contacts, accounts, Apple ID,… – XAgent “PawnStorm” - steals SMS, contacts, photos, GPS location, installed apps, wifi status, remotely activates audio recording – WireLurker – PC trojanize installed apps, steals contacts, SMS, iMessages, Apple ID, device serial !  “Non-enterprise” malware – Unfold “Baby Panda” – Chinese Trojan that steals Apple ID and password – AdThief – hijacks advertisement of installed apps for revenue
© 2016 IBM Corporation Threat Landscape - Android
18© 2016 IBM Corporation Android Infection Vectors !  Link via SMS/email (may contain exploits) –  E.g., Xsser mRAT distributed via whatsapp message !  Device preloaded with malware –  DeathRing, Mouabad, “Coolpad” backdoor –  Most common in Asia, some appearance in Spain and Africa !  Physical access of attacker (PC kit to deploy malware) !  USB from infected PC (e.g., DroidPak, WireLurker, AndroidRCS)
19© 2016 IBM Corporation Android Infection Vectors !  Remote exploit –  95% of Android devices exposed to Stagefright vulnerability –  On July 2015 ~28% of devices had OS 4.3 or lower which is vulnerable to AOSP Browser & Masterkey (4years old!!) !  App markets – alternative markets and official Google Play
20© 2016 IBM Corporation Android Mobile Store Malware Infection Rates
21© 2016 IBM Corporation Android Infection Vectors !  Remote exploit –  95% of Android devices exposed to Stagefright vulnerability –  On July 2015 ~28% of devices had OS 4.3 or lower which is vulnerable to AOSP Browser & Masterkey (4years old!!) !  App markets – alternative markets and official Google Play !  Apps could deploy malware, weaponize, use exploits or have trojanized functionality
22© 2016 IBM Corporation Android Malware Types !  RATs - commercial or underground surveillanceware – Tens of variants – Some publicly available, some in underground, one is even open source !  Network proxy – NotCompatible malware family !  InfoStealers – Keyloggers, Overlay malware
23© 2016 IBM Corporation The appearance of PC grade mobile malware !  “GM Bot” / “Mazar Banking Software” !  Extensive PC malware like capabilities including: –  Dynamic Configuration via C&C –  Configurable Banking App injection/Overlay capabilities –  Ready made modules being sold to attack WW banks and financial services –  On-Mobile full Fraud life cycle – Credential-stealing, 2FA circumvent, block user/authorization –  Flash News: GM Bot Code Leak !! –  News 2: GM BOT 2.0 released •  A month ago our Intelligence team identify dispute between a customer’s of the GMBot and "Gangaman“ •  The customer was very disappointed from the level of service, it was hard to deploy and bad support •  So… the customer post the full source code in the underground •  Since it was leaked, this malware is very trendy and effective, and now it will reach the hands of fraudsters for free
24© 2016 IBM Corporation Android Malware Types !  High-end APT/targeted attacks –  Hacking Team RCS in Saudi Arabia (?-2015) - “Qatif Today” repack –  Xsser mRAT (2014) •  Chinese trojan spies on HongKong activists, steals contacts, SMS, calls, location, photos, mails, browser history, audio (microphone), remote shell, and call –  RedOctober/CloudAtlas (2014) •  steals accounts, locations, contacts, files, calls, SMS, calendar, bookmarks, audio (microphone) –  APT1 (2013) - “Kakao Talk” repack •  spies on Tibetan activists contacts/SMS/location –  Word Uyghur Congress (2013) •  spies on Tibetan activists contacts/SMS/calls/location –  LuckyCat APT campaign (2012) •  phone info, file dir/upload/download, remote shell –  FinSpy mobile (2011) – Gamma Group’s APT, tied to Egypt
25© 2016 IBM Corporation Android Malware and RATs Capabilities Overview !  Information theft –  Contacts –  Call log history –  Messages (SMS, LINE, Whatsapp, Viber, Skype, Gtalk, Facebook, Twitter, …) –  Emails –  Geographical location –  Network data (wireless network SSID/ password), location, network state –  Phone information (number/IMEI/IMSI/Vendor/ model/Operator/SIM serial/OS) –  Google Account –  Browsing history –  Photos/Videos/Audio –  Screenshots –  Clipboard content –  Arbitrary files on SD card !  Remote control –  Activation/delayed activation and capturing of audio/video/photos/phone calls –  Execute shell / run exploits –  Launch browser –  Send SMS –  Make phone call –  Download/delete files
26© 2016 IBM Corporation Commercial RAT Examples – SandroRAT/DroidJack Evolution !  Sandroid -> SandroRAT -> DroidJack No root access required! 8,380 DriodJack tutorials currently on Google
27© 2016 IBM Corporation Many more…
28© 2016 IBM Corporation Network Proxy to Corporate Resources !  NotCompatible.C –  General purpose, proxying network (TCP/UDP) –  Has been used for spam, bruteforce, bulk ticket purchase !  Banks & other Enterprises could be a next target
29© 2016 IBM Corporation Threats Summary !  Advanced/targeted attacks are real –  More dominant Asia, China being major player –  Global threat - HackingCrew , HackingTeam !  Most dominant threat are RATs –  Android – most easy to infect, highly commercialized –  Jailbroken iOS – has been done only in targeted attacks –  Non-JB iOS – effectively no (reported) harm done, even in targeted attacks but threat is imminent !  Vulnerabilities –  Applicable to iOS and Android, more problematic for Android due to highly segregated market –  Associated only with advanced/targeted attacks !  Network based attacks –  Imminent threat, no malicious incident reported yet
© 2016 IBM Corporation IBM Mobile Threat Management can effectively prevent and take action against malware & threats Taking Action step by step
31© 2016 IBM Corporation Criminals attack the weakest link Mobile Protection Cyber Criminal Enterprise Data Employee / Customer Firewall Perimeter Protection Intrusion Prevention System Anti-Virus Gateway Encryption Mobile Malware
32© 2016 IBM Corporation Taking action is easy - using layered security Secure the Device Secure the Content Secure the App Secure the Network The MaaS360 layered security model
33© 2016 IBM Corporation Taking action – Managed and Unmanaged device Managed Devices (Owned/BYOD) •  Device level Security •  Using EMM/MDM to enforce sensitive information access policy •  MDM should include advanced rooting/jailbreak & malware detection •  Scan Home grown apps for vulnerabilities Unmanaged Devices (Customers, partners, agents, brokers, contractors) •  Application Level Security •  Every App should have capabilities to assess device security •  In-app enforcement of sensitive info/operations •  Scan home grown apps for vulnerabilities
34© 2016 IBM Corporation IBM MaaS360 Mobile Threat Management !  Detects, analyzes and remediates mobile risks delivering a new layer of security for Enterprise Mobility Management (EMM) with the integration of IBM Security Trusteer® to protect against: !  Mobile malware !  Suspicious system configurations !  Compromised jailbroken or rooted devices
35© 2016 IBM Corporation IBM Security QRadar integration with MaaS360 !  Continuous Mobile Visibility – Detect when smartphones and tablets are attempting to connect to the network – Monitor enrollment of personally owned and corporate-liable devices – Gain awareness of unauthorized devices – Learn when users install blacklisted apps and access restricted websites !  Compromised Device Remediation – Uncover devices infected with malware before they compromise your enterprise data – Identify jailbroken iOS devices and rooted Android devices – Set security policies and compliance rules to automate remediation – Block access, or perform a selective wipe or full wipe of compromised devices View MaaS360 compliance rule violations through IBM Security QRadar
36© 2016 IBM Corporation View Out of Compliance events from MaaS360 on QRadar
37© 2016 IBM Corporation Summary •  Malware exists on mobile and can pose a significant threat to your organization’s IP / data •  IBM Security Trusteer can aid in safeguarding this on mobile •  MaaS360 + Trusteer can detect and take actions on mobile devices •  MaaS360 reports mobile device events to QRadar for consolidated reporting
© 2016 IBM Corporation Shaked Vax - svax@us.ibm.com Thank You

Recommended

Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainIBM Security
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerIBM Security
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...IBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsIBM Security
 
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...IBM Security
 

Recommended

Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainIBM Security
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerIBM Security
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...IBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsIBM Security
 
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...IBM Security
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeIBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceLevel Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceIBM Security
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyIBM Security
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail IndustryIBM Security
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomIBM Security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksLife on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksIBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesNeil Kemp
 
Malware
MalwareMalware
MalwareJordi Miró Coin
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 

More Related Content

What's hot

Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeIBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceLevel Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceIBM Security
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyIBM Security
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail IndustryIBM Security
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomIBM Security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksLife on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksIBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesNeil Kemp
 

What's hot (20)

Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't See
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceLevel Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach Study
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail Industry
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksLife on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your Employees
 

Viewers also liked

WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Computer Malware
Computer MalwareComputer Malware
Computer Malwareaztechtchr
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Basics of C programming
Basics of C programmingBasics of C programming
Basics of C programmingavikdhupar
 

Viewers also liked (15)

Malware
MalwareMalware
Malware
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?
 
Airtel
AirtelAirtel
Airtel
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Ransomware
RansomwareRansomware
Ransomware
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Malware
MalwareMalware
Malware
 
Computer Malware
Computer MalwareComputer Malware
Computer Malware
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Basics of C programming
Basics of C programmingBasics of C programming
Basics of C programming
 

Similar to Malware on Smartphones and Tablets: The Inconvenient Truth

Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicroDroidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicroDroidcon Berlin
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
Mobile Malwares Analysis - Garvit Arya
Mobile Malwares Analysis - Garvit AryaMobile Malwares Analysis - Garvit Arya
Mobile Malwares Analysis - Garvit AryaGarvit Arya
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4IBM Security
 
State of Application Security: State of Piracy
State of Application Security: State of PiracyState of Application Security: State of Piracy
State of Application Security: State of PiracyIBM Security
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문Jiransoft Korea
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Denis Gorchakov
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014EMC
 
Securing hand held computing devices
Securing hand held computing devicesSecuring hand held computing devices
Securing hand held computing devicesjraja01
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 

Similar to Malware on Smartphones and Tablets: The Inconvenient Truth (20)

Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient Truth
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile Malware
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicroDroidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicro
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
 
Mobile Malwares Analysis - Garvit Arya
Mobile Malwares Analysis - Garvit AryaMobile Malwares Analysis - Garvit Arya
Mobile Malwares Analysis - Garvit Arya
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4
 
State of Application Security: State of Piracy
State of Application Security: State of PiracyState of Application Security: State of Piracy
State of Application Security: State of Piracy
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
HinDroid
HinDroidHinDroid
HinDroid
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
 
RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014
 
Securing hand held computing devices
Securing hand held computing devicesSecuring hand held computing devices
Securing hand held computing devices
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaper
 

More from IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Malware on Smartphones and Tablets: The Inconvenient Truth

  • 1. © 2016 IBM Corporation Shaked Vax Trusteer Products Strategist IBM Security Malware on Smartphones and Tablets - The Inconvenient Truth
  • 2. 2© 2016 IBM Corporation Agenda !  Mobile is everywhere – Mobile Threats !  A look at Mobile Malware !  Threat landscape –  iOS –  Android !  Safeguard mobile devices with MaaS360 + Trusteer !  View consolidated MaaS360 event reports on QRadar
  • 3. 3© 2016 IBM Corporation Mobile banking channel development is the #1 technology priority of N.A. retail banks (2013) #1 Channel Of customers won't mobile bank because of security fears 19% Mobile Access to Everything All businesses are leveraging mobile these days as a main communication channel with customers, as well as collaboration and productivity tool for employees !  In Banking: –  Mobile banking is the most important deciding factor when switching banks (32%) –  More important than fees (24%) or branch location (21%) or services (21%)… a survey of mobile banking customers in the U.S. 1 !  However for many end-users – Security concerns are a main inhibitor to adoption !  And apparently….. For a good reason.
  • 4. 4© 2016 IBM Corporation Mobile Malware Threats Scope Line of Business Threats (Customer Facing) • Credential stealing via phishing / malware • In App session fraud (from mobile) • Account take over (from / using mobile) • 2nd Factor Authentication circumvention Enterprise Threats (Employees) • Employee identity theft by stealing contacts / emails / calendar / SMS / location • Tempering/Stealing corporate data and IP • Files • Photos of whiteboard drawings • Recordings of phone calls / meetings • Use stolen data to perform actions on employee’s behalf: • Send Mail/SMS • Perform phone calls Threats for individuals • Monetary losses • Ransomware • Premium rate SMS/calls • Apps purchase • Privacy loss • Mobile RATs • InfoStealers • Extortionware • Device abuse • Advertisement hijacking • Illicit use of B/W, CPU
  • 5. 5© 2016 IBM Corporation Mobile Malware Threats Scope Line of Business Threats (Customer Facing) • Credential stealing via phishing / malware • In App session fraud (from mobile) • Account take over (from mobile) • 2nd Factor Authentication circumvention Enterprise Threats (Employees) • Employee identity theft by stealing contacts / emails / calendar / SMS / location • Tempering/Stealing corporate data and IP • Files • Photos of whiteboard drawings • Recordings of phone calls / meetings • Use stolen data to perform actions on behalf of employee: • Send Mail/SMS • Perform phone calls Threats for individuals • Monetary losses • Ransomware • Premium rate SMS/calls • Apps purchase • Privacy loss • Mobile RATs • InfoStealers • Extortionware • Device abuse • Advertisement hijacking • Illicit use of B/W, CPU Sensitive Information Stealing Using the Mobile device/ channel to perform Attack/ Fraud Monetary loss to the user
  • 6. 6© 2016 IBM Corporation Anatomy of a Mobile Attack – How to Get In? Attack Surface: Data Center WEB SERVER Platform Vulnerabilities Server Misconfiguration Cross-Site Scripting (XSS) Cross Site Request Forgery (CSRF) Weak Input Validation Brute Force Attacks DATABASE SQL Injection Privilege Escalation Data Dumping OS Command Execution Attack Surface: Network Wi-Fi (No/Weak Encryption) Rouge Access Point Packet Sniffing Man-in-the-Middle (MiTM) Session Hijacking DNS Poisoning SSL Stripping Fake SSL Certificate Attack Surface: Mobile Device BROWSER Phishing Pharming Clickjacking Man-in-the-Middle (MitM) Buffer overflow Data Caching PHONE/SMS Baseband Attacks SMishing APPS Sensitive Data Storage No/Weak Encryption Improper SSL Validation Dynamic Runtime Injection Unintended Permissions garneting OPERATING SYSTEM No/Weak Passcode iOS Jailbreak Android Root OS Data Caching Vendor/Carrier loaded OS/Apps No/Weak Encryption
  • 7. © 2016 IBM Corporation Threat Landscape - iOS
  • 8. 8© 2016 IBM Corporation Apple’s Walled Garden Security by Design !  Looking at the Apple eco-system “as designed” - legit devices without Jail-Break !  Only Apple controls AppStore –  No “alternative market” support* –  Apple reviews all apps –  Apple can remove apps and ban developers !  iOS Enforces Integrity –  Boot chain is signed –  Only signed code can be installed and executed !  iOS Sandbox –  Process memory isolation –  Filesystem isolation –  Some operations require entitlements (e.g., change passcode, access camera)
  • 9. 9© 2016 IBM Corporation Infection Vectors of Non-JB Devices !  Enterprise provisioning (299$/y, valid credit card, D-U-N-S) !  Distributed mostly via link (email/webpage/SMS), or USB !  Legitimate use –  MDM providers and “alternative markets” to some degree –  Other “alternative” markets (Emu4iOS, iNoCydia, …) !  Used maliciously in APT/targeted attacks Pop Quiz: Which of the below pop-ups is legit?
  • 10. 10© 2016 IBM Corporation Infection Vectors of Non-JB Devices !  Enterprise provisioning (299$/y, valid credit card, D-U-N-S) !  Distributed mostly via link (email/webpage/SMS), or USB !  Legitimate use –  MDM providers and “alternative markets” to some degree –  Other “alternative” markets (Emu4iOS, iNoCydia, …) !  Used maliciously in APT/targeted attacks !  xCode Ghost (Sept 2015) – –  Infecting Apps through rouge App development environment targeted at credentials stealing –  300 (or more…) rouge apps removed by Apple from AppStore
  • 11. 11© 2016 IBM Corporation What Can Be Done Inside the Garden (non-JB)? !  Everything legitimately allowed to an app !  Private APIs and vulnerabilities – Masque attack – replacing legit app with another app •  Trojanized versions of social apps found in Hakcing Team’s leak (August 2015)
  • 12. 12© 2016 IBM Corporation Example of Trojanized Facebook App behavior
  • 13. 13© 2016 IBM Corporation What Can Be Done Inside the Garden (non-JB)? !  Everything legitimately allowed to an app !  Private APIs and vulnerabilities – Masque attack – replacing legit app with another app •  Trojanized versions of social apps found in Hakcing Team’s leak (August 2015) –  Hiding apps –  Running in background " background keylogging –  Running on boot –  Taking screenshots –  Simulating screen/button presses –  Blocking OCSP (online certificate status protocol) –  Privilege escalation / sandbox escape
  • 14. 14© 2016 IBM Corporation What Can Be Done Inside the Garden (non-JB)? !  APT/Malware – RCS (2015) – installs alternative keyboard for keylogging + trojanized apps – WireLurker (2014) – installs additional apps (Chinese game, 3rd party AppStore client, comic reader) – Find and Call (2012) – steal user’s contacts !  Apple usually responds fast – eliminating the Apps from the AppStore
  • 15. 15© 2016 IBM Corporation Jailbreak Land !  What is Jailbreak process? – Disables iOS enforcements / sandbox – Introduces 3rd party application stores (e.g., Cydia) !  WW General estimation (2014): ~ 8% of all devices are JB, in China: ~14% !  Trusteer stats (2015) shows only 0.15%, however it may be attributed to the fact it is detected and enforced by most customers !  Jailbreak hiders attempting to hide the device state – xCON – FLEX !  Infection vectors of JB devices – Rogue apps via 3rd party AppStores – USB (WireLurker, CloudAtlas)
  • 16. 16© 2016 IBM Corporation Malware for Jailbroken Devices !  APT / targeted attacks – Hacking Team RCS – steals contacts, calendar, screen, monitors user inputs, location, network traffic. Remote exploit to crack device passcode – Xsser mRAT – Chinese Trojan that steals device info, SMS and emails. Installed via rogue Cydia – CloudAtlas – steals device information, contacts, accounts, Apple ID,… – XAgent “PawnStorm” - steals SMS, contacts, photos, GPS location, installed apps, wifi status, remotely activates audio recording – WireLurker – PC trojanize installed apps, steals contacts, SMS, iMessages, Apple ID, device serial !  “Non-enterprise” malware – Unfold “Baby Panda” – Chinese Trojan that steals Apple ID and password – AdThief – hijacks advertisement of installed apps for revenue
  • 17. © 2016 IBM Corporation Threat Landscape - Android
  • 18. 18© 2016 IBM Corporation Android Infection Vectors !  Link via SMS/email (may contain exploits) –  E.g., Xsser mRAT distributed via whatsapp message !  Device preloaded with malware –  DeathRing, Mouabad, “Coolpad” backdoor –  Most common in Asia, some appearance in Spain and Africa !  Physical access of attacker (PC kit to deploy malware) !  USB from infected PC (e.g., DroidPak, WireLurker, AndroidRCS)
  • 19. 19© 2016 IBM Corporation Android Infection Vectors !  Remote exploit –  95% of Android devices exposed to Stagefright vulnerability –  On July 2015 ~28% of devices had OS 4.3 or lower which is vulnerable to AOSP Browser & Masterkey (4years old!!) !  App markets – alternative markets and official Google Play
  • 20. 20© 2016 IBM Corporation Android Mobile Store Malware Infection Rates
  • 21. 21© 2016 IBM Corporation Android Infection Vectors !  Remote exploit –  95% of Android devices exposed to Stagefright vulnerability –  On July 2015 ~28% of devices had OS 4.3 or lower which is vulnerable to AOSP Browser & Masterkey (4years old!!) !  App markets – alternative markets and official Google Play !  Apps could deploy malware, weaponize, use exploits or have trojanized functionality
  • 22. 22© 2016 IBM Corporation Android Malware Types !  RATs - commercial or underground surveillanceware – Tens of variants – Some publicly available, some in underground, one is even open source !  Network proxy – NotCompatible malware family !  InfoStealers – Keyloggers, Overlay malware
  • 23. 23© 2016 IBM Corporation The appearance of PC grade mobile malware !  “GM Bot” / “Mazar Banking Software” !  Extensive PC malware like capabilities including: –  Dynamic Configuration via C&C –  Configurable Banking App injection/Overlay capabilities –  Ready made modules being sold to attack WW banks and financial services –  On-Mobile full Fraud life cycle – Credential-stealing, 2FA circumvent, block user/authorization –  Flash News: GM Bot Code Leak !! –  News 2: GM BOT 2.0 released •  A month ago our Intelligence team identify dispute between a customer’s of the GMBot and "Gangaman“ •  The customer was very disappointed from the level of service, it was hard to deploy and bad support •  So… the customer post the full source code in the underground •  Since it was leaked, this malware is very trendy and effective, and now it will reach the hands of fraudsters for free
  • 24. 24© 2016 IBM Corporation Android Malware Types !  High-end APT/targeted attacks –  Hacking Team RCS in Saudi Arabia (?-2015) - “Qatif Today” repack –  Xsser mRAT (2014) •  Chinese trojan spies on HongKong activists, steals contacts, SMS, calls, location, photos, mails, browser history, audio (microphone), remote shell, and call –  RedOctober/CloudAtlas (2014) •  steals accounts, locations, contacts, files, calls, SMS, calendar, bookmarks, audio (microphone) –  APT1 (2013) - “Kakao Talk” repack •  spies on Tibetan activists contacts/SMS/location –  Word Uyghur Congress (2013) •  spies on Tibetan activists contacts/SMS/calls/location –  LuckyCat APT campaign (2012) •  phone info, file dir/upload/download, remote shell –  FinSpy mobile (2011) – Gamma Group’s APT, tied to Egypt
  • 25. 25© 2016 IBM Corporation Android Malware and RATs Capabilities Overview !  Information theft –  Contacts –  Call log history –  Messages (SMS, LINE, Whatsapp, Viber, Skype, Gtalk, Facebook, Twitter, …) –  Emails –  Geographical location –  Network data (wireless network SSID/ password), location, network state –  Phone information (number/IMEI/IMSI/Vendor/ model/Operator/SIM serial/OS) –  Google Account –  Browsing history –  Photos/Videos/Audio –  Screenshots –  Clipboard content –  Arbitrary files on SD card !  Remote control –  Activation/delayed activation and capturing of audio/video/photos/phone calls –  Execute shell / run exploits –  Launch browser –  Send SMS –  Make phone call –  Download/delete files
  • 26. 26© 2016 IBM Corporation Commercial RAT Examples – SandroRAT/DroidJack Evolution !  Sandroid -> SandroRAT -> DroidJack No root access required! 8,380 DriodJack tutorials currently on Google
  • 27. 27© 2016 IBM Corporation Many more…
  • 28. 28© 2016 IBM Corporation Network Proxy to Corporate Resources !  NotCompatible.C –  General purpose, proxying network (TCP/UDP) –  Has been used for spam, bruteforce, bulk ticket purchase !  Banks & other Enterprises could be a next target
  • 29. 29© 2016 IBM Corporation Threats Summary !  Advanced/targeted attacks are real –  More dominant Asia, China being major player –  Global threat - HackingCrew , HackingTeam !  Most dominant threat are RATs –  Android – most easy to infect, highly commercialized –  Jailbroken iOS – has been done only in targeted attacks –  Non-JB iOS – effectively no (reported) harm done, even in targeted attacks but threat is imminent !  Vulnerabilities –  Applicable to iOS and Android, more problematic for Android due to highly segregated market –  Associated only with advanced/targeted attacks !  Network based attacks –  Imminent threat, no malicious incident reported yet
  • 30. © 2016 IBM Corporation IBM Mobile Threat Management can effectively prevent and take action against malware & threats Taking Action step by step
  • 31. 31© 2016 IBM Corporation Criminals attack the weakest link Mobile Protection Cyber Criminal Enterprise Data Employee / Customer Firewall Perimeter Protection Intrusion Prevention System Anti-Virus Gateway Encryption Mobile Malware
  • 32. 32© 2016 IBM Corporation Taking action is easy - using layered security Secure the Device Secure the Content Secure the App Secure the Network The MaaS360 layered security model
  • 33. 33© 2016 IBM Corporation Taking action – Managed and Unmanaged device Managed Devices (Owned/BYOD) •  Device level Security •  Using EMM/MDM to enforce sensitive information access policy •  MDM should include advanced rooting/jailbreak & malware detection •  Scan Home grown apps for vulnerabilities Unmanaged Devices (Customers, partners, agents, brokers, contractors) •  Application Level Security •  Every App should have capabilities to assess device security •  In-app enforcement of sensitive info/operations •  Scan home grown apps for vulnerabilities
  • 34. 34© 2016 IBM Corporation IBM MaaS360 Mobile Threat Management !  Detects, analyzes and remediates mobile risks delivering a new layer of security for Enterprise Mobility Management (EMM) with the integration of IBM Security Trusteer® to protect against: !  Mobile malware !  Suspicious system configurations !  Compromised jailbroken or rooted devices
  • 35. 35© 2016 IBM Corporation IBM Security QRadar integration with MaaS360 !  Continuous Mobile Visibility – Detect when smartphones and tablets are attempting to connect to the network – Monitor enrollment of personally owned and corporate-liable devices – Gain awareness of unauthorized devices – Learn when users install blacklisted apps and access restricted websites !  Compromised Device Remediation – Uncover devices infected with malware before they compromise your enterprise data – Identify jailbroken iOS devices and rooted Android devices – Set security policies and compliance rules to automate remediation – Block access, or perform a selective wipe or full wipe of compromised devices View MaaS360 compliance rule violations through IBM Security QRadar
  • 36. 36© 2016 IBM Corporation View Out of Compliance events from MaaS360 on QRadar
  • 37. 37© 2016 IBM Corporation Summary •  Malware exists on mobile and can pose a significant threat to your organization’s IP / data •  IBM Security Trusteer can aid in safeguarding this on mobile •  MaaS360 + Trusteer can detect and take actions on mobile devices •  MaaS360 reports mobile device events to QRadar for consolidated reporting
  • 38. © 2016 IBM Corporation Shaked Vax - svax@us.ibm.com Thank You