Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Comprehensive Guide to Mobile Targeted Attacks (and What Can You Do About It) Ohad Bobrov, CTO twitter.com/LacoonSecurity.

Published byCameron Collins Modified over 9 years ago

Similar presentations

Presentation on theme: "A Comprehensive Guide to Mobile Targeted Attacks (and What Can You Do About It) Ohad Bobrov, CTO twitter.com/LacoonSecurity."— Presentation transcript:

1 A Comprehensive Guide to Mobile Targeted Attacks (and What Can You Do About It) Ohad Bobrov, CTO ohadl@lacoon.com twitter.com/LacoonSecurity

2 The collapse of the perimeter Why mobile devices are targeted Mobile Remote Access Trojans (mRATs) Demo Infection vectors Detection, remediation, and building a secure BYOD / HYOD architecture Agenda

3 Protecting organizations from mobile threats HQ SF, USA. R&D Israel Cutting edge mobile security research team Protecting tier-1 financial, manufacturing, legal and defense organizations About Lacoon Mobile Security

4 The Collapse Of The Corporate Perimeter > 2011

5 TARGETED MOBILE THREATS

6 Why To Hack Mobile Device? Eavesdropping Extracting contact lists, call &text logs Tracking location Infiltrating internal LANs Snooping on corporate emails and application data

7 The Mobile Threatscape Business Impact Complexity Consumer- oriented. Mass. Financially motivated, e.g.: Premium SMS Fraudulent charges Botnets Targeted: Personal Organization Cyber espionage Mobile Malware Apps mRATs / Spyphones

8 The Mobile Threatscape mRATs / Spyphones High End: Government / Military grade Mid Range:Cybercrime toolkits Low End:Commercial surveillance toolkits

9 HIGH END: GOV / MIL mRATs Low End High End

10 FinSpy – Mobile Extracted from: http://wikileaks.org/spyfiles/docs/gamma/291_remote-monitoring-and-infection-solutions-finspy-mobile.html

11 MID: CYBERCRIME TOOLKITS Low End High End

12 Recent High-Profiled Examples

13 LOWER END: COMMERCIAL SURVEILLANCE TOOLKITS

14 Commercial Mobile Surveillance Tool (Spyphone)

15 Commercial Mobile Surveillance Tools: A Comparison

16 Varying Costs, Similar Results CapabilityFlexiSpyAndroRATFinFisher Real-time listening on to phone calls+++ Surround recording+++ Location tracking (GPS)+++ Retrieval of text+++ Retrieval of emails+++ Invisible to the user+++ SMS C&C fallback+++ Infection vectorPhysicalRepackageExploit? Cost$279Free€287,000 Activation screen+--

17 STATISTICS

18 Data sample 1 GB traffic sample of spyphone targeted traffic, collected over a 2-day period. Collected from a channel serving ~650K subscribers Traffic constrained to communications to selected malicious IP address Communications Traffic included both encrypted and non-encrypted content Survey: Cellular Network 2M Subscribers Sampling: 650K

19 Infection rates: June 2013: 1 / 1000 devices

20 Survey: Cellular Network 2M Subscribers Sampling: 650K

21 DEMO

22 INFECTION VECTORS

23 Infection Vectors - Android

24 Infection Vectors – iOS (iPhones and iPads)

25 Current Security Status

26 Current Solutions – FAIL to Protect

27 Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC

28 Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC

29 Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research

30 Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment

31 Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment

32 Lacoon Solution

33 Thank You. Ohad Bobrov, CTO Lacoon Security Inc. ohad@lacoon.com twitter.com/LacoonSecurity

Download ppt "A Comprehensive Guide to Mobile Targeted Attacks (and What Can You Do About It) Ohad Bobrov, CTO twitter.com/LacoonSecurity."

Similar presentations

Security for Mobile Devices

Security for Mobile Devices
MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.

MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.
Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.

Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.
PAGE 1 | Gradient colors 14 149 115 0 121 91 13 137 105 RGBRGB Diagrams 142 230 0 127 205 0 137 222 0 RGBRGB 242 174 107 255 131 0 240 161 82 RGBRGB 166.

PAGE 1 | Gradient colors RGBRGB Diagrams RGBRGB RGBRGB 166.
6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,
Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Hidden Apps Carrier IQ and Privacy in Mobile Devices.

Hidden Apps Carrier IQ and Privacy in Mobile Devices.
CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.

CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
© Blue Coat Systems, Inc. 2012. John Yun Director, Product Marketing.

© Blue Coat Systems, Inc John Yun Director, Product Marketing.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
OSAC/ISMA Conference The Changing Nature of Cyber Space Ryan W. Garvey.

OSAC/ISMA Conference The Changing Nature of Cyber Space Ryan W. Garvey.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Mobile Policy. Overview Security Risks with Mobile Devices Guidelines for Managing the Security of Mobile Devices in the Enterprise Threats of Mobile.

Mobile Policy. Overview Security Risks with Mobile Devices Guidelines for Managing the Security of Mobile Devices in the Enterprise Threats of Mobile.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?

Similar presentations

Ads by Google