MOBILE THREAT LANDSCAPE. February 2018

Similar documents
Zimperium Global Threat Data

Advanced Systems Security: Putting It Together Systems

MOBILE THREAT PREVENTION

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

BETTER Mobile Threat Defense (BMTD)

Copyright

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

C1: Define Security Requirements

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

SECURITY TESTING. Towards a safer web world

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

CHECK POINT SANDBLAST MOBILE BEHAVIORAL RISK ANALYSIS

Teradata and Protegrity High-Value Protection for High-Value Data

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

MRG Effitas Android AV review

Changing face of endpoint security

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Altitude Software. Data Protection Heading 2018

Discount Kaspersky PURE 3.0 internet download software for windows 8 ]

Bank Infrastructure - Video - 1

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

with Advanced Protection

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

mhealth SECURITY: STATS AND SOLUTIONS

MOBILE SECURITY OVERVIEW. Tim LeMaster

LET S TALK MONEY. Fahad Pervaiz. Sam Castle, Galen Weld, Franziska Roesner, Richard Anderson

Securing the SMB Cloud Generation

Phishing in the Age of SaaS

Table of Content Security Trend

Mobile Security / Mobile Payments

Service Provider View of Cyber Security. July 2017

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0

IBM Cloud Internet Services: Optimizing security to protect your web applications

Quick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

Teleworking and Security: IT All Begins with Endpoints. Jim Jessup Solutions Manager, Information Risk Management June 19, 2007

Securing Today s Mobile Workforce

Office 365 Buyers Guide: Best Practices for Securing Office 365

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

The best for everyday PC users

CIS 5373 Systems Security

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

10 Quick Tips to Mobile Security

THREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda

Managing Microsoft 365 Identity and Access

Exposing The Misuse of The Foundation of Online Security

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Mobile App Security and Malware in Mobile Platform

THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Copyright

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

What is Zemana AntiLogger?

AT&T Endpoint Security

Cyber fraud and its impact on the NHS: How organisations can manage the risk

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Next Generation Endpoint Security Confused?

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

WHITEPAPER. Lookout Mobile Endpoint Security for App Risks

SIEMLESS THREAT MANAGEMENT

Topics. Ensuring Security on Mobile Devices

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Bomgar Discovery Report

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Panda Security 2010 Page 1

6 Ways Office 365 Keeps Your and Business Secure

Unique Phishing Attacks (2008 vs in thousands)

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

New Zealand National Cyber Security Centre Incident Summary

Built without compromise for users who want it all

Symantec Endpoint Protection Family Feature Comparison

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

The PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference

2018 Edition. Security and Compliance for Office 365

deep (i) the most advanced solution for managed security services

IT & DATA SECURITY BREACH PREVENTION

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Mobility, Security Concerns, and Avoidance

Blackjacking. Daniel Hoffman. Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise. Wiley Publishing, Inc.

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Protecting Your Devices. Dr. Leon D. Chapman

MESSAGING SECURITY GATEWAY. Solution overview

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Transcription:

MOBILE THREAT LANDSCAPE February 2018

WHERE DO MOBILE THREATS COME FROM? In 2017, mobile applications have been a target of choice for hackers to access and steal data, with 86% of mobile threats coming from them, far ahead Network exploits and OS manipulations. Apps 86% Network 8% OS 6% This report gives an insight of the Mobile Threat Landscape currently surrounding us. It gathers the results of a research conducted by the Pradeo Lab in January 2018, based on a sample of 2 millions Android and ios Applications analyzed by Pradeo s Artificial Intelligence engine. (Based on a sample of 500,000 devices)

Applications can threaten users in two different ways: By performing malicious or unwanted actions By being vulnerable to attacks The next pages feature the top mobile threats with a focus on data privacy violations and malwares, followed by a risk analysis related to OWASP vulnerabilities. KEY TAKEAWAYS Mobile applications are a direct threat to companies GDPR compliance. 16.8% of applications establish connections to uncertified servers. Valuable data such as health and banking credentials are becoming a privileged target. 31% of applications feature an OWASP vulnerability.

WHAT MOBILE THREATS ARE WE EXPOSED TO? 60% 61% Data privacy violation is the biggest threat for mobile users, with 61% of Android applications and 36% of ios applications sending users data to remote servers. 50% 40% 30% 36% By collecting and transmitting private information, these leaky applications are a direct threat to companies compliance to the forthcoming GDPR. 20% 10% 0% Data leakage 13% Network exploit 7% 1% 0.1% 1% 0.2% OS manipulations Malwares On the other hand, malwares such as ransomwares, Trojans, screenloggers, etc. are far less numerous, yet more deadly.

On average, a leaky application sends data towards 17 distant servers. Most of the time, these sendings are performed by libraries included in mobile applications for tracking and marketing purposes. However, Pradeo identified that 16.8% of applications establish connections to uncertified servers, mostly suspicious. Among the data leaked, the Lab identified highly sensitive ones such as users location, contact information and SMS. FOCUS ON DATA LEAKAGE 47% are sending device information 28% are sending location information 4.6% are sending contacts information 3.5% are sending users SMS / MMS (Repartition among leaky applications)

FOCUS ON OVERLAY MALWARES Amount of overlay malwares among 0-days S1 2017 S2 2017 0% 1% 2% 3% 4% 5% Categories of applications targeted by overlay malwares Banking 55% Health 28% Others 17% Malwares can be divided into two big families: the ones using known malicious signatures and those qualified as 0-day for which signatures have not been created yet. Unknown malwares are the most dangerous ones as standard security solutions will not detect them. Their proportion represents 9% among applications featuring a malware. The Pradeo Lab noticed in the last 6 months a considerable growth in the amount of overlay malwares falling under 0-day threats family. An overlay malware is designed to mimic legitimate applications to harvest credentials. It tricks users when entering sensitive data into a fake window, collecting and forwarding them to a remote attacker. Overlay malwares mostly target health and bank data and only affect Android devices. In the year to come, it is very likely mobile data thefts will increase in these industries.

OWASP VULNERABILITIES The OWASP Mobile Security Project classifies mobile security vulnerabilities to help developers building and maintaining secure mobile applications. 31% of applications feature an OWASP vulnerability The vulnerabilities detected can lead to: Any application that features an OWASP vulnerability is prone to attacks. 40% 47.6% Nearly a third of mobile applications analyzed by Pradeo are vulnerable, mostly to data leakage and Man-In-The-Middle attacks. 30% 20% 10% 0% 4.6% 3% 1.5% Data leakage MITM attack Denial of service Encryption weaknesses

ABOUT PRADEO Pradeo is a global company, leader in the mobile security field, offering innovative solutions to protect devices (smartphones, tablets and connected objects) and master applications. Pradeo s next generation technology, recognized by Gartner for the fourth consecutive year, provides a reliable detection of threats to prevent data leakage and enforce compliance with data privacy regulations. PRADEO SECURITY solution suite delivers complete and automatic services to detect and qualify suspicious activities and vulnerabilities and proactively protect devices, applications and sensitive data with a full 360 security approach. contact@pradeo.com Visit www.pradeo.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback