2015 Mobile Threat Report - The Rise of Mobile Malware

AGENDA

• State of mobile security

• Understanding the mobile threat landscape

• Infections vectors

• Top monetization schemes

• Emergence of the mobile cybercrime underground

• Consumer awareness of mobile security threats

2

THE STATE OF MOBILE SECURITY

Mobile downloads will increase to

108 billion by 2017. 2

Mobile malware is growing. Malicious

code is infecting more than

11.6 million mobile devices at any

given time. 3

In 2014 the number of cell phones

(7.3 billion) will exceed the

number of people on the planet (7 billion).1

Mobile devices and the apps we rely on

are under attack.

90% of the top mobile apps have

been hacked. 4

AS MOBILE GROWS, SO DO SECURITY THREATS

4

Responded that they do not know if they had been made vulnerable

Do not know whether they had any corporate assets hijacked for botnet use or if they had any user credentials stolen in 2014.

Do not know if they had become victimized by an advanced persistent threat (APT)

SECURITY IS LAGGING

5

FS-ISAC

Regulations

REGULATORS AND INDUSTRY BODIES CALL TO SECURE THE MOBILE CHANNEL

Regulations

UNDERSTANDING THE MOBILE THREAT LANDSCAPE

6

Jailbroken/ Rooted Outdated OS

Unsecure Wifi

Mobile Malware

Rogue Apps

App Vulnerabilities

Stolen Device BYOD

App hacking

Secure?

Fake Apps

UNDERSTANDING THE MOBILE THREAT LANDSCAPE

7

Security Intelligence

Secure the Device

Secure the Application

Identity, Fraud, and Data Protection

Secure the Transaction Personal and

Consumer Enterprise

Secure the Device Secure the Application Secure the Transaction

Security Intelligence

Stolen Device

App Vulnerabilities

HIGH LOW Solutions for the Spectrum of Business Span of Control

Business Partners

Consumer Transactions

Task/Temp Workers

Employees w/BYOD

Corporate Owned Assets

Outdated OS

Jailbroken/ Rooted

Unsecure Wifi App hacking Fake Apps

Rogue Apps / Mobile Malware

Mobile fraud

Vulnerable devices

Data Breach

MOBILE DEVICE RISK

8

Risk

Jailbroken/ Rooted

Outdated OS

Unsecure Wifi

Malware Rogue Apps

Stolen Device

THE MALWARE IS OUT THERE

9

H1’ 2015 infection rates

10

87% 72%

MOBILE MALWARE TOP MONETIZATION SCHEMES

• Financial information stealers

• 2-Factor Authentication/One-Time-Passwords/Token codes hijacking

• Telephony Fraud

• Scare-Ware and Dummy Apps

• The Top-Up Trojan

• Mobile Ransomware

MOBILE BANKING FRAUD

12

MOBILE RANSOMWARE

13 13

OLD “FRIENDS” CRASH THE PARTY

MALWARE LEADS TO MALWARE

14

15

INFECTION VECTORS - PHISHING / SMISHING

15

16

CROSS-CHANNEL INFECTIONS

•Cybercriminals convince users to supply mobile phone number to install app on phone via malware or phishing

•Users installs fake security application and enters “activation code” in PC malware confirming they completed the mobile install

•Malware captures all SMS traffic, including OTP and forwards to fraudsters allowing fraudulent transfers via Web and using captured OTP to bypass authentication

16

Coordinated attacks across PC and mobile

INFECTION VECTORS – FAKE APPS

17 17

Over 80,000 users have granted the apps permission

to run on their browser, despite the warning the games

will receive full access to a player’s web activity

18

VULNERABLE DEVICES

18

19

INFECTED APPS ON THE OFFICIAL STORES

19

OTHER INFECTION VECTORS

20

21

EMERGENCE OF THE MOBILE CYBERCRIME UNDERGROUND

22 22

UNDERGROUND DISCUSSIONS

24

THE MOBILE MALWARE ECO SYSTEM

EXAMPLE OF MOBILE MALWARE OFFERING

• Gain administrator privilege level on the device

• Grab and send all device information (Phone number, ICCD, IMEI, IMSI, Model, OS)

• Intercept and send out SMS content to admin panel and controlling number.

• Covertly send SMS to any number – invisible to the victim and grab all incoming and outgoing SMS content.

• Redirect calls from the device to another number.

• Grab all contact and call logs and send to admin panel.

• Record audio files via the devices camera and send to admin panel.

25

EXAMPLE OF UNDERGROUND PRICE LIST

26

ITEM PURPOSE PRICE* PRICING MODEL

BOT ADMIN PANNEL

MANAGE A BOTNET $4000 DOWN + $500 MONTHLY FEES

TO RENT

MAZWLTOV! MALWARING SPREADING $3000 SERVICE SPYWARE CYBER-ESPIONAGE $7,000 TO OWN BANKIR FINANCIAL INFORMATION

STEALER

$5000 TO OWN

X-iTmo SMS 2FA INTERCEPTOR $715 TO RENT (3 MONTHS)

*Prices In USD. Original prices are in USD or BTC

27

390

609

355

CONSUMER AWARENESS OF MOBILE SECURITY THREATS

IBM MOBILE SECURITY FRAMEWORK

28

MobileFirst Protect (MaaS360)

AppScan, Arxan, Trusteer M; bile SDK

AirWatch, MobileIron, Good, Citrix, Microsoft, Mocana

HP Fortify, Veracode, Proguard CA, Oracle, RSA

• Manage multi-OS BYOD environment

• Mitigate risks of lost & compromised devices

• Separate enterprise and personal data

• Enforce compliance with security policies

• Distribute & control enterprise apps

• Build and secure apps & protect them “in the wild”

• Provide secure web, mobile, API access control

• Meet ease-of-use expectation

Extend Security Intelligence

• Extend security information & event management (SIEM) to mobile platform

• Incorporate mobile log management, anomaly detection, configuration & vulnerability mgmt

Protect Devices Secure Content & Collaboration Safeguard Applications & Data Manage Access & Fraud Extend Security Intelligence

DATA

Personal and Consumer

Enterprise

Manage Access & Fraud

Safeguard Applications & Data

Secure Content & Collaboration

Protect Devices

NEW CSX TRAINING & CERTIFICATIONS

Introducing CSX Skills-Based Cybersecurity Training and Performance-Based Certifications! • Designed to help you build, test and showcase your skills in critical areas of cybersecurity – and prove you have the ability to do the job

from day one.

• Unlike other certifications available today which test for knowledge in a question and answer format, CSX training and exams are conducted in a live, virtual “cyber lab” environment — providing validation of actual technical skill, ability and performance.

• Training courses will be available through leading global training partners, to help professionals build skills needed at each certification level

29