Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Slides:



Advertisements
Similar presentations
User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)
Advertisements

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.
By Hiranmayi Pai Neeraj Jain
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
7 Effective Habits when using the Internet Philip O’Kane 1.
Security for Today’s Threat Landscape Kat Pelak 1.
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
Microsoft Ignite /16/2017 4:54 PM
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Norman SecureSurf Protect your users when surfing the Internet.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Cyber Crimes.
A Comprehensive Guide to Mobile Targeted Attacks (and What Can You Do About It) Ohad Bobrov, CTO twitter.com/LacoonSecurity.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
BUSINESS B1 Information Security.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
An Inside Look at Mobile Security Android & iOS Zachary Hance & Andrew Phifer Dr Harold Grossman.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Lieberman Software Random Password Manager & Two-Factor Authentication.
Mobilize employees, field workers, and business partners with layered security infrastructure for mobile apps, Fiori apps, content, and devices Andreas.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.
Gary Gruba Systems Engineer Absolute Manage MDM Managing iPhones, iPads, iPod Touches and Android Dougald MacNaughton Account Executive.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
Marin Frankovic Datacenter TSP
MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.
MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.
© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.
NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Mobile Device Security Threats Christina Blakley Host Computer Security.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.
Information Systems Design and Development Security Precautions Computing Science.
Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.
2014 From Phish to Phraud Kat Seymour October 10, 2014 #GHC
KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Sophos Central for partners and customers: overview and new features
IT Security Awareness Day October 19, 2016
Deployment Planning Services
Do you know who your employees are sharing their credentials with
Secure Software Confidentiality Integrity Data Security Authentication
Authentication 2.0: User Generated Security
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Forensics Week 11.
Jon Peppler, Menlo Security Channels
Teaching Computing to GCSE
Call AVG Antivirus Support | Fix Your PC
12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.
Symantec Web Isolation Secure Access to Uncategorized and Risky Sites Protect Your Most Privileged Users Prevent Phishing and Ransomware Attacks John Moore.
Secure once, run anywhere Simplify your security with Sophos
Protecting your data with Azure AD
Security Trends and Threats Affecting Innovations in Technology
Threat Landscape Update
Presentation transcript:

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO

2 CyberCrime: Threats Against Mobile Devices October 2012 “User-owned computers and smart phones are more than twice as likely to be infected with malware”

3 Advanced Persistent Threats APTs typically involve compromises of users’ devices or credentials 45% of enterprises see increase in spear phishing attacks targeting employees

4 9 Critical Threats Against Mobile Workers 1.Malware, Trojans, Zero-day Attacks 2.Key loggers 3.Compromised Wi-Fi Hotpots 4.Poisoned DNS 5.Malicious & Privacy Leaking Apps 6.Jail broken & Rooted Devices 7.Un-patched OS Versions 8.Spear Phishing 9.Advanced Persistent Threats

5 Bring Your Own Device = New Threats Multiple users per device, with many apps and websites visited Users connect to 10+ networks a month Attacks against end-users give access to corporate networks, data, and cloud services Cyber-criminals know this

7 Phishing Continues To Explode Phishing and Spear-Phishing is At Record Levels

8 Spear-Phishing Spear-phishing is the #1 way that APTs are instigated Use DNS blacklisting to prevent access to phishing sites

9

10

11 Service Providers Are An Important Attack Vector

12 RSA Security breached Targeted spear phishing infected several employees’ computers Seeds and serial numbers for tens of millions of SecureID tokens stolen Key customers attacked after this

13

14

15 Android Fragmentation

16 Exponential Growth in Mobile Malware Source: Kaspersky Labs, March 2013

17 Sites infected with bad iFrame Checks User-Agent Update.apk sent to browser Installed if device allows apps from unknown sources com.Security.Update

18 Hacked Apps Posted to Markets

19 Example: Fake Instagram

20 Example: Fake Authentication Apps

21 Example: Battery Monitor Trojan

22 Compromised WiFi Hotpots WiFi hotspots can intercept and redirect traffic Evil-Twin attacks, DNS attacks, network snooping, session hijacking & sidejacking You need a VPN service for all users, on every WiFi

23 Sidejacking on Public WiFi

24 Poisoned DNS DNS poisoning takes remote employees to criminal sites Can be poisoned upstream at the ISP, not just at the WiFi hotspot Apps are particularly vulnerable due to poor implementations of certificate validation

25 DNS attacks recently reported

26 Privacy Leaking Apps Legitimate apps may upload your corporate directory to a service in the cloud That service may be hacked or resold, exposing all of your employees to spear-phishing attacks You should deploy a cloud service to scan and analyze apps for malicious behavior and privacy violations

27 Jail-broken & Rooted Devices You should prevent access from jail-broken iPhones and rooted Android devices Jail-broken/rooted devices have almost zero security protections

28 Unpatched OS Versions Unpatched OS and plug-ins are the main attack vector of criminals against your users

29 Live Example This example is a live example of taking over the iTunes app on an iPad Click twice and enter your device password. You’re owned.

30 Phishing or Spear-Phishing Lure

31 iOS Allows Unsigned and Unverified Profiles

32 Click “Install Now”

33 Enter Your Device Password (if you have set one)

34 iTunes App Removed, Fake iTunes Installed

35 Use Fake iTunes To Steal Passwords, etc

36 Things That A Profile Can Change Safari security settings can be disabled Javascript settings Local app settings Allow untrusted TLS connections Device settings Install X.509 certificates

37 Even Worse: Hostile MDM Profile Expands the scope of malicious capabilities to include ‒ App replacement and installation ‒ OS replacement ‒ Delete data ‒ Route all traffic to Man-In-The-Middle sites

38 Architecture App Feeds Marble App Reputation Database Analyze and add to database Download App Prioritize App Marble App Analysis Instrumented Marble Access Networks WiFis DNS reports App reports Device fingerprints Marble Threat Database Marble Threat Reports Policies & Data Threat Detection Marble Control Marble Threat Lab Design PoC Implement and test Poc Monitor for threat Create Remediation or Detection in our Product Propose or discover threat Network Feeds Marble Access

39 App Analysis Architecture Rate High Priority App Download from client or app store Analyze automatically and possibly manually 3 rd Party Feeds Analyze and add to database Download App Prioritize App Marble App Reputation DB Rate by newness, behaviour, publisher, spread rates Download from various app stores & sideloading sites Use Android Grinder and other tools for analysis Incident Response & Analysts Team

40 Marble’s Dynamic App Security Architecture Google Play Marble Access Mobile Device Client User Interface Alerts & Reports Analytics Engine Rules Controller/ Scheduler App Crawler Risk Engine Correlation Engine Marble Security Lab Jammer Scanner Database Real-time user interface simulation DNS lookups, network threat correlation engine Network Information Network Threat Database Data FeedsStored Apps Customer’s Security Admin Marble Security Analysts Marble Control Service App Queue Analyzer Apple App Store Other App Stores Dynamic App Analysis Engine

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.