combating cyber attacks information security seminar · pdf filetechnology for hong kong ......
TRANSCRIPT
Combating Cyber Attacks
Information Security Seminar 2012
(HKCERT, OGCIO, HKPF)
Contemporary Mobile Attacks
Protecting the irreplaceable | f-secure.com
(HKCERT, OGCIO, HKPF)
Presented by: Goh Su Gim [Security Advisor Asia Pacific, F-Secure]
F-Secure - Summary
1988 Founded
Today
1999 IPO (Helsinki Stock Exchange)
• “Protecting the irreplaceable”
• Enabling the safe use of computers and smartphones
2007
• Enabling the safe use of computers and smartphones
• Strong solution portfolio covering both consumers and business
• The leading Software as a Service (SaaS) partner for operators globally
• Over 200 operator partnerships in more than 40 countries
• Strong market presence in Europe, North America and Asia
• Distributors/resellers in more than 100 countries
• 20 offices globally and over 800 professionals worldwide
What are you going to learn today?
• Today’s Smartphone Market
• Malware Trends
• For the $$
• Examples of Mobile Malware
• Mobile malware Infection Vectors
• The Apple/Linux/Windows Phenomenon
• Protecting yourselves
• Conclusion
© F-Secure ConfidentialMay 22, 20126
“A comparison between the number of malicious
Android application package files (APKs)
received in Q1 2011 and in Q1 2012 reveals a
© F-Secure ConfidentialMay 22, 201215
received in Q1 2011 and in Q1 2012 reveals a
more staggering find — an increase from 139 to
3063 counts.”
How do you get it?
• APPS, APPS & APPS
From 3rd Party Market
• Malicious or Phishing Links
• Unsolicited SMS
• Phishing links in emails• Phishing links in emails
• Websites
© F-Secure ConfidentialMay 22, 201217
What can mobile malware do anyway?
• Sensitive or confidential information
• Private contacts/messages/emails and Yes! Photos!
• Phone hardware info. Eg IMEI
• Financial Lost
• Sending Premium SMS
• Stolen bank or credit card accounts through keyloggers
• Clicking ads that will benefit spammers
© F-Secure ConfidentialMay 22, 201221
The numbers
• +882346077 Antarctica
• +17675033611 Dominican republic
• +88213213214 EMSAT satellite prefix
• +25240221601 Somalia
• +2392283261 São Tomé and Príncipe
• +881842011123 Globalstar satellite prefix
How does mobile malware generate money?
Infected
Smartphone
Trojan sends premium
SMS through ISP/Telco
© F-Secure ConfidentialMay 22, 201228
Mobile Service
Provider
User pays big $$
bills at the end
of the month to
ISP/Telco
Premium SMS
Providers
ISP/Telco
pays
Premium SMS
Providers
RootSmart.A
• Root Exploit component
• Gain privileged access on your device
• Installs more apps - GINGERBREAK
• BOT component
• Listening to instructions • Listening to instructions
• Send premium SMS
• Pay-per-view videos
© F-Secure ConfidentialMay 22, 201231
DroidKungfu.H [The return]
• Originated June 2011
• Today, the .H variant is more
advanced:
• Easily gets root privileges
• Modifies configuration for
automatic execution of
native on reboot
• VERY DIFFICULT TO REMOVE
© F-Secure ConfidentialMay 22, 201232
Adboo.A
• Harvest the following information from the user:
• Phone Model
• Android version
• Phone Number• Phone Number
• IMEI Number
© F-Secure ConfidentialMay 22, 201234
SOCIAL ENGINEERING….
• Push Message to many Malaysian Mobile phone
subscribers
• Sends a malicious link that says “Samsung
Update”
• What does the trojan do?
• Sends premium SMS locally
© F-Secure ConfidentialMay 22, 201235
Computer OS Smartphone OS
Microsoft Windows XP
Windows Vista
Windows 7
Windows Phone 7
The Three Players
Apple OS X iOS
Linux Ubuntu
Red Hat
SuSE
Android
Malware distribution
across computer platforms
Malware distribution
across smartphone platforms
Microsoft Apple Linux Microsoft Apple Linux
What you can do to protect yourselves?
• Install a security solution on your
smartphone to prevent:
• Trojans and virus attacks
• Block malicious links
• Anti-theft feature to locate lost or stolen •
phones
© F-Secure ConfidentialMay 22, 201243
• Download APPS from legitimate sources and ensure you review permissions
when installing the APP
• Extra caution when clicking links in emails or SMS’es
• Use common sense
• If it is too good to be true, it probably is – no FREE lunch
In Conclusion
• Virus writers WILL continue to write more and more mobile malware
• We have more information on our Smartphones than ever before
• We use our mobile devices more than our PC’s and Laptops now
• Take mobile security seriously
© F-Secure ConfidentialMay 22, 201244