The “Five W’s” of Mobile Device Malware: W ho, W hat, W hen, W here, and W hy? … and What Can be Done About It? Kevin McPeak, CISSP, ITILv3 Technical Architect,

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Smart Identity Protection That Works for You and Your Users 2 Petri Ala-Annala Senior Principal, CISSP-ISSAP, CISA, CISM.
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
Symantec Education Skills Assessment SESA 3.0 Feature Showcase
K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Online Shopping Self-Defense
1 Online Self-Defense: Avoiding Scams Chau Mai December 5, 2013.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
Bill McClanahan – Principal Business Consultant LPS Integration.
Security for Today’s Threat Landscape Kat Pelak 1.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.
CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Cyber Crimes.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Mobile Devices Carry Hidden Threats With Financial Consequences Hold StillInstalled.
UNCLASSIFIED User Guide Applicant. UNCLASSIFIED Table of Contents What is the SAFETY Act? Applicant Guide Help Desk.
The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access to information and.
Staying Safe Online Keep your Information Secure.
Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.
1 Safely Using Shared Computers Amanda Grady December 2013.
President’s Forum and WSML 2012 Mobile Market Dynamics Deborah Clark, Dawn Davis, Brian Duckering, Marie Pettersson 1 “A Day in the Life of a Mobile Family”
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Quick Thoughts on PGP Use Cases for KMIP 1 Michael Allen Sr. Technical Director.
The current state of Cybersecurity Targeted and In Your Pocket Dale “Dr. Z” Zabriskie CISSP CCSK Symantec Evangelist.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Type presentation name here in slide master © 2007 SDL. Company Confidential. Forward-looking information is based upon multiple assumptions and uncertainties.
Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.
DST 2007 ██ Areas that observe daylight saving time ██ Areas that once observed daylight saving time ██ Areas that have never observed daylight saving.
Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.
The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access to information and.
MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.
Installation of Storage Foundation for Windows High Availability 5.1 SP2 1 Daniel Schnack Principle Technical Support Engineer.
1 APJ Curriculum Paths for Partners Specialization Accelerates Shirley Hoon APJ Partner Enablement Partner Enablement Oct
Copy to Tape TOI. 2 Copy to Tape TOI Agenda Overview1 Technical Feature Implementation2 Q&A3.
Shared Engineering Services APJ Ghostdetect ver 1.0 for SPC Donghyun Seo Dec 12, 2008.
Introducing the Smartphone Pentesting Framework Georgia Weidman Bulb Security LLC Approved for Public Release, Distribution Unlimited.
Cybersecurity Test Review Introduction to Digital Technology.
Optimized Synthetics 1 OpenStorage Optimized Synthetics.
Type presentation name here in slide master © 2007 SDL. Company Confidential. Forward-looking information is based upon multiple assumptions and uncertainties.
Partner Proctored Assessment Registration Process Ajit Jha 1 Partner Assessment.
Cyber Security in the Post-AV Era Amit Mital Chief Technology Officer General Manager, Emerging Endpoints Business Unit.
HOW TO HACK SOMEONES CELL PHONE CAMERA. Today, mobile phone is one of the most recent things you carry with you everywhere all day dragon. It’s not just.
SARAH FRYE CEO Today, mobile phone is one of the most recent things you carry with you everywhere all day dragon. It’s not just for communication purpose.
STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Websms Offers Professional Messaging Solutions via Web, , Gateway or Directly Out of Excel (Online) on the Microsoft Office 365 Platform OFFICE 365.
Avoiding Frauds and Scams Barbara Martin-Worley Director, Consumer Fraud Protection 18 th Judicial District Attorney’s Office Serving Arapahoe, Douglas,
Maximize Profits Through Stronger Security Brook Chelmo Product Marketing
Deployment Planning Services
WEL-COME Norton Internet Security Service Number Norton Internet Security Service Number
3.6 Fundamentals of cyber security
THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.
Deployment Planning Services
Services Course 9/9/2018 3:37 PM Services Course Windows Live SkyDrive Participant Guide © 2008 Microsoft Corporation. All rights reserved.
Norton technical support Norton.com/Setup | Norton Setup and Install with Product Key Norton Antvirus Activation For protection against.
Get Office 2016 with Office 365 and get down to business
Risk of the Internet At Home
Automation in an XML Authoring Environment
12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.
This presentation document has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational.
MyLion Registration Website | Mobile device
Microsoft Data Insights Summit
In the attack index…what number is your Company?
Introduction to mobile app development Module 1 - Introduction
Mobile App Management David Alessi — Support Topic Owner for Enterprise Windows Phone, Microsoft Corporation Simon May — Enterprise Device Infrastructuralist,
Microsoft Data Insights Summit
Presentation transcript:

The “Five W’s” of Mobile Device Malware: W ho, W hat, W hen, W here, and W hy? … and What Can be Done About It? Kevin McPeak, CISSP, ITILv3 Technical Architect, Security Symantec Public Sector Strategic Programs

W ho Can Be Affected by Mobile Malware? Governmental, Commercial, and Home Users Apple iOSAndroid BlackBerryWindows Mobile The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? W ho Creates & Distributes Mobile Malware? Cyber Criminals and their Accomplices Malware DevelopersMules Mobile Botnet OperatorsCyber Thieves Espionage RingsHacktivists 2

W hat is Mobile Malware and How Do We Count Them? Each of these applications contain the same piece of malware embedded in them Each piece of malware is counted as one Family – If this malware is modified the new version counts as a Variant We would count the five apps as Samples We do not report on Samples, but many vendors do The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? 3

W hat is the Growth Rate of Android Malware? The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? 4

Vulnerabilities & Mobile Malware The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? W hat Mobile Platform Has the Most Vulnerabilities? …What Mobile Device Type Has the Most Threats? 5

W hat Types of Mobile Malware Exist? The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? 6

W hen is Mobile Malware Active? The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? When Mobile Data is Collected: When IMEI7 and IMSI8 numbers are taken by attackers as a way to uniquely identify a device. When Users Are Tracked: When communication data such as SMS messages, call logs, GPS coordinates, calendar events, or personal photos are exfiltrated. Or when a device is hijacked to serve as an spam relay system, thus allowing unwanted s to be sent from addresses registered to the device. When Device Settings are Changed: When an attempt is made to elevate privileges or modify OS settings to perform further actions on the compromised devices. When Bad Apps Send Out Content: When an app sends a text message to a premium SMS number, ultimately appearing on the mobile bill of the device’s owner. 7

Where is Mobile Malware Found? The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? Third-Party App Stores Hosting the Most Malware 8

Where is Mobile Malware Found? The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? 9

W hy is Mobile Malware Developed? The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? …. because There is Significant Illicit Money Being Made Premium SMS Messages Mobile Adware (Madware) Stealing Information Bank Fraud Ransomware Botnets and Spam 10

The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? Information Stealing Malware Android.Sumzand 1.User received with link to download app 2.Steals contact information 3.Sends promoting app to all contacts 11

Mobile & Social Everyone Likes to be Liked And there’s an App for that! 12

Mobile & Social Instlike gives you 20 free likes on your Instagram photos And you can buy more 13

Mobile & Social Just give the app developer your login and password Don’t worry, he promises not to steal your account Internet Security Threat Report 2014 :: Volume

Mobile & Social Thousands of mobile users willing gave away their addresses and passwords for nothing more than a Like. Mobile users are at risk, even from themselves. 15

Internet of Things – The Future Wearable Devices will soon be measuring: Pulse Weight Time Slept Glucose Levels Blood Pressure Exposure to sunlight Teeth Brushing And more… As more of our personal information travels the Internet what will become of it? 16

72 % 90 % 78 % 56 % 48 % 33 % DELETE SUSPICIOUS S FROM PEOPLE THEY DON’T KNOW HAVE AT LEAST A BASIC FREE ANTIVIRUS SOLUTION AVOID STORING SENSITIVE FILES ONLINE Mobile Security IQ Source: Norton Report 17

Vulnerability Patching Service Providers iOSGoogle OEMs The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? … The Problem Exists, so What Can be Done About It? 18

The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? … What Can be Done About It? (Continued) 19

The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? … What Can be Done About It? (Continued) NIST Special Publication "Technical Considerations for Vetting 3rd Party Mobile Applications" Allows Federal agencies to assess the following for any given mobile app: Security Behavior Reliability Performance AppVet: In conjunction with DARPA, NIST developed the AppVet program: Allows Feds to submit an app for testing Uses open source and commercially available tools 20

The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why? Deploy Mobile Security Software Throughout Your Organization: At a minimum, this software should scan and identify threats from any mobile apps or content that the user downloads. Establish a Robust, Highly Secure Mobile Device Management Framework for Your Agency: Managing your organization’s mobile devices is not just about remote wipe commands for lost/stolen devices and OTA password resets. You should also setup a system for mobile app management across the entire app lifecycle. Likewise, you should manage your organization’s mobile content ecosystem in the same secure end-to-end manner. … What Can be Done About It? (Continued) Enforce User Mobile Security Training: Users must be constantly reminded to avoid clicking on suspicious links in messages, to keep their personal mobile devices updated, and to only download apps from officially sanctioned App Stores. 21

Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Kevin symantec.com/threatreport mobilesecurity.com/ The “Five W’s” of Mobile Device Malware: Who, What, When, Where, and Why?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.