Mobile Telephony Threats in Asia

Similar documents
Understanding Cyber Attacks That Leverage the Telephony Channel

Fraude dans la Telephonie

We will divide the many telecom fraud schemes into three broad categories, based on who the fraudsters are targeting. These categories are:

Newcomer Finances Toolkit. Fraud. Worksheets

Who We Are! Natalie Timpone

Telephony Fraud and Abuse. Merve Sahin

Webomania Solutions Pvt. Ltd. 2017

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Nuno Pestana, WeDo Technologies

Security & Phishing

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

The Spoofing/Authentication Threat

Bank of america report phishing

FRAUDULENT TRAVEL SCAMS

LET S TALK MONEY. Fahad Pervaiz. Sam Castle, Galen Weld, Franziska Roesner, Richard Anderson

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist

CUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

Personal Cybersecurity

E N H A N C E D F R A U D D E T E C T I O N U S I N G S I G N A L I N G. W U G M a l a y s i a

Ingate SIParator /Firewall SIP Security for the Enterprise

National Travel Associates

It pays to stop and think

2014 CliftonLarsonAllen LLP Cyber Crime and Payment Fraud Trends Key Threats to All Businesses CliftonLarsonAllen LLP. CLAconnect.

YOU CAN'T AFFORD FAKE ACCOUNTS. NOW, NEITHER CAN THE FRAUDSTERS. Fraud Report

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Mavenir Spam and Fraud Control

Safety and Security. April 2015

Reducing Telecoms Fraud Losses

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Common Scams and Fraud. Charlottesville/Albemarle County TRIAD Group

FAQs about Mobile Banking. Mobile Banking is a channel to access Cyberbanking service through BEA App or a web browser of your mobile device.

NOT PROTECTIVELY MARKED PHISHING. July 2016

Unified Communications Manager Express Toll Fraud Prevention

How to Catch a Thief. Trends & Technologies in the Fight Against Fraud. Rohan Langley SAS

BUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST FRAUD

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

South Central Power Stop Scams

IMPORTANT SECURITY INFORMATION PHISHING

Protecting Your Devices. Dr. Leon D. Chapman

Recognizing Fraud Staying Safe 2018 Information/Cyber Security Training

Country Large Bundle Minutes Small Bundle Minutes Total Monthly Minutes United Kingdom 1, ,140

What kind of information do you collect, when and how?

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats.

Target Breach Overview

Smile IT Ltd Privacy Policy. Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users.

Guide to credit card security

spam goes mobile Comverse User Forum 29th June 2005, Marbella (Spain)

FAQ. Usually appear to be sent from official address

Telecom MISP. Building a Telecom Information Sharing Platform. Alexandre De Oliveira

Best Practices Guide to Electronic Banking

Ages Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk

AGILE CLOUD PBX OPERATION MANUAL

Voice over IP. What You Don t Know Can Hurt You. by Darren Bilby

Phishing Discussion. Pete Scheidt Lead Information Security Analyst California ISO

The Bank of East Asia, Limited, Macau Branch BEA Macau iphone Application FAQs for Mobile Banking Service (for iphone, ipod touch, and ipad users)

The strategies for preventing telecom fraud in EACO countries

WE SEE YOUR VOICE. SecureLogix We See Your Voice

Preventing fraud in public sector entities

REDUCING THE RISK OF CARD NOT PRESENT FRAUD

Terms and Conditions of Mobile Phone Service (Post-Paid) Between Operator and Subscriber

CHATCHAT App User Guide

A Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services

FREQUENTLY ASKED QUESTIONS

Security Protection

Cyber Security Updates and Trends Affecting the Real Estate Industry

Service Provider View of Cyber Security. July 2017

What is NPP, Osko and PayID?

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Privacy Information - Privacy and Cookies Policy In Full

Proofpoint, Inc.

Retail/Consumer Client Internet Banking Awareness and Education Program

RSA Web Threat Detection

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

Top 5 Tips To Take A Stand Against Telephone Scams

Accelerating growth and digital adoption with seamless identity trust

Syntel2 by Syntel Solutions Features

Wire Fraud Scams: How to Protect

To learn more about Stickley on Security visit You can contact Jim Stickley at

Network Access Control and VoIP. Ben Hostetler Senior Information Security Advisor

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

Why you MUST protect your customer data

Cyber Security Guide. For Politicians and Political Parties

Evolution of Spear Phishing. White Paper

Consumers Use of Mobile Financial Services 2015

PSTN Security. Sougat Ghosh Security Services Leader Asia, Nortel Delhi / September 29, 2008 BUSINESS MADE SIMPLE

Mobile Malware Detection Comparison

Simple and Powerful Security for PCI DSS

Protecting Your Business From Hackers

Identity Theft and Account Takeover Prevention

Conjure Network LLC Privacy Policy

Identifying Fraudulently Promoted Online Videos

PCI Compliance. What is it? Who uses it? Why is it important?

Wire Fraud Begins to Hammer the Construction Industry

Cyber Security Guide for NHSmail

Cyber Hygiene Guide. Politicians and Political Parties

Top 10 Global Threat Rank by Source

Union Springs Telephone Company, Inc. Network TRANSPARENCY statement

Transcription:

Mobile Telephony Threats in Asia Black Hat Asia 2017, Singapore Dr. Marco Balduzzi Dr. Payas Gupta Lion Gu Sr. Threat Researcher Data Scientist Sr. Threat Researcher Trend Micro Pindrop Trend Micro Joint work with Prof. Debin Gao (SMU) and Prof. Mustaque Ahamad (GaTech)

th Marco s 9 BH Anniversary :-) 2

Click to play recording [removed] 3

Wangiri Fraud, Japan 4

Fake Officials Fraud, China 5

This is your Telco calling, UAE 6

Police Scam, Singapore 7

BringBackOurCash, Nigeria 8

Why is Happening? Lack of users awareness Users publicly disclose their mobile numbers Expose themselves and the organization they work for! 9

Current Defeat Strategies Telcos Crowd sourced FTC, fraud complaints 800notes open datasets Proprietary 10 10

Missing Caller's Details 11

No Actual Timestamps 12

Perception v/s Reality 13

Not all Fraudulent Calls are Reported Compared both FTC and 800notes against each other for a certain set of numbers 14

Delay in Reporting Fraudulent Calls 15

Any Solution?

17

Using SIP Trunks Call IP-192.168.1.11 Tel. ext - 83345 Switch Call Manager/ PBX IP-192.168.1.12 Tel. ext - 83351 SIP Trunk Telephone Exchange Rules Destination no. Destination IP Incoming call 88800-88899 192.168.1.10 Incoming call 83345 192.168.1.11 Incoming call 83351 192.168.1.12 Incoming call 88346 192.168.1.13 Call Manager table 192.168.1.10 Tel. Range 88800 to 88899 IP-192.168.1.13 Tel. ext - 88346 Honeypot 18

Using GSM/VoIP Gateways 19

Mobile Telephony Honeypot 20

Mobile Telephony Honeypot 21

Example of Call Recording

Example of SMS Recording 确认了哈 位置还留起的 之前在等qq消息 我刚才电话问 了 给我转款吧 建 行四川分行第五支行5240 9438 1020 0709 户名 王玲 (I have confirmed. Reservation is still valid. I am waiting QQ message, and I contact you by phone call. Please transfer money to me. China Construction Bank Sichuan Provincial Branch Fifth Sub-branch, account number: 5240 9438 1020 0709, account name: Wang Ling) 23 23

24

How to make honeypot numbers appealing to fraudsters?

Seeding Social network Mobile malware Abuse list 26

Simulating Social-Network Leaks 27

Mobile Malware Leak Honeypot numbers in contact list ~400 samples of 60 families Track 140 C&C leakages Taint Droid Network traffic 28

Active Engagement with Fraudsters 2000+ reported (abuse) numbers Engaged with SMS and one-ring call I am fine with our discussion. How do we want to proceed? 29

General Results 30

Effect of Seeding 31

Social Networks Very effective Picked up by Xinhua Quanmei [*] Daily news in the form of spam -> 221 messages [*] http://www.xhqm.cn/ 32

Malicious Apps 79 ADs from 106588302 Self-promoting app [*] 0690123590110 (mal1) 1065502004955590110 (mal2) are spoofed [*] http://wap.guanxi.me 33

Fraudsters Strategies 34

Blended Malicious Traffic 35

Concealed Caller Numbers 51% fraudsters: Use of SMS gateways and VoIP services to hide identity Use of foreign sim-cards (mainly Thailand) Use of split-paid services to reduce cost on international calls 36

Social Engineering Human = weakest point in chain Multi-hop attack, similar to BEC Lateral movements 37 37

Multi-step Attack Repeated over time Combination of Calls and SMS Pretend to know the victim Confirm IM Ask for IM contact Confirm paypal Send payment instructions (paypal) 38

The Big Boss Example 39

Google Business Listing List your business online on Google Click here for recording [removed]. 40

Can you hear me? Subscribe you to services when you say YES Click here for recording. [removed] 41

Tax Collection Agency Find you and call you Intimidation Pay using tax vouchers 42

Technical Support Scam 43

Use of intimidation Postal service Fee requested for a package in customs hold Telephony provider Contract suspended because bill not paid 44

How campaigns operate? Use of multiple calling numbers to avoid easy detection Common sources Multiple campaigns ran by the same gang 45

Authentication Bypass [Tencent] Verification code 658339. Use it to change the password of the QQ number 64******5. Leaking the verification code has a risk. The QQ Security Center. Reuse of previously-terminated numbers Circumvent 2-factor auth! 46

Defensive Strategies 1) 2) 3) 4) 47 Adopt reputation-based solutions Protect your number Don t get social engineered Look after your 2 auth 47

Thanks! Questions? @embyte 48 48

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback