MOBILE SECURITY OVERVIEW. Tim LeMaster

Similar documents
Zimperium Global Threat Data

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Endpoint Protection : Last line of defense?

BETTER Mobile Threat Defense (BMTD)

PCI Compliance Updates

WHITEPAPER. Lookout Mobile Endpoint Security for App Risks

Securing the Modern Data Center with Trend Micro Deep Security

How to Build a Culture of Security

Securing Today s Mobile Workforce

Mobile Devices prioritize User Experience

Security+ SY0-501 Study Guide Table of Contents

WHITEPAPER. How to secure your Post-perimeter world

What is a mobile protection product?

68 Insider Threat Red Flags

Security Made Simple by Sophos

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

ANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

Securing the SMB Cloud Generation

Trinity Multi Academy Trust

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Frequently Asked Questions WPA2 Vulnerability (KRACK)

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

10 FOCUS AREAS FOR BREACH PREVENTION

PrecisionAccess Trusted Access Control

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

MOBILE THREAT PREVENTION

Finding GDPR non-compliance in a mobile first world

Go mobile. Stay in control.

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

CompTIA Security+(2008 Edition) Exam

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Security of End User based Cloud Services Sang Young

Commercial Product Matrix

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

A Guide to Closing All Potential VDI Security Gaps

Technical Evaluation Best Practices Guide

Mobile Services Category Team (MSCT) Advanced Technology Academic Research Center (ATARC)

MOBILE THREAT LANDSCAPE. February 2018

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

CHECK POINT SANDBLAST MOBILE BEHAVIORAL RISK ANALYSIS

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Securing Office 365 with MobileIron

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Mobile devices boon or curse

HIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department

PLATFORM CONVERGENCE JOURNEY

AT&T Endpoint Security

Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro

CS 356 Operating System Security. Fall 2013

Effective Strategies for Managing Cybersecurity Risks

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

CloudSOC and Security.cloud for Microsoft Office 365

Securing Enterprise or User Brought mobile devices

How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

Exposing The Misuse of The Foundation of Online Security

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

McAfee MVISION Mobile Threat Detection Android App Product Guide

BEST PRACTICES FOR PERSONAL Security

Big Trends in IT and how they shape Security. Gerhard Eschelbeck, CTO

THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

Security Assessment Checklist

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

BUFFERZONE Advanced Endpoint Security

BUFFERZONE Advanced Endpoint Security

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Office 365: Modern Workplace

Seqrite Endpoint Security

ANATOMY OF AN ATTACK!

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Ethical Hacking and Prevention

Teradata and Protegrity High-Value Protection for High-Value Data

ADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE

New World, New IT, New Security

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Business Strategy Theatre

2013 InterWorks, Page 1

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

The Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence


Ceedo Client Family Products Security

Course Outline (version 2)

Transcription:

MOBILE SECURITY OVERVIEW Tim LeMaster tim.lemaster@lookout.com

Your data center is in the cloud.

Your users and customers have gone mobile.

Starbucks is your fall-back Network.

Your mobile device is a gold mine for hackers ENTERPRISE EMAIL ENTERPRISE APPS SaaS, Custom Apps CREDENTIALS Stored, Soft Tokens PHOTO ALBUM Whiteboard Screenshots, IDs ENTERPRISE NETWORK VPN, WiFi SENSORS GPS, Microphone, Camera

How are you protecting your corporate data? APPS DEVICE NETWORK WEB & CONTENT Selected, purchased, and managed by organization Selected, purchased, and managed by organization LAN / corporate Wi-Fi VPN when traveling Filtered at organizational perimeter PC - Anti-Virus - DLP - Vulnerability scanning - Administered by IT - Managed by SCCM - OS version control - OS integrity monitoring - Behavioral monitoring - On device firewalls - perimeter firewall - Secure Web Gateways Selected, purchased, and managed by user* Organizational issued, some BYOD Always on cellular User selected Wi-Fi Often unfiltered MOBILE - Partially managed using MDM Lookout 2017 Confidential and Proprietary

COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Spyware & surveillanceware - Trojans - Other malicious apps - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Spoofed WiFi APs - Root CA installation - Phishing - Drive-by-download - Malicious websites & files SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practices - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - Network hardware vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that leak data - Apps that breach org security policy - Apps that breach regulatory compliance - User initiated jailbreak/root - No pin code/password* - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Opening attachments and visiting links to potentially unsafe content Lookout 2017 Confidential and Proprietary

Multiple attack vectors utilized End user jailbreak/root Malicious jailbreak/root OS vulnerabilities exploitation Data on stolen devices OS Apps Malicious apps Non-compliant apps App vulnerability exploits Data leakage Network Malicious MitM attacks Anomalous Root CA

COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Malicious apps - Spy & surveillanceware - Trojans - User initiated jailbreak/root - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Root CA installation - Phishing - Drive-by-download - Malicious code injection SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practice - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - NIC driver vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that breach leak data company - security Apps that policy breach org - Apps security that policy breach - regulatory Apps that breach compliance regulatory compliance - No pin code/password - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Message attachments and links to content that result in security policy breaches Lookout 2017 Confidential and Proprietary

For ios enterprise devices: Lookout 2017 Confidential and Proprietary

COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Malicious apps - Spyware & surveillance & ware - Trojans surveillanceware - Trojans - User initiated jailbreak/root - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Root CA installation - Phishing - Drive-by-download - Malicious code injection SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practice - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - NIC driver vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that breach company security policy - Apps that breach regulatory compliance - No pin code/password - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Message attachments and links to content that result in security policy breaches Lookout 2017 Confidential and Proprietary

COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Malicious apps - Spy & surveillance ware - Trojans - User Privilege initiated escalation - jailbreak/root Remote jailbreak/root - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Spoofed Root CA installation WiFi APs - Root CA installation - Phishing - Drive-by-download - Malicious code injection SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practice - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - NIC driver vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that breach company security policy - Apps that breach regulatory compliance - No User pin initiated code/password - USB jailbreak/root debugging - No pin code/password* - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Message attachments and links to content that result in security policy breaches Lookout 2017 Confidential and Proprietary

MITM Example MitM Demo

COMPONENTS OF RISK MOBILE RISK MATRIX VECTORS APPS DEVICE NETWORK WEB & CONTENT THREATS - Malicious apps - Spy & surveillance ware - Trojans - User initiated jailbreak/root - Privilege escalation - Remote jailbreak/root - Man-in-the-middle - Fake cell towers - Root CA installation - Phishing - Drive-by-download - Malicious code injection SOFTWARE VULNERABILITIES - Out-of-date apps - Vulnerable SDKs - Poor coding practice - Out-of-date OS - Dead-end hardware - Vulnerable pre-installed apps - NIC driver vulnerabilities - Protocol stack vulnerabilities - Malformed content that triggers OS or app vulnerabilities BEHAVIOR & CONFIGURATIONS - Apps that breach company security policy - Apps that breach regulatory compliance - No pin code/password - USB debugging - Proxies, VPNs, root-cas - Auto-joining unencrypted networks - Message attachments and links to content that result in security policy breaches Lookout 2017 Confidential and Proprietary

ANDROID Android Patches 101 patched CVEs in Jun 76 high or critical 120 patched CVEs in May 88 high or critical Android Security Advisory 2016-03-18 Rooting app Kernel vuln Deployment challenges Older devices not getting updates https://source.android.com/security/bulletin/2017-06-01

IOS ios Patches ios Status ios version 10.3.2 released 15 May 49 CVEs patched ios version 10.3.1 released 3 Apr WiFi chip vulnerability patch ios version 10.3 released 27 Mar 91 CVEs patched Scareware for Ransom Safari browser pop-ups loop Need employees to update https://support.apple.com/en-us/ht207617

MOBILE RISK HIGHLIGHTS Alternative App stores Fraudulent/Fake Apps Pegasus and Trident MilkyDoor ViperRAT surveillanceware App take downs

Lots of alternative app stores

Pegasus and Trident Pegasus: The Threat Trident: The Three Vulnerabilities A professionally developed and highly advanced threat leveraging, zero-day vulnerabilities, code obfuscation, and encryption and sophisticated function hooking to subvert app controls. Describes a trifecta of three related zero-day vulnerabilities in ios, that collectively allowed the attacker to automatically jailbreak the device and install far-reaching spyware.

Pegasus causes catastrophic data compromise All encrypted data from any apps on the device User passwords from the keychain All wifi passwords for every network the device has been on All passwords from any connected Apple router / Airport / Time Capsule GPS / User location All calls audio and history All data from calendar including meetings Sensitive conversations recorded via microphone conversations All contacts on the device And more

MilkyDoor Provides access to internal networks Covertly grants attackers access to enterprise's services web, FTP, SMTP in the internal network Repackaged Android Apps 200 unique apps on Play Communicates to C&C over SSH Android.process.s

ViperRAT Surveillanceware Social media for targeting Fake Profile as young women Build trust Install app for easier communication Multi-stage malware Dropper for profiling 2 nd stage is more capable Extract files and Photos

210 Lookout-discovered threats in the Google Play Store (2016) 1 4 13 3 1 2 167 July 15 August 4 September 7 September 30 October 19 October-November November 25 BouncerBounce OverSeer DressCode DressCode TcemuiPhoto Uploader WakefulApp Download XRanger Malware that works around Google s review process to plant malicious apps in Play Store. Spyware targeting foreign travelers searching for Embassy locations. Steals contact and location data Can make the device a proxy for network traffic on corporate networks. We discovered more apps on Play injected with this trojan. Lookout discovered this malware family in fake versions of popular apps on Play. Malware hidden in "File Explorer" app that had gotten into Play, downloads and launches additional apps. 167 apps in Play infected with this app dropper. = Discovered by Lookout in Play Store and subsequently removed by Google.

Gartner Market Guide for Mobile Threat Defense Solutions It is becoming increasingly important that security leaders look at the anti-malware, mobile threat defense solutions market, the products available and how they should be used. * This Gartner report is available upon request from Lookout Lookout Mobile Endpoint Security meets all four functional capabilities, including: Behavioral Anomaly Detection Vulnerability Assessment Network Security App Scan Source: Gartner Market Guide for Mobile Threat Defense Solutions, John Girard and Dionisio Zumerle, July 2016 *Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

What Should You Do?? Layered Defenses Stick to official app stores Lock your screen MDM Don t connect to unknown WiFi Use a VPN Be wary of phishing attempts Unknown links in text messages, emails and web sites Use a Mobile Threat Detection solution

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback