SlideShare a Scribd company logo
1 of 30
Download to read offline
When Malware Goes Mobile
Vanja Svajcer, Principal Researcher
Malware goes mobile

•Mobile malware
•Securing mobile devices




2
Mobile malware

    •First malware for mobile platforms around 2004
    •Symbian – most prevalent
    •JavaME – still being developed
    •WinCE – very few samples
    •iOS – few instances in 2010,2011
    •Android – big growth in the number of malware samples




3
Android environment

    •Platform popularity (75% new smartphones sales)
    •Adding applications to Google Play is easy
    •Alternative Android application markets
    •Forums and file sharing sites
    •“Cracked” and repackaged apps
    •China, Russia
    •Android app landscape similar to Windows




4
Android – Google play




5
Android Malware
            Cumulative number of discovered samples
    80000


    70000


    60000


    50000


    40000

                                                      Series1
    30000


    20000


    10000


        0




6
Android Malware
               Samples discovered per year
    80000


    70000


    60000


    50000


    40000
                                              Samples

    30000


    20000


    10000


        0
            2010         2011          2012


7
Android Malware
             Top malware families discovered




                                          30%   Andr/Boxer-D
      33%                                       Andr/Boxer-A
                                                Andr/Gmaster-A
                                                Andr/Boxer-C
                                                Andr/NewyearL-B
                                                Andr/Kmin-C
                                                Andr/Opfake-F
                                                Andr/KongFu-A
                                                Andr/Opfake-G

      2%                                        Andr/FakeIns-A

       2%                                 11%   Others

            3%
                 3%
                      3%             5%
                           4%   4%



8
Android Malware
           Discovered Android vs JavaME samples
    100%
     90%
     80%
     70%
     60%
     50%
     40%                                   JavaME samples
     30%                                   Android samples
     20%
     10%
      0%
           2011-10
           2011-07
           2011-08
           2011-09



           2011-12
           2011-11

           2012-01
           2012-02
           2012-03
           2012-04
           2012-05
           2012-06
           2012-07
           2012-08
           2012-09
9
Android malware

     •Over 70k unique samples of malware known
     •Information stealers (Andr/SMSRep)
     •SMS senders (Andr/AdSMS)
     •Phishing (fake mobile banking software)
     •Privilege escalation exploits (DroidDream)
     •Zeus for Android (Zitmo)




10
Andr/Boxer family




11
Andr/Boxer family
 Witness




12
Andr/Boxer family
 Witness




13
Zitmo environment

                                      Zeus/Zitmo C & C server



      Send status &
      SMS messages




       Attacker
                             Victim
                  SMS mTAN
 14
Android malware ItW
     Andr/Boxer-A                                Malware reports ItW
          2%                   Andr/FaceNiff-A
                                     1%           Andr/Opfake-A
                                                       1%
                     Andr/Opfake-C
                          2%                             Others
                                                          5%
                     Andr/DroidRt-A
                          2%
                    Andr/DrSheep-A
                          3%

            Andr/BatteryD-A
                  4%                   Andr/Generic-S
                                            6%

                                        Andr/BBridge-A
                                              9%                  Andr/PJApps-C
                                                                       65%




15
PJApps distribution




 16
Android malware ItW
                      Android malware reports per country


                                         Others
               Peru                       17%
               1%      China                               United States
                        1%                                     17%

         Republic of Korea
               2%      India
     Romania             2%
       2%                                                            United Kingdom
                 Switzerland                                              13%
                     2%

        Netherlands
            3%         Mexico                                            Germany
                         3%                                               10%
                      Costa Rica
                         3%
                       Argentina            Italy               Brazil
                          3%     Spain       4%                  8%
                                  3%
                                         Cyprus     Venezuela
                                          4%           4%


17
Android Malware
                                             Android Threat Exposure Rate
 14.00%



 12.00%



 10.00%



     8.00%


                                                                                                       Threat Exposure Rate
     6.00%



     4.00%



     2.00%



     0.00%
             Australia   Brazil   United   Others Malaysia Germany   India   France    United   Iran
                                  States                                              Kingdom

18
Paradigm shift



                 ?
Securing mobile devices

     • Platform and device diversity
     • Compliance for access to corporate data
      • Device security
      • Application security
     • IT productivity




20
Diversity

     Use MDM framework to manage all major
      smartphones and tablet types from a single
      console
      •   Apple iOS
      •   Android
      •   RIM Blackberry 5.x, 6.x
      •   Windows 8?




21
Compliance

     •   Compliance enforcement
     •   Best practice in configuration
     •   Best practice in app security
     •   Protecting enterprise assets




22
Compliance Enforcement - Basics

                               Validate rules
     Send status




                               Control mail access




                   EAS Proxy                    Exchange
23
Device & data security (loss)

     •   Remote Lock and/or Wipe
     •   Auto-wipe after a number of failed login attempts
     •   Locate lost or stolen phone
     •   SIM change notification/wipe
     •   Device encryption !!!




24
Application security

     Enterprise App Store for recommended apps
      •   Recommend supported apps
      •   Enforce required apps
      •   Distribute homegrown apps
      •   Help for the agnostic user
      •   Limit the risk of too many used apps
     Keep OS and apps up to date
      • Easier with apps
      • Difficult (for Android) for OS




25
IT Productivity – remote and OTA management

     •    Define password policy and lock period
     •    Control installation of apps
     •    Block use of camera, browser, Youtube, …
     •    Send text notification to client
     •    Manage endpoint security/anti-malware software
     •    Prevent jailbreaking
     •    Blackberry most suited for fine tuning, then
         iOS, Android


26
Conclusions

     •   Mobile devices are changing the enterprise
     •   Diversity (apps rule, not OSes), BYOD
     •   Android most targeted by malware
     •   Malware growth to continue
     •   Malware complexities increase
     •   Follow the best practice to secure mobile devices




27
Control, secure, protect
                  Sophos Mobile Control - Mobile Device Management
                  On-premise or cloud-based solution to manage, control
                  and protect mobile devices.
                  Enable BYOD without the risks


                  Sophos Mobile Security – Anti-Virus for Android
                  Scans for malicious data-stealing apps and provides
                  loss and theft protection. Free download   
                  Protect devices from Android malware


                  Sophos Mobile Encryption – Mobile Data Protection
                  Extends SafeGuard Encryption for Cloud Storage to
                  mobile devices – iOS or Android*
                  Ensure persistent encryption


 Android version available late September 2012
Complete Security
        Endpoint                    Web                       Email                 Data                         Mobile                 Network




Reduce attack surface                     Protect everywhere                 Stop attacks and breaches                    Keep people working




 URL Filtering    Web Application         Endpoint Web      Encryption           Data Control   Access control            Automation     WiFi security
                     Firewall              Protection        for cloud



     Anti-spam    Patch Manager           Mobile Control    Virtualization       Anti-malware   User education             Visibility   Local self-help




                    Application                              Mobile app                                                    Clean up        Technical
 Device Control                           Secure branch                           Intrusion        Firewall
                     Control                                  security                                                                      support
                                             offices                              prevention




     Encryption                           Live Protection                           Email
                                                                                  encryption




29
Staying ahead of the curve
Staying ahead of the curve
                                         US and Canada
      facebook.com/securitybysophos     1-866-866-2802
                                      NASales@sophos.com

      Sophos on Google+


                                       UK and Worldwide
      linkedin.com/company/sophos
                                        + 44 1235 55 9933
                                       Sales@sophos.com

      twitter.com/Sophos_News


      nakedsecurity.sophos.com


                                                    30

More Related Content

Similar to When Malware Goes Mobile

Security Issues in the Mobile Environment
Security Issues in the Mobile EnvironmentSecurity Issues in the Mobile Environment
Security Issues in the Mobile EnvironmentLigia Adam
 
Mobile devcon metrics of the mobile web
Mobile devcon   metrics of the mobile webMobile devcon   metrics of the mobile web
Mobile devcon metrics of the mobile webAvenga Germany GmbH
 
ModevCon 2014 - Presentation Slides: Krishna Guda
ModevCon 2014 - Presentation Slides: Krishna GudaModevCon 2014 - Presentation Slides: Krishna Guda
ModevCon 2014 - Presentation Slides: Krishna GudaExoLeaders.com
 
Top mobile security threats
Top mobile security threatsTop mobile security threats
Top mobile security threatsRingtoIndia
 
The Appstore Opportunity by Gert Jan Spriensma
The Appstore Opportunity by Gert Jan Spriensma The Appstore Opportunity by Gert Jan Spriensma
The Appstore Opportunity by Gert Jan Spriensma PhoneGap
 
Vulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp SuiteVulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp Suitesportblonde1589
 
Bitdefender mobile security for android
Bitdefender mobile security for androidBitdefender mobile security for android
Bitdefender mobile security for androidKazi Sarwar Hossain
 
The Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyThe Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyBernard Leong
 
F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Corporation
 
F-Secure Mobile Threat Report, Q2 2012
F-Secure Mobile Threat Report, Q2 2012F-Secure Mobile Threat Report, Q2 2012
F-Secure Mobile Threat Report, Q2 2012F-Secure Corporation
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012Shivmohan Yadav
 
Android By Manish Seth
Android By Manish SethAndroid By Manish Seth
Android By Manish SethNitin Gupta
 
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...TransUnion
 
State of Mobile Benchmark Report - MWC 2015 Edition
State of Mobile Benchmark Report -  MWC 2015 EditionState of Mobile Benchmark Report -  MWC 2015 Edition
State of Mobile Benchmark Report - MWC 2015 EditionApteligent
 
Mobile Marketing: 99 Ways to Get Your App Noticed - Parisa Foster
Mobile Marketing: 99 Ways to Get Your App Noticed - Parisa FosterMobile Marketing: 99 Ways to Get Your App Noticed - Parisa Foster
Mobile Marketing: 99 Ways to Get Your App Noticed - Parisa FosterParisa Foster
 
Who needs spwyare when you have COVID-19 apps?
Who needs spwyare when you have COVID-19 apps?Who needs spwyare when you have COVID-19 apps?
Who needs spwyare when you have COVID-19 apps?Megan DeBlois
 
Trend micro smartphone consumer market research report
Trend micro smartphone consumer market research reportTrend micro smartphone consumer market research report
Trend micro smartphone consumer market research reportAndrew Wong
 
Fighting Fragmentation with Fragments
Fighting Fragmentation with FragmentsFighting Fragmentation with Fragments
Fighting Fragmentation with Fragmentsgrunicanada
 

Similar to When Malware Goes Mobile (20)

Security Issues in the Mobile Environment
Security Issues in the Mobile EnvironmentSecurity Issues in the Mobile Environment
Security Issues in the Mobile Environment
 
Mobile devcon metrics of the mobile web
Mobile devcon   metrics of the mobile webMobile devcon   metrics of the mobile web
Mobile devcon metrics of the mobile web
 
ModevCon 2014 - Presentation Slides: Krishna Guda
ModevCon 2014 - Presentation Slides: Krishna GudaModevCon 2014 - Presentation Slides: Krishna Guda
ModevCon 2014 - Presentation Slides: Krishna Guda
 
Top mobile security threats
Top mobile security threatsTop mobile security threats
Top mobile security threats
 
The Appstore Opportunity by Gert Jan Spriensma
The Appstore Opportunity by Gert Jan Spriensma The Appstore Opportunity by Gert Jan Spriensma
The Appstore Opportunity by Gert Jan Spriensma
 
Vulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp SuiteVulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp Suite
 
Bitdefender mobile security for android
Bitdefender mobile security for androidBitdefender mobile security for android
Bitdefender mobile security for android
 
The Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyThe Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web Economy
 
F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012F-Secure Mobile Threat Report Quarter 1 2012
F-Secure Mobile Threat Report Quarter 1 2012
 
F-Secure Mobile Threat Report, Q2 2012
F-Secure Mobile Threat Report, Q2 2012F-Secure Mobile Threat Report, Q2 2012
F-Secure Mobile Threat Report, Q2 2012
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012
 
Android By Manish Seth
Android By Manish SethAndroid By Manish Seth
Android By Manish Seth
 
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
State of Mobile Benchmark Report - MWC 2015 Edition
State of Mobile Benchmark Report -  MWC 2015 EditionState of Mobile Benchmark Report -  MWC 2015 Edition
State of Mobile Benchmark Report - MWC 2015 Edition
 
Mobile Marketing: 99 Ways to Get Your App Noticed - Parisa Foster
Mobile Marketing: 99 Ways to Get Your App Noticed - Parisa FosterMobile Marketing: 99 Ways to Get Your App Noticed - Parisa Foster
Mobile Marketing: 99 Ways to Get Your App Noticed - Parisa Foster
 
Android fragmentation
Android fragmentationAndroid fragmentation
Android fragmentation
 
Who needs spwyare when you have COVID-19 apps?
Who needs spwyare when you have COVID-19 apps?Who needs spwyare when you have COVID-19 apps?
Who needs spwyare when you have COVID-19 apps?
 
Trend micro smartphone consumer market research report
Trend micro smartphone consumer market research reportTrend micro smartphone consumer market research report
Trend micro smartphone consumer market research report
 
Fighting Fragmentation with Fragments
Fighting Fragmentation with FragmentsFighting Fragmentation with Fragments
Fighting Fragmentation with Fragments
 

More from Sophos

Sophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos
 
Your Money or Your File! Highway Robbery with Blackhole and Ransomware
Your Money or Your File! Highway Robbery with Blackhole and RansomwareYour Money or Your File! Highway Robbery with Blackhole and Ransomware
Your Money or Your File! Highway Robbery with Blackhole and RansomwareSophos
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report PresentationSophos
 
Sophos EndUser Protection
Sophos EndUser ProtectionSophos EndUser Protection
Sophos EndUser ProtectionSophos
 
2013 Security Threat Report
2013 Security Threat Report2013 Security Threat Report
2013 Security Threat ReportSophos
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint SettingsSophos
 
Preparing Your School for BYOD with Sophos UTM Wireless Protection
Preparing Your School for BYOD with Sophos UTM Wireless ProtectionPreparing Your School for BYOD with Sophos UTM Wireless Protection
Preparing Your School for BYOD with Sophos UTM Wireless ProtectionSophos
 
Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Sophos
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos
 
UTM - The Complete Security Box
UTM - The Complete Security BoxUTM - The Complete Security Box
UTM - The Complete Security BoxSophos
 
IT Security DOs und DON’Ts (Italian)
IT Security DOs und DON’Ts (Italian)IT Security DOs und DON’Ts (Italian)
IT Security DOs und DON’Ts (Italian)Sophos
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts Sophos
 

More from Sophos (13)

Sophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos Wireless Protection Overview
Sophos Wireless Protection Overview
 
Your Money or Your File! Highway Robbery with Blackhole and Ransomware
Your Money or Your File! Highway Robbery with Blackhole and RansomwareYour Money or Your File! Highway Robbery with Blackhole and Ransomware
Your Money or Your File! Highway Robbery with Blackhole and Ransomware
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
 
Sophos EndUser Protection
Sophos EndUser ProtectionSophos EndUser Protection
Sophos EndUser Protection
 
2013 Security Threat Report
2013 Security Threat Report2013 Security Threat Report
2013 Security Threat Report
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings
 
Preparing Your School for BYOD with Sophos UTM Wireless Protection
Preparing Your School for BYOD with Sophos UTM Wireless ProtectionPreparing Your School for BYOD with Sophos UTM Wireless Protection
Preparing Your School for BYOD with Sophos UTM Wireless Protection
 
Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product Overview
 
UTM - The Complete Security Box
UTM - The Complete Security BoxUTM - The Complete Security Box
UTM - The Complete Security Box
 
IT Security DOs und DON’Ts (Italian)
IT Security DOs und DON’Ts (Italian)IT Security DOs und DON’Ts (Italian)
IT Security DOs und DON’Ts (Italian)
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts
 

When Malware Goes Mobile

  • 1. When Malware Goes Mobile Vanja Svajcer, Principal Researcher
  • 2. Malware goes mobile •Mobile malware •Securing mobile devices 2
  • 3. Mobile malware •First malware for mobile platforms around 2004 •Symbian – most prevalent •JavaME – still being developed •WinCE – very few samples •iOS – few instances in 2010,2011 •Android – big growth in the number of malware samples 3
  • 4. Android environment •Platform popularity (75% new smartphones sales) •Adding applications to Google Play is easy •Alternative Android application markets •Forums and file sharing sites •“Cracked” and repackaged apps •China, Russia •Android app landscape similar to Windows 4
  • 6. Android Malware Cumulative number of discovered samples 80000 70000 60000 50000 40000 Series1 30000 20000 10000 0 6
  • 7. Android Malware Samples discovered per year 80000 70000 60000 50000 40000 Samples 30000 20000 10000 0 2010 2011 2012 7
  • 8. Android Malware Top malware families discovered 30% Andr/Boxer-D 33% Andr/Boxer-A Andr/Gmaster-A Andr/Boxer-C Andr/NewyearL-B Andr/Kmin-C Andr/Opfake-F Andr/KongFu-A Andr/Opfake-G 2% Andr/FakeIns-A 2% 11% Others 3% 3% 3% 5% 4% 4% 8
  • 9. Android Malware Discovered Android vs JavaME samples 100% 90% 80% 70% 60% 50% 40% JavaME samples 30% Android samples 20% 10% 0% 2011-10 2011-07 2011-08 2011-09 2011-12 2011-11 2012-01 2012-02 2012-03 2012-04 2012-05 2012-06 2012-07 2012-08 2012-09 9
  • 10. Android malware •Over 70k unique samples of malware known •Information stealers (Andr/SMSRep) •SMS senders (Andr/AdSMS) •Phishing (fake mobile banking software) •Privilege escalation exploits (DroidDream) •Zeus for Android (Zitmo) 10
  • 14. Zitmo environment Zeus/Zitmo C & C server Send status & SMS messages Attacker Victim SMS mTAN 14
  • 15. Android malware ItW Andr/Boxer-A Malware reports ItW 2% Andr/FaceNiff-A 1% Andr/Opfake-A 1% Andr/Opfake-C 2% Others 5% Andr/DroidRt-A 2% Andr/DrSheep-A 3% Andr/BatteryD-A 4% Andr/Generic-S 6% Andr/BBridge-A 9% Andr/PJApps-C 65% 15
  • 17. Android malware ItW Android malware reports per country Others Peru 17% 1% China United States 1% 17% Republic of Korea 2% India Romania 2% 2% United Kingdom Switzerland 13% 2% Netherlands 3% Mexico Germany 3% 10% Costa Rica 3% Argentina Italy Brazil 3% Spain 4% 8% 3% Cyprus Venezuela 4% 4% 17
  • 18. Android Malware Android Threat Exposure Rate 14.00% 12.00% 10.00% 8.00% Threat Exposure Rate 6.00% 4.00% 2.00% 0.00% Australia Brazil United Others Malaysia Germany India France United Iran States Kingdom 18
  • 20. Securing mobile devices • Platform and device diversity • Compliance for access to corporate data • Device security • Application security • IT productivity 20
  • 21. Diversity Use MDM framework to manage all major smartphones and tablet types from a single console • Apple iOS • Android • RIM Blackberry 5.x, 6.x • Windows 8? 21
  • 22. Compliance • Compliance enforcement • Best practice in configuration • Best practice in app security • Protecting enterprise assets 22
  • 23. Compliance Enforcement - Basics Validate rules Send status Control mail access EAS Proxy Exchange 23
  • 24. Device & data security (loss) • Remote Lock and/or Wipe • Auto-wipe after a number of failed login attempts • Locate lost or stolen phone • SIM change notification/wipe • Device encryption !!! 24
  • 25. Application security Enterprise App Store for recommended apps • Recommend supported apps • Enforce required apps • Distribute homegrown apps • Help for the agnostic user • Limit the risk of too many used apps Keep OS and apps up to date • Easier with apps • Difficult (for Android) for OS 25
  • 26. IT Productivity – remote and OTA management • Define password policy and lock period • Control installation of apps • Block use of camera, browser, Youtube, … • Send text notification to client • Manage endpoint security/anti-malware software • Prevent jailbreaking • Blackberry most suited for fine tuning, then iOS, Android 26
  • 27. Conclusions • Mobile devices are changing the enterprise • Diversity (apps rule, not OSes), BYOD • Android most targeted by malware • Malware growth to continue • Malware complexities increase • Follow the best practice to secure mobile devices 27
  • 28. Control, secure, protect Sophos Mobile Control - Mobile Device Management On-premise or cloud-based solution to manage, control and protect mobile devices. Enable BYOD without the risks Sophos Mobile Security – Anti-Virus for Android Scans for malicious data-stealing apps and provides loss and theft protection. Free download    Protect devices from Android malware Sophos Mobile Encryption – Mobile Data Protection Extends SafeGuard Encryption for Cloud Storage to mobile devices – iOS or Android* Ensure persistent encryption Android version available late September 2012
  • 29. Complete Security Endpoint Web Email Data Mobile Network Reduce attack surface Protect everywhere Stop attacks and breaches Keep people working URL Filtering Web Application Endpoint Web Encryption Data Control Access control Automation WiFi security Firewall Protection for cloud Anti-spam Patch Manager Mobile Control Virtualization Anti-malware User education Visibility Local self-help Application Mobile app Clean up Technical Device Control Secure branch Intrusion Firewall Control security support offices prevention Encryption Live Protection Email encryption 29
  • 30. Staying ahead of the curve Staying ahead of the curve US and Canada facebook.com/securitybysophos 1-866-866-2802 NASales@sophos.com Sophos on Google+ UK and Worldwide linkedin.com/company/sophos + 44 1235 55 9933 Sales@sophos.com twitter.com/Sophos_News nakedsecurity.sophos.com 30

Editor's Notes

  1. There are few things which make malware for Android more common then for other platforms. Adding new applications to the market is easy and Google’s process for controlling functionality of application is not very strict.It is very easy to become an Android developer and publish application. It is very easy to decompile an application, change its functionality and repackage the application as a completely new (effectively stolen application). Installation from third party sites is possible. There are number of alternative Android markets for applications, including the one set up by the network providers and other well known companies such as Amazon.In addition to that cracked applications are shared on many Android related forums and file sharing web sites. Piracy is a major problem. An article on forbes states “The costs of piracy are very real. One-in-three developers say they’ve lost more than $10,000 in revenue due to piracy. 32% say piracy increases their support costs. One-in-four say piracy increases their server costs, with all those extra users piling onto their servers.”There is a significant number of alternative markets in China, which is currently the main source of malicios applications.Overall, the situation with Android application is very similar to early days of Windows and considering that, it is not surprising that we are seeing increasing numbers of Android malware in our labs.
  2. Most of the Android malware variants we have seen (around 100 at the moment) have been written this year, though some of them appeared last year as well (first ones in 2009). There is at least 500% increase year over year but the numbers are still very small comparing to numbers of Windows malware. The most significant malware attacks are the ones that successfully infiltrate the original Google Marketplace. The most well known example is Droiddream (March 2011).Attackers have managed, using three Android developer account to plant over 50 trojanized application into the original market.Droiddream uses 2 privilege escalation exploits (one for Linux kernel, one for Android) to obtain root access for the device and integrate with the operating system, it then collects potentially confidential information from the phone and sends it to the malware writers.
  3. Interesting for tactics similar to Windows malware (fake installers, fake antivirus software), but also because files are dynamically built as they are served to the user which achieves a very crude server side polymorphism. A technique used to morph the APK file is to include a random number of images of .... See next slide
  4. This scary looking dude. We thought at the beginning that this may be the virus writer (although that would be quite stupid on his side). It turns out this is the original photo from a wedding in Fryazino. This image was published on one of the popular forum sometimes in 2006 and became a major Russian internet meme with people adding the witness in many photos and ocassions, such as (see next slide).
  5. Examples of some work including the Witness from Fryazino.
  6. The principle of the compliance check is very simple. Compare information from the device against a set of rules. If any of the rules is violated, the device is not compliant. In this case, the device will be highlighted to the administrator. Optionally, a mitigation and enforcement rule can be executed and any further e-mail to the device will be blocked in the EAS proxy.
  7. Pjapps-C is a detection for applications that are cracked. Not malicious necesarrily but cracked using a dodgy tool. Most probably illegal – PUA.Bbridge-A is a detection for data leakage and SMS sending malware it uses HTTP to connect and send the data to a malicious (C&C?) serverGeneric-S is a Labrules bucketBatteryD is another PUA which purports to be an app that saves the battery consumption but is agressive adware that may leak some personaly identifiable information.DrSheep-A – is a hack tool which allows an attacker to hijack sessions on the same wireless network if a web app is not using HTTPS (e.g. Works for linked in at the moment). Similar to FiresheepDroidRt-A – is an app containing a privilege escalation exploit, potentially used to root the deviceOpfake – is a fake Opera installer, real malware, finallyBoxer – is real malware (see next few slides), installs additional (malicious or non-malicious packages) and sends SMS messages premium line numbers (depending on the country)Faceniff- is a Facebook session sniffer (not sure how it works) but it is a hacking tool I think
  8. The principle of the compliance check is very simple. Compare information from the device against a set of rules. If any of the rules is violated, the device is not compliant. In this case, the device will be highlighted to the administrator. Optionally, a mitigation and enforcement rule can be executed and any further e-mail to the device will be blocked in the EAS proxy.
  9. So if you’re looking at your mobile strategy, think of your mobile devices as portable computers – but with additional risks , so you need to use more than just mobile device management to protect them. We have various tools to help you do that.
  10. Complete security means we don’t just detect threats, we:Reduce the attack surface – We address the things that bring risk like vulnerabilities and applications.Protect everywhere – We make sure your users are protected wherever they are and whatever device they’re using.Stop attacks and breaches – Of course we can detect and prevent threats and data loss. But we’ve moved beyond signatures with innovations like live protection, which means we can stop new threats instantly.Crucially, we Keep people working – Both your users and the IT team. We engineer our products to simplify the tasks that take too much time today, like cleaning up infections and recovering forgotten passwords. So, as the threat and the ways that we use IT for work evolve, so does your protection. We stay on top of them, to simply give you all you need to stay secure. We engineer our products to work better together. And we look for opportunities to unify endpoint agents, gateway defenses, security policies and intelligence so it’s even easier.Agents – for every device, combining security to maximise protection and performanceAt the Gateway – virtual or hardware appliances and software options that match your protection priorities and sizeThroughPolicies - We let you create a policy once, and apply it anywhere to give you consistent protection and user experienceFrom our Labs - our experts have visibility of all aspects of security threats and use that expertise to actively fine-tune your protection for you and deliver instantly from the cloud