3. Do you know?
What a malware
affected clone of
Angry birds can do!
engage with us @ techsymposium.in
4. Within seconds of
starting your app it will
Start spamming your friend with SMS
Download your Address Book
locate you using your phone’s GPS
Get access to your camera and see a live
stream from it without your knowledge
engage with us @ techsymposium.in
9. This session will explore
Latest trends of Mobile Phone
uses, threats, frauds and security
vulnerabilities
How mobile phone malwares work
Mobile phone uses best practices
engage with us @ techsymposium.in
10. In 2013, people will purchase more than
1.2 billion mobile devices
surpassing PCs as the most common internet access
device in the world. Mobile platforms will continue
to expand at breakneck speed, as
people are forecast to download over
70 billion mobile apps
in 2014.
engage with us @ techsymposium.in
12. Threat 1
Mobile malware is a profitable
business.
The mobile malware industry has
matured and become a viable
business model for attackers.
engage with us @ techsymposium.in
13. Threat 2
One type of malware designed for
profit ‘Toll Fraud’ is the most
prevalent type of malware.
Primarily impacting Eastern Europe
and Russia.
Toll Fraud has successfully stolen
millions from consumers.
engage with us @ techsymposium.in
14. Threat 3
As the mobile industry evolves so do
mobile threats. Fraudsters are
tampering with legitimate mobile
tools and advertising systems to
achieve broader distribution and
make more money.
engage with us @ techsymposium.in
15. Threat 4
Mobile privacy is a growing issue. 5% of free
Android mobile applications contain one or
more aggressive ad networks, which can
access personal information or display
confusing ads. In addition, a number of high-
profile iOS applications raised red flags about
privacy issues this year.
engage with us @ techsymposium.in
16. Threat 5
The likelihood of encountering mobile malware
greatly depends on your geographic
location and user behavior.
Android malware likelihood is much higher in
Russia, Ukraine and China than elsewhere. In
terms of user behavior, people who
download apps outside of trusted sources
like Google Play have a higher likelihood of
encountering malware.
engage with us @ techsymposium.in
17. Threat 6
Mobile malware distribution techniques are
diversifying. Attackers are using a
combination of new and existing distribution
techniques, including email spam, hacked
websites that enable drive-by-downloads
and affiliate-based marketing.
engage with us @ techsymposium.in
18. Mobile Threat
trends
engage with us @ techsymposium.in
20. Malware
Malware is software that performs malicious
actions while installed on your phone.
Without your knowledge, malware can make
charges to your phone bill, send unsolicited
messages to your contact list, or give an
attacker control over your device.
engage with us @ techsymposium.in
21. Spyware
Designed to gather data about a large
group of users, spyware collects or transmits
sensitive data about a user without their
knowledge or consent. Such data can often
includes phone logs, text messages or
location, browser history, or contact lists.
engage with us @ techsymposium.in
22. define Malwares
You know the meaning of
Biological
FAMILY
engage with us @ techsymposium.in
23. define Malwares
a family is made up of a
number of individuals that share
important common elements
that together define the group
as a whole.
engage with us @ techsymposium.in
24. define Malwares
A Malware Family
The common elements are often
particular sections of code or associated data
that define how it executes key functional behaviors
and can include
distinct communications protocols, Command and
Control servers, certain images or other application
assets, or unique methods chosen to escalated
privileges.
engage with us @ techsymposium.in
25. define Malwares
How we identify an individual?
Within a biological
species, individuals have
distinguishing traits that make them
identifiable such as eye
color, height or weight
engage with us @ techsymposium.in
26. define Malwares
How we identify an Instance of
malware?
while malware or spyware instances can
often include
very minor differences that distinguish them
within a group, they are inherently cut from
the same cloth.
engage with us @ techsymposium.in
27. define Malwares
Variants
If two malware instances are different enough
in construction to stretch the
boundary of an instance, they may be
defined as separate variants.
engage with us @ techsymposium.in
28. define Malwares
Malware families can differ greatly
in the number of instances or
variants they contain.
Some families may be composed of
only a handful of samples while
others may include
thousands.
engage with us @ techsymposium.in
29. Evade Antivirus detection
When malware writers distribute thousands of
samples that feature only extremely minor
differences between one another, they may
be trying to evade detection.
Even the smallest difference can be enough
to defeat simple methods of detection such
as file hash identification.
engage with us @ techsymposium.in
32. The threat
trend –
Unique Malware
Instances
engage with us @ techsymposium.in
33. The likelihood that a given
device contains malware or
spyware is heavily dependent
on geographic
location, varying from .04% in
Japan to 41.6% in Russia.
engage with us @ techsymposium.in
37. What happens when you
download a ringtone?
Wireless
Providers: Run
the network and
send you bills
Aggregator:
middleman for
premium SMS
transactions, who
maintain the
technical and
service level
requirements of
each wireless
network.
engage with us @ techsymposium.in
38. How Tall Fraud Works?
Wireless
Providers: Run
the network and
send you bills
Aggregator:
middleman for
premium SMS
transactions, who
maintain the
technical and
service level
requirements of
each wireless
network.
engage with us @ techsymposium.in
46. Malicious websites are
often distribution
points for malicious
applications.
COMPROMISED
websites are legitimate
websites that have
been infected by a bad
actor to scam or
defraud visitors
Phishing sites are
designed
to mimic legitimate
sites.
engage with us @ techsymposium.in
48. How to stay Safe?
Avoid toll fraud, regularly check
your phone bill: Always review
your monthly phone bill
statements for suspicious
charges. Contact your carrier if
you identify something you
believe to be fraud.
engage with us @ techsymposium.in
49. How to stay Safe?
Double-check URLs on your
mobile: After clicking on a web
link, pay close attention to the
address to make sure it matches
the website it claims to
be, especially if you are asked to
enter account or login information.
engage with us @ techsymposium.in
50. How to stay Safe?
Protect your privacy, understand app
permissions: Be cautious about granting
applications access to personal
information on your phone or letting the
application have access to perform
functions on your phone. Make sure to
check the privacy settings for each app
before installing it.
engage with us @ techsymposium.in
51. How to stay Safe?
Be smart about device settings: Keep
network connectivity such as NFC /
WiFi, or Bluetooth ‘OFF’ when not in
use. Be sure to disable settings such
as debug mode that can open a
device up to illicit access.
engage with us @ techsymposium.in
52. How to stay Safe?
Download a security app:
Download a security app that
scans the apps you download
for malware and spyware, helps
you locate a lost or stolen
device, and protects you from
unsafe websites.
engage with us @ techsymposium.in
53. How to stay Safe?
Update your phone and apps: Make
sure to download and install
updates from your mobile operator
as soon as they are available for
your device. The same goes for
apps, download app updates
when they are available.
engage with us @ techsymposium.in
54. How to stay Safe?
Raise employee awareness:
Help employees understand
the threats and risks out
there so that employees can
take action to safeguard
their phones.
engage with us @ techsymposium.in
55. How to stay Safe?
Protect employees’ phones: Ensure
that every phone – personal or
company – is protected with
a mobile security app for
business that finds malware, scans
apps, and locates and remotely
wipes the device.
engage with us @ techsymposium.in
56. How to stay Safe?
Patch known vulnerabilities: Keep employee
phones’ operating system software up-to-
date by enabling automatic updates or
accepting service provider’s updates when
prompted. Stay up to speed on what
vulnerabilities are not patched across device
types and carriers to maintain a proper threat
model. The National Institute of Standards
and Technology offers a database of device
vulnerabilities.
engage with us @ techsymposium.in
57. How to stay Safe?
Set Pass codes
engage with us @ techsymposium.in
58. How to stay Safe?
Phone Theft
engage with us @ techsymposium.in
59. References
CRN (www.crn.com)
blog.lookout.com
engage with us @ techsymposium.in