Mobile Security Threat Landscape - LookingGlass Cyber · 4 Mobile security threat Landscape: recent trends and 2016 outlook 2016 Lookinglass yber Solutions Mobile-Ransomware Targeted

A LookinggLAss Cyber soLutions™ White PAPer | MArCh 2016

Mobile Security Threat Landscape:

Recent Trends and 2016 Outlook

2

Mobile Security Threat Landscape: Recent Trends and 2016 Outlook© 2016 LookingGlass Cyber Solutions™

executive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2015: year in review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

the 2016 threat Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Table of Contents

Mobile Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 Lookingglass Cyber solutions™ 3

the mobile landscape is exploding, with a prediction that there will be more than six billion

global smartphone users by 2020 .1 As more people turn to their phones and other mobile

devices, mobile applications are becoming a primary portal for interacting online . however,

the more invested we become in mobility, the more we open ourselves up to new forms

of intrusions from malicious actors . in this white paper, we examine notable trends and

events in mobile security during 2015 and look forward to what security professionals

should expect in 2016 .

in 2015, we saw threat actors shift their tactics to smaller targets with mobile-ransomware

focusing more on individuals and less on corporations . the bring your own Device (byoD)

environment became more pervasive with organizations realizing the importance of

establishing concrete byoD policies, and more mobile applications were found sharing

data with third-parties . Looking ahead, the internet of things (iot) will be a main target

for increased hacking of every day devices, there will be more attacks targeting the ios

platform, and the transition from novelty to mainstream use of mobile payment systems

will make it a target for new vulnerabilities and exploits .

Executive Summary

1 http://techcrunch.com/2015/06/02/6-1b-smartphone-users-globally-by-2020-overtaking-basic-fixed-phone-subscriptions/

4


Mobile-Ransomware Targeted IndividualsMobile-malware, which is designed to specifically infect the operating system (OS) and applications of

mobile devices, grew 185 percent in 2015.2 Mobile-ransomware was ranked the “number one mobile

malware threat.”3 While mobile-malware has been on the rise for some time now, mobile-ransomware

typically stuck to targeting corporations. However, as mobile-malware has evolved and made its way into

applications, it’s become that much easier for cyber criminals to victimize the general public with mobile-

ransomware. Perpetrators no longer need to only target companies that have the resources to pay out

large sums of money.

Mobile-ransomware can lock a phone, encrypt files, and hijack administrative privileges to make it difficult

to remove the malware. Devices infected with ransomware will stay encrypted until victims pay a ransom

somewhere in the neighborhood of $500. With the continued adoption of electronic currency like bitcoin,

it’s becoming easier to transact ransom fees anonymously, reducing the risk of getting caught.

Ransomware attacks can come in the form of applications that a user installs on their device, often

downloaded from one of hundreds of unofficial app stores (referred to as “sideloading”). Many attacks

can be attributed to adult sites and apps, which, at 36 percent, is the top infection vector. One particular

2 http://www.pcworld.com/article/2010278/10-common-mobile-security-problems-to-attack.html 3 http://www.darkreading.com/endpoint/ransomware-ranked-number-one-mobile-malware-threat/d/d-id/1322886

2015: Year In Review

01SeCTIOn

5Mobile Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™

ransomware case on an Android device involved Adult Player, a porn

viewing app. It was not available in legitimately vetted storefronts, and

was instead being downloaded directly from the author’s website. Once

installed, the app took a picture of the user and threatened to expose the

individual’s identity unless they paid the ransom.4

Although Android devices saw 97 percent of mobile-malware action in

2015, iOS users should still be cautious when downloading and installing

applications from unfamiliar authors.5 As we will discuss later in this

paper, the iOS platform is not immune to attack, and will likely see more

targeted malware and other threats in 2016.

The Evolution Of The Bring Your Own Device (BYOD) EnvironmentWhen mobile devices and tablets were first introduced into the office,

they were typically only used by executives that wanted to have the

latest, greatest technology. However, as more employees realized they

could access corporate email and systems from their personal devices,

and workforces became more mobile, the demand for Bring Your Own

Device (BYOD) policies in the workplace became an enterprise necessity.

This year, we saw that shift in BYOD policies becoming more established

in the workplace, with 74 percent of organizations having, or planning on

creating, an enterprise-wide BYOD environment.6

4 http://www.bbc.com/news/technology-34173372 5 http://www.scmagazineuk.com/updated-97-of-malicious-mobile-malware-targets-android/article/422783/ 6 http://www.zdnet.com/article/research-74-percent-using-or-adopting-byod/

6Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 Lookingglass Cyber solutions™

BYOD allows employees to use personal devices in the workplace to access corporate information. While BYOD has enabled companies

to cut down on hardware and service costs, it has also brought about new information security concerns such as privacy and legal policies.

Average users may not understand the security implications of a BYOD policy, such as how downloading a rogue application onto their device

can allow cyber criminals to access proprietary corporate data, login credentials, Personally Identifiable Information (PII) /PHI, sensitive client

information, and more. In fact, 78 percent of organizations say security concerns are the primary reason why they would not implement a

BYOD strategy.

Another issue security practitioners need to be aware of with BYOD is backdoors. A backdoor is a program designed to allow remote access

to computers and other devices. These can be tricky as they can serve both legitimate and illegitimate purposes; many software developers

install backdoors to legitimately upgrade, improve, or enhance end-user applications. Regardless of whether a backdoor is legitimate or not, it

still allows a developer unhindered access to data on the device.

When implementing a BYOD policy, businesses should first and foremost be concerned with the integrity of the manufacturer’s supply chain to

address concerns about malicious backdoors.

This can be done by:

• Educatingemployeesonwhyit’simportanttopurchasemobiledevicesfromreputablecompanies

• Whitelistingorapprovingcertified-for-usedevicesfromreputablecompanieswithuncompromisedsupplychains

• Creatingstricterstandardsandappropriateapplicationcontrolsfordevicesthathavehigherlevelofaccess

to valuable company information

• Remainingcognizantoftheoriginofemployeedevices;smartphoneswithpre-installedmalwarefrequentlysurface

in Asia through dubious or substandard third-party vendors who market inferior knockoffs or counterfeit brands of

popularsmartphonesviaonlinemarketplaceslikeeBayorAmazon


Additionally, when adopting a BYOD policy, users should take the following precautions:

• Onlydownloadapplicationsfromtheofficialappstorerelatedtoyourdevice’sOS

• Beawareoftheinformationyou’reauthorizingappstoaccess(e.g.,whydoesaflashlightappneedaccess

to your photos and contacts?)

• Usepasswordpadding

• Becautiousaboutopenwirelessnetworks;disableyourWi-Fifromconnectingtoanyrandomopennetwork;whenindoubt,

asktheestablishment’semployeesfortheofficialWi-Fihotspotname

• DisableBluetoothandmobilehotspotswhenyou’renotactivelyusingthem

• UseaVPNapplicationwhenyou’reconnectingtoanunknownnetwork;sometop-ratedonesareVyperVPN,NordVPN,

IronSocket,andExpressVPN

• Keepsoftwareup-to-datetomakesuresecurityfixesareapplied

• Turnofflocation-basedtrackingonallappsthatdonotneedittofunction

As wearables and the Internet of Things (IoT) gain ground, security teams will need to update their security policies, business continuity, and

incident response plans to accommodate the vast amount of new devices that could be introduced into the workplace.7

MobileApplicationsSharingDataWithThird-PartiesA big debate in 2015 was whether mobile applications should be able to share user data with third-parties, especially if users were unaware

of these actions. It is estimated that almost 30 percent of mobile apps sell personal data to third parties.8 While in many cases users are

consenting to sharing their information in order to use the application (i.e. similar to agreeing to Apple’s terms and agreement to use iTunes),

in 2015 it became more widespread for apps to share or ‘leak’ data without the owner’s consent.

7 http://searchsecurity.techtarget.com/answer/How-can-proper-BYOD-and-IoT-device-onboarding-improve-security 8 http://www.networkworld.com/article/2930791/microsoft-subnet/what-apps-sell-or-steal-your-data-or-take-over-your-phone-privacyhawk-can-tell-you.html


When apps share information, not only is a

users’ personal information being shuffled

around without their knowledge, but also

if a third-party is breached, threat actors

can capture data to create sophisticated

social engineering and phishing campaigns.

A recent study showed that 73 percent of

Android apps share personal information

such as email addresses with third parties,

and 47 percent of iOS apps share geo-

coordinates and other location data.9 Apps

can share a unique ID to the individual,

enabling whoever has the data to track their

movements.10 If a hacker gets access to this

information, they could potentially uncover

places a user frequents, email addresses,

photos, contacts, and much more.

9 http://www.networkworld.com/article/3014185/mobile-wireless/how-ios-android-apps-share-your-data-without-notifications.html 10 http://jots.pub/a/2015103001/

9Mobile Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 Lookingglass Cyber solutions™

There has been substantial discussion with regards to tech companies being legally

required to provide law enforcement with backdoors to access encrypted data. events like

the 2015 Paris terrorist attacks, where the attackers reportedly used “end-to-end” encryption

to communicate through instant messaging services like WhatsApp and Telegram, have

further emboldened calls for the companies who own the proprietary encryption software

that drives these apps to voluntarily cooperate with law enforcement. However, end-to-end

encryption, which protects data-in-transit (sometimes known as data-in-motion), is only one

part of the problem facing law enforcement’s access to encrypted data.

encryption that prevents law enforcement from viewing the data stored on mobile

devices, also known as data-at-rest, presents another dilemma to authorities. According

to FBI Director James Comey, encryption hinders law enforcement’s access to data stored

on mobile devices, which could significantly delay the pursuit of criminal or terrorist activity

if authorities are not given a key or backdoor to the encryption mechanism. According to

one news report, smartphone encryption impeded the prosecution of 120 criminal cases.11

When it comes to encryption, many believe the issue revolves around access to the

encrypted data or communications. In reality, it’s about access to the mechanisms that

unlock or allow entry (encryption keys, backdoors, etc.) to end-user data, whether

that’s data-at-rest or in motion. For instance, cryptographic techniques like end-to-

end encryption make it almost impossible for unwanted, third-parties to intercept the

bidirectional communications, or data-in-transit, of two end-users.

Exploring The Encryption Debate

11 http://www.thedailybeast.com/articles/2015/12/28/manhattan-da-smartphone-encryption-foiled-120-criminal-cases.html


Currently, civil liberties and privacy concerns prevail over law enforcement requests. In a time where data breaches have become

a frequent occurrence exposing millions of victims, security professionals and consumers alike are championing the need for

increased security. In December 2015, Apple CeO Tim Cook defended his commitment to preserving user privacy through

encryption.12 The very same backdoors that would provide law enforcement a way into communication channels could be

leveraged by hostile actors seeking sensitive data or further admittance to other areas. If all companies maintained a backdoor to

these channels, these would pose an attractive target for all threat actors, from cyber criminals to nation-state actors.

Governments are divided on the topic of legally mandating backdoors in encrypted products. The United Kingdom leans in favor

of banning all end-to-end encryption, while the Dutch Government recently published a position paper in which it formally opposed

backdoors in any encryption products, citing the security and safety of consumers to be paramount.13 / 14 While the U.S. has not made

a decision on the topic, the Federal Bureau of Investigation (FBI), which has served as the advocate for backdoors, recently called

upon tech companies to alter their business models away from favoring customer privacy and towards public safety.15

The more law enforcement and government officials push for national security over privacy, the more fears of government

surveillance are raised. Interestingly, China has passed legislation similar to what is advocated by U.S. law enforcement. China’s

“Counterterrorism Law” specifically mandates Internet Service Providers (ISPs) to disclose encryption keys to government

authorities for the same security considerations as given by U.S. law enforcement officials.16

The encryption/privacy debate doesn’t appear to be coming to a resolution anytime soon, but organizations should stay abreast

of any news, as potential legislation could affect the privacy of their data.

Exploring The Encryption Debate (cont.)

12 http://abcnews.go.com/Technology/tim-cook-defends-encryption-smartphones/story?id=35885560 13 http://bgr.com/2015/12/22/apple-fights-weak-encryption-law/ 14 http://www.theregister.co.uk/2016/01/04/dutch_government_says_no_to_backdoors/ 15 http://www.wsj.com/articles/fbi-seeks-to-reframe-encryption-debate-1451417252 16 http://www.lexology.com/library/detail.aspx?g=851ceeee-75e0-42be-8ab9-5da0e670ebfa

11


The Hacking Of EverythingThe Internet of Things (IoT) – interconnected devices that can communicate without human control – is

growing, and fast. Analyst firm Gartner estimates that there will be almost 21 billion IoT devices by 2020

and market research firm IDC predicts there will be 30 billion by that date.17/ 18 While the convenience-factor

of IoT is great, the reality is that threat actors are taking advantage of all these newly-connected devices

and hacking anything and everything connected to the Internet.

The list of Internet-connected devices grows every day, and includes everything from wearables (fitness

trackers and smart watches), webcams, and cars to children’s toys, gaming devices, TVs, and refrigerators.

In 2015, we saw smart TV’s and refrigerators that could be hacked and used as a backdoor into

networks.19/20 We also witnessed some genuinely chilling things that a hacker could do to the computer in

cars.21 In July, two hackers showed how they could hijack a Jeep by hacking into its system, taking over

the vents, radio, and even the accelerator.

11

The 2016 Threat Landscape

02SeCTIOn

17 http://www.informationweek.com/mobile/mobile-devices/gartner-21-billion-iot-devices-to-invade-by-2020/d/d-id/1323081 18 http://www.forbes.com/sites/gilpress/2015/07/30/9-new-predictions-and-market-assessments-for-the-internet-of-things-iot/ 19 http://arstechnica.com/security/2015/11/man-in-the-middle-attack-on-vizio-tvs-coughs-up-owners-viewing-habits/ 20 https://www.yahoo.com/tech/a-samsung-smartfridge-just-got-hacked-are-your-127575156174.html 21 http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/


This increase in Internet-connected devices begs the question: How much

access do hackers have to these devices and what could they do with

that access? The answer varies, as some companies have implemented

mature security frameworks, while others have not.22 This self-regulation

of security protocols means hackers can target specific devices that are

less secure and exploit it in mass quantities. It is much easier to find the

vulnerability first and then decide what to do with it later.

In 2016, we expect that threat actors will increasingly attempt to breach

Internet-connected devices within individuals’ homes, especially devices

with cameras, such as webcams and gaming consoles. We saw an uptick

in this tactic in 2015, when some families became victims of pranks

through IP cameras, which may seem like a harmless prank at first, but

can have much larger consequences. Hackers can use their access to the

compromised system as a gateway for a number of malicious activities,

including using stolen information for blackmail or extortion, or using

camera access to scope out the interior spaces of office buildings or

homes in order to carry out physical attacks.

The adoption of radio frequency identification (RFID) and near field

communication (nFC) technologies will also lend a hand in a continued rise

in the hacking of Internet-connected things, as well as the multiplication

of hackable vectors on the average citizen. This will likely lead to a whole

range of crimes including theft, compromising photo and email leaks,

blackmail, espionage, and worse.

22 http://www.theverge.com/2015/1/27/7921025/will-self-regulation-be-a-huge-problem-for-privacy-in-the-internet-of


AppleDevicesWillIncreasinglyBeTargetedByHackersIn 2015, mobile hacking stories about new vulnerabilities found in Android devices dominated the news. However, as more people begin to

use iOS devices in 2016, we expect hackers to expand their focus to target Mac OS X and iOS platforms.

Since the App Store’s launch, Apple has touted strong security. now, as hackers become more sophisticated, we are seeing more malware

and vulnerabilities in Apple’s devices. Reports indicate that 2015 was the “most prolific year for Mac malware in history” with there being five

times more cases of malware instances than 2010-2014 combined.23 Mac OS X and iOS also registered the most disclosed vulnerabilities in

2015, with OS X having 384 security flaws and iOS having 375.24 One malware in particular, XcodeGhost infected as many as 4,000 apps and

compromised passwords and devices’ name, type, and universally unique identifier (UUID).25

Often times, jailbroken iOS devices are the reason malware can get onto the device. Removing the original security layers can allow threat

actors to install spyware or viruses, attack networks, and steal proprietary and personal information.26 As confirmed in the Hacking Team

breach this year, not only can malware can be installed physically onto a device, but also if that device is connected to a previously labeled

“Trusted” computer that has since been compromised.

You can make your device more secure by:

• Downloadingapplicationsfromonlytrustedsources

• Limitingnewapplicationpurchases

• Usingonlytrustedwirelessnetworks

• TurningoffWiFiandBlueToothconnectionswhennotneeded

• Notjailbreakingyourphone

23 http://bgr.com/2015/10/21/mac-malware-increase-2015/ 24 http://www.securityweek.com/mac-os-x-ios-registered-most-disclosed-vulnerabilities-2015 25 http://mashable.com/2015/09/21/ios-app-store-malware/#eF4kPDBDdkqH 26 https://support.apple.com/en-us/HT201954


MoreMobilePaymentSystemVulnerabilitiesIn 2015, Apple Pay, Samsung Pay, and Android Pay continued to increase

their footholds in the market as consumers looked to their smartphones as

a means of payment. Many of these payment systems, such as Apple Pay

and Android Pay are reliant on near field communication (nFC) technologies

– a short-range communication system that uses near field (nF) wireless to

connect compatible nF technologies together and exchange information

without the need of an Internet connection.27 Apple Pay and Android Pay in

particular are reliant on nFC technologies. nevertheless, the hype around

mobile payment systems has brought to light consumer concern around

potential security ramifications of systems using nFC technologies.28

The more mainstream nFC technologies become, the more they will

invariably be targeted by hackers. In 2015, there were several instances

of hostile actors exploiting mobile payment apps. In May, hackers targeted

the Starbucks payment app, which garnered concern given that the

previous year approximately $2 billion was processed in mobile payment

transactions, about one-sixth of which were conducted using the Starbucks

app.29 In October, suspected Chinese hackers breached Loop Pay, an

important component of Samsung Pay. While in this instance the hackers

appeared to be trying to steal the payment technology rather than any

financial data, the incident still shows how susceptible these platforms

are to attack.30

27 http://www.idigitaltimes.com/new-android-nfc-attack-could-steal-money-credit-cards-anytime-your-phone-near-445497 28 http://www.infosecurity-magazine.com/news/hackers-target-starbucks-mobile/ 29 http://www.nytimes.com/2015/10/08/technology/chinese-hackers-breached-looppay-a-contributor-to-samsung-pay.html?_r=0 30 http://www.bizjournals.com/stlouis/blog/biznext/2015/12/target-responds-to-walmart-with-its-own-mobile.html


Despite these initial attacks, mobile payment wallets continue to be implemented by retailers and other non-technology companies in order

to enhance the consumer shopping experience and provide efficient means to pay. In December 2015, both Target and Walmart announced

their intentions to develop their own mobile payment platforms. Walmart Pay in particular is designed to allow users to register the payment

type of their choice (e.g., credit card) and use their smartphone’s camera to scan QR codes at the register to check out.31

Movement towards mobile payment wallets has led the Merchant Customer exchange, a merchant-owned mobile commerce network created

to streamline customer shopping across all major retail verticals, to develop CurrentC, a mobile wallet that could be used by several retailers.32

If developed and implemented by several organizations, CurrentC would likely not only improve customer shopping habits, but draw

considerable attention from criminals looking to make the next big score.

Mobile payment systems are expected to have similar vulnerabilities that have plagued point-of-sale (PoS) systems, such as PoS malware and

Trojans. In 2013, one security researcher discovered that by installing Trojan relay software on a victims’ Android phone, the attacker could

initiate Google Pay payments using the nFC properties in the victim’s device.33 Similarly, in 2015, the same researcher found that hackers

could utilize the nFC properties on the victim’s mobile phone to steal money from the physical credit cards instead of Google Pay when the

cards came in contact with the phone. Identified as a “relay attack,” it allowed the forwarding of an entire wireless communication over a large

distance requiring four different components to execute a successful attack.34

Cyber criminals’ resilience and ingenuity in targeting and compromising targets will continue as mobile payment systems become more

mainstream. If the payout is high enough, a more involved plan is not out of the question. As with any app, companies need to be aware of

what their employees download onto their phones, regardless of if you have a Bring Your Own Device (BYOD) policy, if you provide corporate

phones, or if your employees input corporate credit card information into a mobile payment system. If compromised, hackers would be able

to redirect payments to alternate locations, as well as access any transaction data stored in these systems.35

31 http://www.forbes.com/sites/lauraheller/2015/12/21/walmart-and-target-will-win-big-with-mobile-wallets/#2715e4857a0b51b9f2062cac 32 http://www.reuters.com/article/us-target-mobile-payment-exclusive-idUSKBn0U11U920151218 33 http://www.idigitaltimes.com/new-android-nfc-attack-could-steal-money-credit-cards-anytime-your-phone-near-445497 34 http://www.idigitaltimes.com/new-android-nfc-attack-could-steal-money-credit-cards-anytime-your-phone-near-445497 35 http://offers.bluebox.com/resource-whitepaper-tis-the-season-risk-mobile-app-payments.html

16


As more Internet-connected devices enter the market, standard security protocols need to be put

into place in order to combat the threat of malicious actors. Multiple types of devices and operating

platforms mean more attack vectors for hackers. Organizations with BYOD policies need to be

aware of the type of devices being brought into the corporate environment, and create policies and

procedures to ensure the security of proprietary employee and client information. However, this will all

be ineffective unless a robust cyber security awareness training program is put in place. employees

need the proper training so they can identify and mitigate potential threats before they become a

bigger issue for your organization as a whole.

Conclusions

While your network may be secure, do you have visibility beyond the perimeter? Security is no longer about what you can see. What you can’t see is where the true threats hide.

Cyveillance, a LookingGlass Cyber Solutions company, offers an easy-to-use platform that enables security professionals the ability to see beyond the perimeter. Our solutions identify cyber and physical threats and risks across the globe, allowing you to mitigate and eliminate them before they disrupt your business.

We go beyond data to provide the threat intelligence that you need to achieve your organization’s business goals. Contact us today to learn more and get a free trial.

Using security intelligence technology can save companies up to $2.6 million when compared to companies not using security intelligence technologies. “2014 Global Report on the Cost of Cyber Crime.” Ponemon Institute; HP. 3 Dec. 2014. http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security-report

Cyber Threat Center

www.cyveillance.com/cyberthreatcenter

11091 Sunset Hills Road, Suite 210 Reston, Virginia 20190 Toll-Free: 888.243.0097 | Headquarters: 703.351.1000www.cyveillance.com [email protected]

© 2016 LookingGlass Cyber Solutions. All rights reserved. Cyveillance is a registered trademark of Cyveillance, Inc.

All other names are trademarks or registered trademarks of their respective owners

LookingGlass Cyber Solutions delivers advanced, comprehensive threat intelligence-driven solutions in four categories: machine readable threat intelligence (MRTI), threat intelligence management (TIM) with over 140 data sources transformed into threat intelligence, threat intelligence services, and threat mitigation. LookingGlass enables security teams to efficiently, effectively address threats at every stage of their lifecycle. For more information, visit www.lgscout.com.

Cyveillance, a LookingGlass Cyber Solutions company, is the leading provider of cyber threat intelligence, enabling organizations to protect their information, infrastructure, and employees from physical and online threats found outside the network perimeter. Founded in 1997, Cyveillance delivers an intelligence-led approach to security through continuous, comprehensive monitoring of millions of online data sources, along with sophisticated technical and human analysis. The Cyveillance Cyber Threat Center, a cloud-based platform, combines web search, social media monitoring, underground channel information, and global intelligence with investigative tools and databases of threat actors, domain names and IP data, phishing activity, and malware. Cyveillance serves the Global 2000 and the majority of the Fortune 50 – as well as global leaders in finance, technology, and energy – along with data partners and resellers. For more information, visit www.cyveillance.com.

Documents

Mobile Security Threat Landscape - LookingGlass Cyber · 4 Mobile security threat Landscape: recent trends and 2016 outlook 2016 Lookinglass yber Solutions Mobile-Ransomware Targeted