Combating Cyber Attacks Information Security Seminar 2012

Combating Cyber Attacks

Information Security Seminar 2012

(HKCERT, OGCIO, HKPF)

Contemporary Mobile Attacks

Protecting the irreplaceable | f-secure.com

(HKCERT, OGCIO, HKPF)

Presented by: Goh Su Gim [Security Advisor Asia Pacific, F-Secure]

• 22 May, 2012

F-Secure - Summary

1988 Founded

Today

1999 IPO (Helsinki Stock Exchange)

• “Protecting the irreplaceable”

• Enabling the safe use of computers and smartphones

2007

• Enabling the safe use of computers and smartphones

• Strong solution portfolio covering both consumers and business

• The leading Software as a Service (SaaS) partner for operators globally

• Over 200 operator partnerships in more than 40 countries

• Strong market presence in Europe, North America and Asia

• Distributors/resellers in more than 100 countries

• 20 offices globally and over 800 professionals worldwide

FF--Secure Labs Kuala Lumpur 2012Secure Labs Kuala Lumpur 2012

© F-Secure / PublicMay 16,

20125

What are you going to learn today?

• Today’s Smartphone Market

• Malware Trends

• For the $$

• Examples of Mobile Malware

• Mobile malware Infection Vectors

• The Apple/Linux/Windows Phenomenon

• Protecting yourselves

• Conclusion

© F-Secure ConfidentialMay 22, 20126

Today’s Smartphone Market


And the tablets too..


Today’s Smartphone Market


Technology for Hong Kong


Source: Nielsen 2011 Report

Mobile malware trends


By Platform – who tops the list?


New family or variant this quarter


Mobile Threats by Type


“A comparison between the number of malicious

Android application package files (APKs)

received in Q1 2011 and in Q1 2012 reveals a


received in Q1 2011 and in Q1 2012 reveals a

more staggering find — an increase from 139 to

3063 counts.”

The infection vectors

• How do you get it?


How do you get it?

• APPS, APPS & APPS

From 3rd Party Market

• Malicious or Phishing Links

• Unsolicited SMS

• Phishing links in emails• Phishing links in emails

• Websites


Tainted 3rd Party Markets




What can mobile malware do anyway?

• Sensitive or confidential information

• Private contacts/messages/emails and Yes! Photos!

• Phone hardware info. Eg IMEI

• Financial Lost

• Sending Premium SMS

• Stolen bank or credit card accounts through keyloggers

• Clicking ads that will benefit spammers


• MONEY

The No.1 Motivation



How do you profit?

May 22, 201224

Dialerware continued..

May 22, 201225

The numbers

• +882346077 Antarctica

• +17675033611 Dominican republic

• +88213213214 EMSAT satellite prefix

• +25240221601 Somalia

• +2392283261 São Tomé and Príncipe

• +881842011123 Globalstar satellite prefix

www.keyzone-telemedia.com

May 22, 201227

How does mobile malware generate money?

Infected

Smartphone

Trojan sends premium

SMS through ISP/Telco


Mobile Service

Provider

User pays big $$

bills at the end

of the month to

ISP/Telco

Premium SMS

Providers

ISP/Telco

pays

Premium SMS

Providers

• New techniques this year 2012

Mobile malware examples


RootSmart.A


RootSmart.A

• Root Exploit component

• Gain privileged access on your device

• Installs more apps - GINGERBREAK

• BOT component

• Listening to instructions • Listening to instructions

• Send premium SMS

• Pay-per-view videos


DroidKungfu.H [The return]

• Originated June 2011

• Today, the .H variant is more

advanced:

• Easily gets root privileges

• Modifies configuration for

automatic execution of

native on reboot

• VERY DIFFICULT TO REMOVE


Social Engineering Adboo.A – New Year wishes


Adboo.A

• Harvest the following information from the user:

• Phone Model

• Android version

• Phone Number• Phone Number

• IMEI Number


SOCIAL ENGINEERING….

• Push Message to many Malaysian Mobile phone

subscribers

• Sends a malicious link that says “Samsung

Update”

• What does the trojan do?

• Sends premium SMS locally



DEMO


• Microsoft

• Apple

An Interesting Phenomenon


• Linux

Computer OS Smartphone OS

Microsoft

The Three Players

Apple

Linux

Computer OS Smartphone OS

Microsoft Windows XP

Windows Vista

Windows 7

Windows Phone 7

The Three Players

Apple OS X iOS

Linux Ubuntu

Red Hat

SuSE

Android

Malware distribution

across computer platforms

Malware distribution

across smartphone platforms

Microsoft Apple Linux Microsoft Apple Linux

Protecting the Irreplaceable (yourself)


What you can do to protect yourselves?

• Install a security solution on your

smartphone to prevent:

• Trojans and virus attacks

• Block malicious links

• Anti-theft feature to locate lost or stolen •

phones


• Download APPS from legitimate sources and ensure you review permissions

when installing the APP

• Extra caution when clicking links in emails or SMS’es

• Use common sense

• If it is too good to be true, it probably is – no FREE lunch

In Conclusion

• Virus writers WILL continue to write more and more mobile malware

• We have more information on our Smartphones than ever before

• We use our mobile devices more than our PC’s and Laptops now

• Take mobile security seriously


Keeping yourself posted…

• Twitter

• sugimgoh

• FSLabAdvisor

• mikkohypponen

May 22, 201245

Documents

Combating Cyber Attacks Information Security Seminar 2012