mobile threats at the tipping point, jan volzke, mcafee
DESCRIPTION
TRANSCRIPT
Mobile Threats at the Tipping Point
Jan VolzkeDirector, Product ManagementMcAfee, Inc.
June 2011
Mobile Malware Trend and Outlook- A new Generation of Malware Writers
Mobile Threats at the Tipping Point, Jan Volzke2
Mobile Threat Research McAfee, Inc., June 2011
Malware Authors - Focus is Shifting to Android
New mobile malware by platform Q2 2010- May 2011• 450+ new variants
Mobile Threat Research McAfee, Inc., June 2011
Mobile Threats at the Tipping Point, Jan Volzke3
Why Mobile Threats are Expected to Rise- Key Accelerating Trends
User Aggregation
2015 OS shipmentsIDCJune’11
Protection Gap
Reliance on User Alternative AccessSensitivity of Data
Mobile Money
Mobile Threats at the Tipping Point, Jan Volzke4
Mobile Malware Life Cycle- Show me the Money
R&D
Reuse
Profit Taking
Mobile malware monetization methods:Sell stolen information, Premium SMS/Calls, Click Fraud, Traffic generation, Cash out account balances, Malware for sale, Subscription scams, Mobile
banking attacks, Ransom ware extortion, Resell pirated apps
Mobile Threats at the Tipping Point, Jan Volzke5
Recent Malware Examples - DrdDream, Zeus Mobile, 09Droid
DrdDream• 1st major Trojan embedded in app
• 50+ apps removed from Android Market
• Steals information and waits for instructions from C&C server
Zeus• Targeting banks
using mTAN authentication
• Used against major Spanish institution
• Signed app for BB, WM, Symbian S60
09Droid• Not Malware but
fake banking apps sold at $1.49
• Linking to bank’s own web site
• Apps targeted 35 banks of all sizes
Mobile Threats at the Tipping Point, Jan Volzke6
Phishing is a Cross Device Threat - Mobile Phishing Sites
Opening the page on a PC browser unveils a dubious URL
• Spoofed banking sites are riskier on for Mobile browsers than PC browsers
• Lack of SSL indicators
• Auto hiding URL bar
• Scotiabank’s mobile banking attack:
• Requested the users card number and 3digit security code
• The attacker gains access to the victim’s bank account
McAfee Global Threat Report Q1’2011
Mobile Threats at the Tipping Point, Jan Volzke7
Industry Recommendations for Next 12 Months- Prepare for the Unexpected
Enterprises:• Data Loss Prevention
via email and apps
Developers:• Code protection
• Security certification
Individuals:• Common sense
• Protect yourself
AppStores:• Security testing
• Field revocation
Carriers:• Protect billing infra
• Use cloud & network
Manufacturers:• Shorten update cycles
• Embedded security
Mobile Threats at the Tipping Point, Jan Volzke8
Questions?
Mobile Threats at the Tipping Point9
Comprehensive Protection Against Viruses, Data Loss and Web Threats
http://McAfeeMobileSecurity.com
Contact:
Jan VolzkeMcAfee, Inc.
Advertisement
References and Acknowledgements
• Android/DrdDream
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=399522
• Symbian/Zeus/Zitmo
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=290717
• Android/09Droid
https://www.bayportcu.org/site/mobilesecurityupdates.html
• mPhishing site
http://www.malwarecity.com/blog/mobile-phishing-do-you-know-where-that-link-leads-to-1021.html
• OSX/RRoll.C
http://vil.nai.com/vil/content/v_244695.htm
• OSX/iPHDownloader.A
http://vil.nai.com/vil/content/v_244696.htm
• General banking risks
http://blogs.mcafee.com/mcafee-labs/mobile-reunion-hackers-and-banks
http://blogs.mcafee.com/mcafee-labs/get-out-of-jail-not-so-free
• General Android risks
http://blogs.mcafee.com/enterprise/mobile/mcafee-for-android-a-mobile-security-update
Acknowledgements:Jimmy Shah (McAfee), Jon Oberheide (Duo Security), Dan Cornell (Denim Group), Alin Damian (Bitdefender), Roland Schmitz (Stuttgart Media University), Fabio Pietrosanti (PrivateWave), Rich Cannings (Google), Chris Clark, Alex Stamos (iSec)
Mobile Threats at the Tipping Point, Jan Volzke10