2015 Mobile Threat Report - The Rise of Mobile Malware
AGENDA
• State of mobile security
• Understanding the mobile threat landscape
• Infections vectors
• Top monetization schemes
• Emergence of the mobile cybercrime underground
• Consumer awareness of mobile security threats
2
THE STATE OF MOBILE SECURITY
Mobile downloads will increase to
108 billion by 2017. 2
Mobile malware is growing. Malicious
code is infecting more than
11.6 million mobile devices at any
given time. 3
In 2014 the number of cell phones
(7.3 billion) will exceed the
number of people on the planet (7 billion).1
Mobile devices and the apps we rely on
are under attack.
90% of the top mobile apps have
been hacked. 4
AS MOBILE GROWS, SO DO SECURITY THREATS
4
Responded that they do not know if they had been made vulnerable
Do not know whether they had any corporate assets hijacked for botnet use or if they had any user credentials stolen in 2014.
Do not know if they had become victimized by an advanced persistent threat (APT)
SECURITY IS LAGGING
5
FS-ISAC
Regulations
REGULATORS AND INDUSTRY BODIES CALL TO SECURE THE MOBILE CHANNEL
Regulations
UNDERSTANDING THE MOBILE THREAT LANDSCAPE
6
Jailbroken/ Rooted Outdated OS
Unsecure Wifi
Mobile Malware
Rogue Apps
App Vulnerabilities
Stolen Device BYOD
App hacking
Secure?
Fake Apps
UNDERSTANDING THE MOBILE THREAT LANDSCAPE
7
Security Intelligence
Secure the Device
Secure the Application
Identity, Fraud, and Data Protection
Secure the Transaction Personal and
Consumer Enterprise
Secure the Device Secure the Application Secure the Transaction
Security Intelligence
Stolen Device
App Vulnerabilities
HIGH LOW Solutions for the Spectrum of Business Span of Control
Business Partners
Consumer Transactions
Task/Temp Workers
Employees w/BYOD
Corporate Owned Assets
Outdated OS
Jailbroken/ Rooted
Unsecure Wifi App hacking Fake Apps
Rogue Apps / Mobile Malware
Mobile fraud
Vulnerable devices
Data Breach
MOBILE DEVICE RISK
8
Risk
Jailbroken/ Rooted
Outdated OS
Unsecure Wifi
Malware Rogue Apps
Stolen Device
THE MALWARE IS OUT THERE
9
H1’ 2015 infection rates
10
87% 72%
MOBILE MALWARE TOP MONETIZATION SCHEMES
• Financial information stealers
• 2-Factor Authentication/One-Time-Passwords/Token codes hijacking
• Telephony Fraud
• Scare-Ware and Dummy Apps
• The Top-Up Trojan
• Mobile Ransomware
MOBILE BANKING FRAUD
12
MOBILE RANSOMWARE
13 13
OLD “FRIENDS” CRASH THE PARTY
MALWARE LEADS TO MALWARE
14
15
INFECTION VECTORS - PHISHING / SMISHING
15
16
CROSS-CHANNEL INFECTIONS
•Cybercriminals convince users to supply mobile phone number to install app on phone via malware or phishing
•Users installs fake security application and enters “activation code” in PC malware confirming they completed the mobile install
•Malware captures all SMS traffic, including OTP and forwards to fraudsters allowing fraudulent transfers via Web and using captured OTP to bypass authentication
16
Coordinated attacks across PC and mobile
INFECTION VECTORS – FAKE APPS
17 17
Over 80,000 users have granted the apps permission
to run on their browser, despite the warning the games
will receive full access to a player’s web activity
18
VULNERABLE DEVICES
18
19
INFECTED APPS ON THE OFFICIAL STORES
19
OTHER INFECTION VECTORS
20
21
EMERGENCE OF THE MOBILE CYBERCRIME UNDERGROUND
22 22
UNDERGROUND DISCUSSIONS
24
THE MOBILE MALWARE ECO SYSTEM
EXAMPLE OF MOBILE MALWARE OFFERING
• Gain administrator privilege level on the device
• Grab and send all device information (Phone number, ICCD, IMEI, IMSI, Model, OS)
• Intercept and send out SMS content to admin panel and controlling number.
• Covertly send SMS to any number – invisible to the victim and grab all incoming and outgoing SMS content.
• Redirect calls from the device to another number.
• Grab all contact and call logs and send to admin panel.
• Record audio files via the devices camera and send to admin panel.
25
EXAMPLE OF UNDERGROUND PRICE LIST
26
ITEM PURPOSE PRICE* PRICING MODEL
BOT ADMIN PANNEL
MANAGE A BOTNET $4000 DOWN + $500 MONTHLY FEES
TO RENT
MAZWLTOV! MALWARING SPREADING $3000 SERVICE SPYWARE CYBER-ESPIONAGE $7,000 TO OWN BANKIR FINANCIAL INFORMATION
STEALER
$5000 TO OWN
X-iTmo SMS 2FA INTERCEPTOR $715 TO RENT (3 MONTHS)
*Prices In USD. Original prices are in USD or BTC
27
390
609
355
CONSUMER AWARENESS OF MOBILE SECURITY THREATS
IBM MOBILE SECURITY FRAMEWORK
28
MobileFirst Protect (MaaS360)
AppScan, Arxan, Trusteer M; bile SDK
AirWatch, MobileIron, Good, Citrix, Microsoft, Mocana
HP Fortify, Veracode, Proguard CA, Oracle, RSA
• Manage multi-OS BYOD environment
• Mitigate risks of lost & compromised devices
• Separate enterprise and personal data
• Enforce compliance with security policies
• Distribute & control enterprise apps
• Build and secure apps & protect them “in the wild”
• Provide secure web, mobile, API access control
• Meet ease-of-use expectation
Extend Security Intelligence
• Extend security information & event management (SIEM) to mobile platform
• Incorporate mobile log management, anomaly detection, configuration & vulnerability mgmt
Protect Devices Secure Content & Collaboration Safeguard Applications & Data Manage Access & Fraud Extend Security Intelligence
DATA
Personal and Consumer
Enterprise
Manage Access & Fraud
Safeguard Applications & Data
Secure Content & Collaboration
Protect Devices
NEW CSX TRAINING & CERTIFICATIONS
Introducing CSX Skills-Based Cybersecurity Training and Performance-Based Certifications! • Designed to help you build, test and showcase your skills in critical areas of cybersecurity – and prove you have the ability to do the job
from day one.
• Unlike other certifications available today which test for knowledge in a question and answer format, CSX training and exams are conducted in a live, virtual “cyber lab” environment — providing validation of actual technical skill, ability and performance.
• Training courses will be available through leading global training partners, to help professionals build skills needed at each certification level
29