Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Zimperium Enterprise Mobile Threats


Published on

The latest report summarizes mobile threats recorded from July 1 to September 30, 2017, for device risks, network threats, and app malware, click bots, and privacy abuse. Data in the “Zimperium Global Threat Report” is initiated by Zimperium’s mobile security and mobile threat defense technology, z9, on enterprise customer devices. The threat detection is delivered via the zIPS mobile security app or the lightweight zIAP SDK for mobile app developers. zIPS and zIAP enable companies to detect threats to mobile devices in real-time, so attacks on a mobile device are terminated and won’t advance beyond the targeted device.

Published in: Technology
  • Writing a good research paper isn't easy and it's the fruit of hard work. For help you can check writing expert. Check out, please ⇒ ⇐ I think they are the best
    Are you sure you want to  Yes  No
    Your message goes here

Zimperium Enterprise Mobile Threats

  1. 1. 1All Rights Reserved © 2017 Source: 2017 Mobile Security Spotlight, Zimperium, Inc.
  2. 2. 2All Rights Reserved © 2017 BroadPwn M o b i l e T h r e a t s A r e R e a l …
  3. 3. 3All Rights Reserved © 2017 BankBot M o b i l e T h r e a t s A r e R e a l …
  4. 4. 4All Rights Reserved © 2017 KRACK M o b i l e T h r e a t s A r e R e a l …
  5. 5. 5All Rights Reserved © 2017 Mobile OS is Constantly Changing Source: Android and iOS CVEs 0 100 200 300 400 500 600 700 800 900 1000 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 CVE Score 7+ CVE Score 1-6 Windows 10 Through Sept 2017 CVEs
  6. 6. Malicious App
  7. 7. 7All Rights Reserved © 2017 Install app from third party store App Exploit executed App Used as weapon to internal network Leak data Malicious App M o b i l e T h r e a t s A r e R e a l … Permissions abuse App ALLOW
  8. 8. 8All Rights Reserved © 2017 Malicious App M o b i l e T h r e a t s A r e R e a l … 0% 1% 2% 3% 4% 5% Malicious Android Apps Malicious iOS Apps Source: Zimperium Global Threat Intelligence
  9. 9. Device Configuration Changes
  10. 10. 10All Rights Reserved © 2017 Consultant that goes in and out of client networks client1_wifi client2_wifi client3_wifi client4_wifi Doesn’t like client network restrictions on-site client3_wifi CONNECTED! Installs “free” VPN profile to bypass restrictions Installs SSL cert to encrypt / decrypt device traffic SSL CERT All company data is decrypted to the hacker iOS Profile M o b i l e T h r e a t s A r e R e a l …
  11. 11. 11All Rights Reserved © 2017 Unnecessary Device Risks M o b i l e T h r e a t s A r e R e a l … 0% 10% 20% 30% 40% 50% 60% 70% Malicious Profiles Extreme Risk Configuration High Risk Configuration Vulnerable Devices Source: Zimperium Global Threat Intelligence
  12. 12. Network Attacks
  13. 13. 13All Rights Reserved © 2017 At a coffee shop near an office coffee_wifi CONNECTED! Redirect to phishing page LOGIN Data exploit Access to corporate data Wi-Fi MITM M o b i l e T h r e a t s A r e R e a l … Wi-Fi MITM
  14. 14. 14All Rights Reserved © 2017 Source: Zimperium Global Threat Intelligence Wi-Fi MITM M o b i l e T h r e a t s A r e R e a l … 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% Rogue AP SSL Strip MITM Attacks