SlideShare uma empresa Scribd logo

Zimperium Enterprise Mobile Threats

Transferir como PPTX, PDF
Zimperium
Zimperium

The latest report summarizes mobile threats recorded from July 1 to September 30, 2017, for device risks, network threats, and app malware, click bots, and privacy abuse. Data in the “Zimperium Global Threat Report” is initiated by Zimperium’s mobile security and mobile threat defense technology, z9, on enterprise customer devices. The threat detection is delivered via the zIPS mobile security app or the lightweight zIAP SDK for mobile app developers. zIPS and zIAP enable companies to detect threats to mobile devices in real-time, so attacks on a mobile device are terminated and won’t advance beyond the targeted device.

Tecnologia
1 de 16
1All Rights Reserved © 2017 Source: 2017 Mobile Security Spotlight, Zimperium, Inc.
2All Rights Reserved © 2017 BroadPwn M o b i l e T h r e a t s A r e R e a l …
3All Rights Reserved © 2017 BankBot M o b i l e T h r e a t s A r e R e a l …
4All Rights Reserved © 2017 KRACK M o b i l e T h r e a t s A r e R e a l …
5All Rights Reserved © 2017 Mobile OS is Constantly Changing Source: CVE.Mitre.org. CVEDetails.com: Android and iOS CVEs 0 100 200 300 400 500 600 700 800 900 1000 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 CVE Score 7+ CVE Score 1-6 Windows 10 Through Sept 2017 CVEs
Malicious App
7All Rights Reserved © 2017 Install app from third party store App Exploit executed App Used as weapon to internal network Leak data Malicious App M o b i l e T h r e a t s A r e R e a l … Permissions abuse App ALLOW
8All Rights Reserved © 2017 Malicious App M o b i l e T h r e a t s A r e R e a l … 0% 1% 2% 3% 4% 5% Malicious Android Apps Malicious iOS Apps Source: Zimperium Global Threat Intelligence
Device Configuration Changes
10All Rights Reserved © 2017 Consultant that goes in and out of client networks client1_wifi client2_wifi client3_wifi client4_wifi Doesn’t like client network restrictions on-site client3_wifi CONNECTED! Installs “free” VPN profile to bypass restrictions Installs SSL cert to encrypt / decrypt device traffic SSL CERT All company data is decrypted to the hacker iOS Profile M o b i l e T h r e a t s A r e R e a l …
11All Rights Reserved © 2017 Unnecessary Device Risks M o b i l e T h r e a t s A r e R e a l … 0% 10% 20% 30% 40% 50% 60% 70% Malicious Profiles Extreme Risk Configuration High Risk Configuration Vulnerable Devices Source: Zimperium Global Threat Intelligence
Network Attacks
13All Rights Reserved © 2017 At a coffee shop near an office coffee_wifi CONNECTED! Redirect to phishing page LOGIN Data exploit Access to corporate data Wi-Fi MITM M o b i l e T h r e a t s A r e R e a l … Wi-Fi MITM
14All Rights Reserved © 2017 Source: Zimperium Global Threat Intelligence Wi-Fi MITM M o b i l e T h r e a t s A r e R e a l … 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% Rogue AP SSL Strip MITM Attacks
Zimperium Enterprise Mobile Threats

Recomendados

Zimperium Global Threat Intelligence - Q2 2017
Zimperium Global Threat Intelligence - Q2 2017Zimperium Global Threat Intelligence - Q2 2017
Zimperium Global Threat Intelligence - Q2 2017Zimperium
 
How to Protect Mobile Banking Users from BankBot
How to Protect Mobile Banking Users from BankBotHow to Protect Mobile Banking Users from BankBot
How to Protect Mobile Banking Users from BankBotZimperium
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityZimperium
 
Bitdefender Android/Mobile Security
Bitdefender Android/Mobile SecurityBitdefender Android/Mobile Security
Bitdefender Android/Mobile SecurityKazi Sarwar Hossain
 
2017 Security Report Presentation
2017 Security Report Presentation2017 Security Report Presentation
2017 Security Report Presentationixiademandgen
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
Home cyber security
Home cyber securityHome cyber security
Home cyber securityMichael File
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity PredictionsPaloAltoNetworks
 

Recomendados

Zimperium Global Threat Intelligence - Q2 2017
Zimperium Global Threat Intelligence - Q2 2017Zimperium Global Threat Intelligence - Q2 2017
Zimperium Global Threat Intelligence - Q2 2017Zimperium
 
How to Protect Mobile Banking Users from BankBot
How to Protect Mobile Banking Users from BankBotHow to Protect Mobile Banking Users from BankBot
How to Protect Mobile Banking Users from BankBotZimperium
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityZimperium
 
Bitdefender Android/Mobile Security
Bitdefender Android/Mobile SecurityBitdefender Android/Mobile Security
Bitdefender Android/Mobile SecurityKazi Sarwar Hossain
 
2017 Security Report Presentation
2017 Security Report Presentation2017 Security Report Presentation
2017 Security Report Presentationixiademandgen
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
Home cyber security
Home cyber securityHome cyber security
Home cyber securityMichael File
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity PredictionsPaloAltoNetworks
 
Techvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsTechvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsSaad Ahmad
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection securityIBM Security
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Top 5 website security myths
Top 5 website security mythsTop 5 website security myths
Top 5 website security mythskanika sharma
 
Mobile security
Mobile securityMobile security
Mobile securityNaveen Kumar
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityNeil Parker
 
The state of mobile app security
The state of mobile app security The state of mobile app security
The state of mobile app security Mahima Anand Sharma
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 
CSS Trivia
CSS TriviaCSS Trivia
CSS TriviaAlert Logic
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityKevin Lee
 
Infographic: The High Cost of BYOD
Infographic: The High Cost of BYODInfographic: The High Cost of BYOD
Infographic: The High Cost of BYODTrustwave
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeZeeshan Khan
 
David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
 
Four Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud GenerationFour Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud GenerationAboutSSL
 
cyber crime - slideshare by jayed hossain jibon
cyber crime - slideshare by jayed hossain jiboncyber crime - slideshare by jayed hossain jibon
cyber crime - slideshare by jayed hossain jibonJayed Hossain Jibon
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security BrokersAbhishek Tripathi
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedNoNameCon
 
We are all info sec
We are all info secWe are all info sec
We are all info secMichael Swinarski
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Advanced monitoring
 

Mais conteúdo relacionado

Mais procurados

Techvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsTechvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsSaad Ahmad
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection securityIBM Security
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Top 5 website security myths
Top 5 website security mythsTop 5 website security myths
Top 5 website security mythskanika sharma
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityNeil Parker
 
The state of mobile app security
The state of mobile app security The state of mobile app security
The state of mobile app security Mahima Anand Sharma
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityKevin Lee
 
Infographic: The High Cost of BYOD
Infographic: The High Cost of BYODInfographic: The High Cost of BYOD
Infographic: The High Cost of BYODTrustwave
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
 
Four Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud GenerationFour Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud GenerationAboutSSL
 
cyber crime - slideshare by jayed hossain jibon
cyber crime - slideshare by jayed hossain jiboncyber crime - slideshare by jayed hossain jibon
cyber crime - slideshare by jayed hossain jibonJayed Hossain Jibon
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security BrokersAbhishek Tripathi
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedNoNameCon
 

Mais procurados (20)

Techvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsTechvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutions
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection security
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographic
 
Top 5 website security myths
Top 5 website security mythsTop 5 website security myths
Top 5 website security myths
 
Mobile security
Mobile securityMobile security
Mobile security
 
Mobile security
Mobile securityMobile security
Mobile security
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber Security
 
The state of mobile app security
The state of mobile app security The state of mobile app security
The state of mobile app security
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatible
 
CSS Trivia
CSS TriviaCSS Trivia
CSS Trivia
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Infographic: The High Cost of BYOD
Infographic: The High Cost of BYODInfographic: The High Cost of BYOD
Infographic: The High Cost of BYOD
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer Malware
 
Four Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud GenerationFour Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud Generation
 
cyber crime - slideshare by jayed hossain jibon
cyber crime - slideshare by jayed hossain jiboncyber crime - slideshare by jayed hossain jibon
cyber crime - slideshare by jayed hossain jibon
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security Brokers
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
 
We are all info sec
We are all info secWe are all info sec
We are all info sec
 

Semelhante a Zimperium Enterprise Mobile Threats

Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Advanced monitoring
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondAPNIC
 
SECON'2017, Чемёркин Юрий, Безопасность данных мобильных приложений
SECON'2017, Чемёркин Юрий, Безопасность данных мобильных приложенийSECON'2017, Чемёркин Юрий, Безопасность данных мобильных приложений
SECON'2017, Чемёркин Юрий, Безопасность данных мобильных приложенийSECON
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityDistil Networks
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceDelivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceNowSecure
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainIBM Security
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018NowSecure
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowNowSecure
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSubho Halder
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?lorzinian
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 

Semelhante a Zimperium Enterprise Mobile Threats (20)

Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
SECON'2017, Чемёркин Юрий, Безопасность данных мобильных приложений
SECON'2017, Чемёркин Юрий, Безопасность данных мобильных приложенийSECON'2017, Чемёркин Юрий, Безопасность данных мобильных приложений
SECON'2017, Чемёркин Юрий, Безопасность данных мобильных приложений
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile Devices
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceDelivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to know
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 

Último

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Zimperium Enterprise Mobile Threats

  • 1.
  • 2. 1All Rights Reserved © 2017 Source: 2017 Mobile Security Spotlight, Zimperium, Inc.
  • 3. 2All Rights Reserved © 2017 BroadPwn M o b i l e T h r e a t s A r e R e a l …
  • 4. 3All Rights Reserved © 2017 BankBot M o b i l e T h r e a t s A r e R e a l …
  • 5. 4All Rights Reserved © 2017 KRACK M o b i l e T h r e a t s A r e R e a l …
  • 6. 5All Rights Reserved © 2017 Mobile OS is Constantly Changing Source: CVE.Mitre.org. CVEDetails.com: Android and iOS CVEs 0 100 200 300 400 500 600 700 800 900 1000 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 CVE Score 7+ CVE Score 1-6 Windows 10 Through Sept 2017 CVEs
  • 8. 7All Rights Reserved © 2017 Install app from third party store App Exploit executed App Used as weapon to internal network Leak data Malicious App M o b i l e T h r e a t s A r e R e a l … Permissions abuse App ALLOW
  • 9. 8All Rights Reserved © 2017 Malicious App M o b i l e T h r e a t s A r e R e a l … 0% 1% 2% 3% 4% 5% Malicious Android Apps Malicious iOS Apps Source: Zimperium Global Threat Intelligence
  • 11. 10All Rights Reserved © 2017 Consultant that goes in and out of client networks client1_wifi client2_wifi client3_wifi client4_wifi Doesn’t like client network restrictions on-site client3_wifi CONNECTED! Installs “free” VPN profile to bypass restrictions Installs SSL cert to encrypt / decrypt device traffic SSL CERT All company data is decrypted to the hacker iOS Profile M o b i l e T h r e a t s A r e R e a l …
  • 12. 11All Rights Reserved © 2017 Unnecessary Device Risks M o b i l e T h r e a t s A r e R e a l … 0% 10% 20% 30% 40% 50% 60% 70% Malicious Profiles Extreme Risk Configuration High Risk Configuration Vulnerable Devices Source: Zimperium Global Threat Intelligence
  • 14. 13All Rights Reserved © 2017 At a coffee shop near an office coffee_wifi CONNECTED! Redirect to phishing page LOGIN Data exploit Access to corporate data Wi-Fi MITM M o b i l e T h r e a t s A r e R e a l … Wi-Fi MITM
  • 15. 14All Rights Reserved © 2017 Source: Zimperium Global Threat Intelligence Wi-Fi MITM M o b i l e T h r e a t s A r e R e a l … 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% Rogue AP SSL Strip MITM Attacks