Upload
skycure
View
171
Download
0
Embed Size (px)
Citation preview
PowerPoint Presentation
HOW TO PROTECT YOUR ORGANIZATION FROM A DEVASTATING NEW ANDROID VULNERABILITYBrian Duckering, Head of Product Marketing, Skycure
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Meet Your SpeakerBrian DuckeringHead of Product MarketingSkycure
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Quick HousekeepingThere will be time for Q&A at the endAsk questions using the GTW chat paneThe webinar is being recordedAll attendees will receive a copy of the slides/recording
Join the discussion #MobileThreatDefense
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Old Endpoint vs. New Endpoint
IPSIDSFIREWALLUSBSECURITYDLPDATA ENCRYPTIONWIRELESS SECURITYAPPLICATION CONTROLAV
?
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Mobile Threat Landscape
Physical
Network
Vulnerabilities
Malware
?
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
What is Accessibility Clickjacking?Android Malware & VulnerabilityDiscovered by Skycure Research LabsMarch 2016Undetectable (other than by Skycure)Invisible to the end userAffects all except Marshmallow OSCompromises container solutions
Exploitation methodTricks the user into granting unlimited rights to view and control the device
95.4% of all Android devices in use today
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#How it worksLeverages 2 otherwise benign Android features:
Accessibility ServicesDesigned to facilitate interaction with the device for the vision impairedAccesses ALL textual information
Graphic OverlayAllows apps to draw over other apps and pass touches to the lower app
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Consequences of Accessibility ClickjackingGrants hacker ability to
View/steal ALL textual informationMessage, Mail, Docs, etc.Container (MAM) data
Gain admin access
Encrypt device and change passcodeRansomware
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Android Version Distribution and VulnerabilityVersionCodenameAPIDistributionVulnerable to Accessibility Clickjacking?Android Protection Measures2.2Froyo80.1%YesNo protection2.3.3 -2.3.7Gingerbread102.6%Yes4.0.3 -4.0.4Ice Cream Sandwich152.2%Yes4.1.xJelly Bean167.8%Yes4.2.x1710.5%Yes4.3183.0%Yes4.4KitKat1933.4%Yes5.0Lollipop2116.4%YesRestrict pass-through clicks for the OK button5.12219.4%Yes6.0Marshmallow234.6%NoRequire manual activation of pass-through clicks
Source: Android.com, May 3, 2016Froyo MarshmallowIce Cream SandwichGingerbreadJelly BeanKitKatLollipop
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Accessibility Clickjacking Live Demo
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Accessibility Clickjacking RemediationUpgrade to the latest OS
Install apps from reputable storesWe recommend Google PlayTurn off 3rd party app installationUse a secure app installer
Install a Mobile Threat Defense Solution
TURN THIS OFF
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
VulnerabilitiesMalware Network
Can Traditional Solutions Catch AC?Traditional Mobile Malware AnalysisServer-side analysis onlySignature/Static/Dynamic
Too Little, Too Late!
Ideal Solution Is Holistic3-layer strategyLeverage MDM functionsAutomated enforcement
DeviceServerCrowd Wisdom
Physical
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Holistic Defense Against MalwarePredictReputation analysis what it isApp, Developer, Store,
DetectBehavior analysis what it doesWhat is the app doing?How is the app doing it?
ProtectProactive protection how to stop it
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Brian Duckering (BCD [11]) - Any changes to the graphics on the previous slide should be reflected here. Be sure to follow animations to make sure the transitions make sense.
Skycure Malware Analysis ModulesSource AnalysisPackage SegmentationGradual Analysis
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Brian Duckering (BCD [13]) - Also an added slide from another deck like slide 10 and the 2 following this. Any update in the look should carry through. Beware of lots of animations.Skycure Malware Analysis ModulesSource AnalysisPackage SegmentationGradual Analysis Signatures Analysis Static AnalysisDynamic Analysis
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Brian Duckering (BCD [14]) - Same comments as previous slide. Make sure Skycure logo doesn't appear.
Skycure Malware Analysis Modules Crowd Wisdom helps to understand the Entire Attack Flow
Source AnalysisPackage SegmentationGradual Analysis Signatures Analysis Static AnalysisDynamic AnalysisLegitimate App ProfilingRepackage DetectionAttacker Profiling
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Brian Duckering (BCD [16]) - Same comments as previous slide. Make sure Skycure logo doesn't appear.
VulnerabilitiesMalware Network
Skycure Mobile Threat DefenseHolisticDefend against all attack vectorsDeep, layered analysis
PatentedUnique analytics, detection, remediation
PublicRespects user/corporate privacyFuture proof and stableMinimal CPU/battery impact
DeviceServerCrowd Wisdom
Physical
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Skycure Solution OverviewPhysical
Network
Vulnerabilities
Malware
24x7 detection and protectionNetwork, device and app analysisMulti platform
SeamlessexperiencePrivacyMinimalfootprintEnd-User App
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Physical
Network
Vulnerabilities
Malware
Policy enforcementRisk-based managementEnterprise integrations
Security
Visibility
IT SatisfactionManagement24x7 detection and protectionNetwork, device and app analysisMulti platform End-User App
SeamlessexperiencePrivacyMinimalfootprint
Skycure Solution Overview
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Skycure Solution OverviewMobile Threat Intelligence Platform
Physical
Network
Vulnerabilities
Malware
Policy enforcementRisk-based managementEnterprise integrationsVisibility
Security
Visibility
IT SatisfactionManagement24x7 detection and protectionNetwork, device and app analysisMulti platform
SeamlessexperiencePrivacyMinimalfootprintEnd-User App
1 Million+ Global Threats Identifiedhttps://maps.skycure.comReal-Time ThreatIntelligence
CrowdWisdom
Millions ofmonthly tests -apps & networks
SkycureResearch
No iOS Zone, Malicious Profiles, WiFiGate, LinkedOut
ThreatAggregator
Dozens of threat feeds from 3rd parties
LegitimateServices
Attackers & Threats
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Is your organization vulnerable?2 Step Enterprise Trial ProcessStep 1 Download Skycure Public App (Recommendation: 5-20 devices) Step 2 Review Skycure Assessment Report in 4 weeks
What do we usually find?NUMBER OF DEVICES WITH MALICIOUS APPS INSTALLEDPERCENTAGE OF DEVICES EXPOSED TO NETWORK THREATSPERCENTAGE OF MOBILE DEVICES RUNNING OS WITH HIGH-SEVERITY VULNERABILITIES
EVERY ORG with 200+ employees had iOS malwareof Androiddevices
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Next Steps
TRIALRequest a FREE 30 day trial!
https://www.skycure.com/trial1-800-650-4821 [email protected]
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#