Combating Cyber Attacks Information Security Seminar 2012 ...
Transcript of Combating Cyber Attacks Information Security Seminar 2012 ...
Combating Cyber Attacks
Information Security Seminar 2012
(HKCERT, OGCIO, HKPF)
Contemporary Mobile Attacks
Protecting the irreplaceable | f-secure.com
(HKCERT, OGCIO, HKPF)
Presented by: Goh Su Gim [Security Advisor Asia Pacific, F-Secure]
F-Secure - Summary
1988 Founded
Today
1999 IPO (Helsinki Stock Exchange)
• “Protecting the irreplaceable”
• Enabling the safe use of computers and smartphones
2007
• Enabling the safe use of computers and smartphones
• Strong solution portfolio covering both consumers and business
• The leading Software as a Service (SaaS) partner for operators globally
• Over 200 operator partnerships in more than 40 countries
• Strong market presence in Europe, North America and Asia
• Distributors/resellers in more than 100 countries
• 20 offices globally and over 800 professionals worldwide
What are you going to learn today?
• Today’s Smartphone Market
• Malware Trends
• For the $$
• Examples of Mobile Malware
• Mobile malware Infection Vectors
• The Apple/Linux/Windows Phenomenon
• Protecting yourselves
• Conclusion
© F-Secure ConfidentialMay 22, 20126
“A comparison between the number of malicious
Android application package files (APKs)
received in Q1 2011 and in Q1 2012 reveals a
© F-Secure ConfidentialMay 22, 201215
received in Q1 2011 and in Q1 2012 reveals a
more staggering find — an increase from 139 to
3063 counts.”
How do you get it?
• APPS, APPS & APPS
From 3rd Party Market
• Malicious or Phishing Links
• Unsolicited SMS
• Phishing links in emails• Phishing links in emails
• Websites
© F-Secure ConfidentialMay 22, 201217
What can mobile malware do anyway?
• Sensitive or confidential information
• Private contacts/messages/emails and Yes! Photos!
• Phone hardware info. Eg IMEI
• Financial Lost
• Sending Premium SMS
• Stolen bank or credit card accounts through keyloggers
• Clicking ads that will benefit spammers
© F-Secure ConfidentialMay 22, 201221
The numbers
• +882346077 Antarctica
• +17675033611 Dominican republic
• +88213213214 EMSAT satellite prefix
• +25240221601 Somalia
• +2392283261 São Tomé and Príncipe
• +881842011123 Globalstar satellite prefix
How does mobile malware generate money?
Infected
Smartphone
Trojan sends premium
SMS through ISP/Telco
© F-Secure ConfidentialMay 22, 201228
Mobile Service
Provider
User pays big $$
bills at the end
of the month to
ISP/Telco
Premium SMS
Providers
ISP/Telco
pays
Premium SMS
Providers
RootSmart.A
• Root Exploit component
• Gain privileged access on your device
• Installs more apps - GINGERBREAK
• BOT component
• Listening to instructions • Listening to instructions
• Send premium SMS
• Pay-per-view videos
© F-Secure ConfidentialMay 22, 201231
DroidKungfu.H [The return]
• Originated June 2011
• Today, the .H variant is more
advanced:
• Easily gets root privileges
• Modifies configuration for
automatic execution of
native on reboot
• VERY DIFFICULT TO REMOVE
© F-Secure ConfidentialMay 22, 201232
Adboo.A
• Harvest the following information from the user:
• Phone Model
• Android version
• Phone Number• Phone Number
• IMEI Number
© F-Secure ConfidentialMay 22, 201234
SOCIAL ENGINEERING….
• Push Message to many Malaysian Mobile phone
subscribers
• Sends a malicious link that says “Samsung
Update”
• What does the trojan do?
• Sends premium SMS locally
© F-Secure ConfidentialMay 22, 201235
Computer OS Smartphone OS
Microsoft Windows XP
Windows Vista
Windows 7
Windows Phone 7
The Three Players
Apple OS X iOS
Linux Ubuntu
Red Hat
SuSE
Android
Malware distribution
across computer platforms
Malware distribution
across smartphone platforms
Microsoft Apple Linux Microsoft Apple Linux
What you can do to protect yourselves?
• Install a security solution on your
smartphone to prevent:
• Trojans and virus attacks
• Block malicious links
• Anti-theft feature to locate lost or stolen •
phones
© F-Secure ConfidentialMay 22, 201243
• Download APPS from legitimate sources and ensure you review permissions
when installing the APP
• Extra caution when clicking links in emails or SMS’es
• Use common sense
• If it is too good to be true, it probably is – no FREE lunch
In Conclusion
• Virus writers WILL continue to write more and more mobile malware
• We have more information on our Smartphones than ever before
• We use our mobile devices more than our PC’s and Laptops now
• Take mobile security seriously
© F-Secure ConfidentialMay 22, 201244