Security Malware Threats
Now and Tomorrow Eddy Willems
Security Evangelist ndash G Data Security Labs
Director Security Industry Relationships ndash EICAR -- AMTSO
eddywillemsgdatade
bull Security Evangelist at G Data Sofware AG
- Privately owned
- Established 1985 in Germany (Bochum)
- First Atari AV software
- Security solutions for end users and companies
bull Personally Involved in the security industry since 1989
bull Worked as Senior ConsultantAnti-Virus Expert for several CERT-organisations and
commercial enterprises like Kaspersky Lab Westcon(Noxs) etc
bull Co-founder and board member of EICAR and AMTSO (international security industry org)
Introduction
Some History The old days
Spam
Some years ago
Virus
Worm
Trojan
Current threats
History facts 1986 Brain first PC(bootsector) virus
1988 Morris-worm infected 10 of the internet (6000 computers)
1992 Michelangelo first virus in the media
1995 Concept first macro-virus
1999 Melissa mass mailer
2003 Slammer memory worm replicated very fast over the world
2004 Cabir first lsquoproof-of-conceptrsquo for Symbian
2006 Leap first virus for Mac OS X
2007 Storm Worm first use of distributed CampC-servers
2008 Koobface first malware on Facebook
2008 Conficker one of the biggest epidemics in history infecting everybody
2010 FakePlayer SMS-trojan for Android
2010 Stuxnet Targetted attack against Iranian enrichment of Uranium
2011 Duqu advanced spyware trojan
2012 Flame advanced spyware virus
About 70000 new threats per day =gt over 80000000 ThreatsMalware
Under the Radar = Money is involved
The Numbers Game
Problem 1 Botnets
Using botnet
- DDos for fun and glory
- Sending spam or making spamlists
- Phishing
- Stealing private data dropping spyware modules etchellip
- Ransoming
- Botnet Renting
- Eg Citadel botnet with Dorifel (Aug 2012)
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
bull Security Evangelist at G Data Sofware AG
- Privately owned
- Established 1985 in Germany (Bochum)
- First Atari AV software
- Security solutions for end users and companies
bull Personally Involved in the security industry since 1989
bull Worked as Senior ConsultantAnti-Virus Expert for several CERT-organisations and
commercial enterprises like Kaspersky Lab Westcon(Noxs) etc
bull Co-founder and board member of EICAR and AMTSO (international security industry org)
Introduction
Some History The old days
Spam
Some years ago
Virus
Worm
Trojan
Current threats
History facts 1986 Brain first PC(bootsector) virus
1988 Morris-worm infected 10 of the internet (6000 computers)
1992 Michelangelo first virus in the media
1995 Concept first macro-virus
1999 Melissa mass mailer
2003 Slammer memory worm replicated very fast over the world
2004 Cabir first lsquoproof-of-conceptrsquo for Symbian
2006 Leap first virus for Mac OS X
2007 Storm Worm first use of distributed CampC-servers
2008 Koobface first malware on Facebook
2008 Conficker one of the biggest epidemics in history infecting everybody
2010 FakePlayer SMS-trojan for Android
2010 Stuxnet Targetted attack against Iranian enrichment of Uranium
2011 Duqu advanced spyware trojan
2012 Flame advanced spyware virus
About 70000 new threats per day =gt over 80000000 ThreatsMalware
Under the Radar = Money is involved
The Numbers Game
Problem 1 Botnets
Using botnet
- DDos for fun and glory
- Sending spam or making spamlists
- Phishing
- Stealing private data dropping spyware modules etchellip
- Ransoming
- Botnet Renting
- Eg Citadel botnet with Dorifel (Aug 2012)
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Some History The old days
Spam
Some years ago
Virus
Worm
Trojan
Current threats
History facts 1986 Brain first PC(bootsector) virus
1988 Morris-worm infected 10 of the internet (6000 computers)
1992 Michelangelo first virus in the media
1995 Concept first macro-virus
1999 Melissa mass mailer
2003 Slammer memory worm replicated very fast over the world
2004 Cabir first lsquoproof-of-conceptrsquo for Symbian
2006 Leap first virus for Mac OS X
2007 Storm Worm first use of distributed CampC-servers
2008 Koobface first malware on Facebook
2008 Conficker one of the biggest epidemics in history infecting everybody
2010 FakePlayer SMS-trojan for Android
2010 Stuxnet Targetted attack against Iranian enrichment of Uranium
2011 Duqu advanced spyware trojan
2012 Flame advanced spyware virus
About 70000 new threats per day =gt over 80000000 ThreatsMalware
Under the Radar = Money is involved
The Numbers Game
Problem 1 Botnets
Using botnet
- DDos for fun and glory
- Sending spam or making spamlists
- Phishing
- Stealing private data dropping spyware modules etchellip
- Ransoming
- Botnet Renting
- Eg Citadel botnet with Dorifel (Aug 2012)
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Spam
Some years ago
Virus
Worm
Trojan
Current threats
History facts 1986 Brain first PC(bootsector) virus
1988 Morris-worm infected 10 of the internet (6000 computers)
1992 Michelangelo first virus in the media
1995 Concept first macro-virus
1999 Melissa mass mailer
2003 Slammer memory worm replicated very fast over the world
2004 Cabir first lsquoproof-of-conceptrsquo for Symbian
2006 Leap first virus for Mac OS X
2007 Storm Worm first use of distributed CampC-servers
2008 Koobface first malware on Facebook
2008 Conficker one of the biggest epidemics in history infecting everybody
2010 FakePlayer SMS-trojan for Android
2010 Stuxnet Targetted attack against Iranian enrichment of Uranium
2011 Duqu advanced spyware trojan
2012 Flame advanced spyware virus
About 70000 new threats per day =gt over 80000000 ThreatsMalware
Under the Radar = Money is involved
The Numbers Game
Problem 1 Botnets
Using botnet
- DDos for fun and glory
- Sending spam or making spamlists
- Phishing
- Stealing private data dropping spyware modules etchellip
- Ransoming
- Botnet Renting
- Eg Citadel botnet with Dorifel (Aug 2012)
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Current threats
History facts 1986 Brain first PC(bootsector) virus
1988 Morris-worm infected 10 of the internet (6000 computers)
1992 Michelangelo first virus in the media
1995 Concept first macro-virus
1999 Melissa mass mailer
2003 Slammer memory worm replicated very fast over the world
2004 Cabir first lsquoproof-of-conceptrsquo for Symbian
2006 Leap first virus for Mac OS X
2007 Storm Worm first use of distributed CampC-servers
2008 Koobface first malware on Facebook
2008 Conficker one of the biggest epidemics in history infecting everybody
2010 FakePlayer SMS-trojan for Android
2010 Stuxnet Targetted attack against Iranian enrichment of Uranium
2011 Duqu advanced spyware trojan
2012 Flame advanced spyware virus
About 70000 new threats per day =gt over 80000000 ThreatsMalware
Under the Radar = Money is involved
The Numbers Game
Problem 1 Botnets
Using botnet
- DDos for fun and glory
- Sending spam or making spamlists
- Phishing
- Stealing private data dropping spyware modules etchellip
- Ransoming
- Botnet Renting
- Eg Citadel botnet with Dorifel (Aug 2012)
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
History facts 1986 Brain first PC(bootsector) virus
1988 Morris-worm infected 10 of the internet (6000 computers)
1992 Michelangelo first virus in the media
1995 Concept first macro-virus
1999 Melissa mass mailer
2003 Slammer memory worm replicated very fast over the world
2004 Cabir first lsquoproof-of-conceptrsquo for Symbian
2006 Leap first virus for Mac OS X
2007 Storm Worm first use of distributed CampC-servers
2008 Koobface first malware on Facebook
2008 Conficker one of the biggest epidemics in history infecting everybody
2010 FakePlayer SMS-trojan for Android
2010 Stuxnet Targetted attack against Iranian enrichment of Uranium
2011 Duqu advanced spyware trojan
2012 Flame advanced spyware virus
About 70000 new threats per day =gt over 80000000 ThreatsMalware
Under the Radar = Money is involved
The Numbers Game
Problem 1 Botnets
Using botnet
- DDos for fun and glory
- Sending spam or making spamlists
- Phishing
- Stealing private data dropping spyware modules etchellip
- Ransoming
- Botnet Renting
- Eg Citadel botnet with Dorifel (Aug 2012)
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
About 70000 new threats per day =gt over 80000000 ThreatsMalware
Under the Radar = Money is involved
The Numbers Game
Problem 1 Botnets
Using botnet
- DDos for fun and glory
- Sending spam or making spamlists
- Phishing
- Stealing private data dropping spyware modules etchellip
- Ransoming
- Botnet Renting
- Eg Citadel botnet with Dorifel (Aug 2012)
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Problem 1 Botnets
Using botnet
- DDos for fun and glory
- Sending spam or making spamlists
- Phishing
- Stealing private data dropping spyware modules etchellip
- Ransoming
- Botnet Renting
- Eg Citadel botnet with Dorifel (Aug 2012)
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Using botnet
- DDos for fun and glory
- Sending spam or making spamlists
- Phishing
- Stealing private data dropping spyware modules etchellip
- Ransoming
- Botnet Renting
- Eg Citadel botnet with Dorifel (Aug 2012)
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
- The NVB (Dutch Association of Banks Netherlands) reported 8000 cases
of fraud with online banking in 2011 amounting to euro 35 million in damages The
average loss per case amounts to approximately euro 4375
- Febelfin (Belgium Assocation of Banks) reported 396 cases of fraud with
online banking in 2012 (first half) amounting euro 675000 in damages after
recuperationhelliphellip
The user is exposed to a high risk ~ euro 4000
1 of every days new threats
Man-in-the-Browser Attack
More used in other attacks
Related problem Online banking threats
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Problem 2 Social Media Websites
Over 36 million URLrsquos are malicious
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Social Media a combination of the
Human and Technological Factor
Human factor
Tech factor Victim
Malicious website
Other web 20
apps
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Human Factor
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Technology Factor
Blackhole Exploit Kit Statistics
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
- Profit Depending on the target
- Easy to do (technicallymorally)
- Low risk business
- New services that are
profitable to attack
Problem 3
Shift of focus to corporate targets
lsquoTargAttacksrsquo
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
- June 2009-Dec 2009 (Google announced
it in January 2010)
- Other victims include Adobe Systems
Juniper Rackspace Yahoo
- Targeted at Fortune 100
- Using a Zero Day vulnerability to gain
access to and potentially modify source
code repositories Cyber-espionage
- Social Engineering targeted techniques
via Facebook accounts etc
First serious sign Aurora attack
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Copyright IEEE Spectrum 2011
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
- Dignotar Hack in July 2011 (NL)
(Certificate Authority)
What False certificates for google mail
and 247 others stolengenerated from
CA provider
Who Iran (government) -
ComodoHacker
Why impersonate Google mdash assuming
you can first reroute Internet traffic for
googlecom to you Only affect users
within that country or under that ISP
Also affecting
the Cloud
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
- Hacking mailboxes of (known) people
- Hacking email adresses and
passwords from corporates egPhilips
- Hacking and Ransoming
(Rex Mundi) Accord (NL)
Elantis (BE) CreditPret (FR)
- Hacktivism Flash bang Mentality
change (Anonymous GhostShell)
And
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Problem 4 Cyberespionage and Sabotage Stuxnet Duqu Flame
- Discovered July 2010
- Used Windows OS industrial software application Siemens PLC
- Using 5 vulnerabilities (4 Zero Day Vulnerabilities)
- Initially spread via USB (= Floppy) afterwards peer-to-peer
functionalities
- Targetting SCADA company based in Finland and the real target
nuclear plant based in Iran
- Problems caused in enrichment of Uranium Success
Cybersabotage
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Internet
The real problem Todayrsquos
Networks Lack Boundaries
Contractors
Mobile Users
Network
Telecommuters
Wireless Users
InternalExternal network
Individual Users connect from multiple locations
ManagedUnmanaged devices
Individual devices operate both inside the network
and on public networks
New Devices on the Network eg Netbooks Mobile
devices etc
Question Who has an Android phone iPhone
Symbian BlackBerry Tablet
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
The first incidents
Liberty Horse Trojan Sept 2000
Telefonica SMS Mailer Dec 2000
911 DoS SMS Mailer in Japan April 2001
Flooder sending not wanted SMS Aug 2001
Phage destroys files on Palm Sept 2001
Vapor Trojan Horse hides applications Oct 2001
GPRS hack into 25G US network devices Nov 2002
Nokia 6210 V-card Exploit Feb 25 2003
Siemens ldquoStringrdquo Exploit March 2 2003
ATampT SMS Trojan May 5 2003
First Symbian based Trojan Sept 2003
Problem 5
Mobile threats and BYOD
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Source Gartner
0
10
20
30
40
50
60
70
2007 2008 2009 2010 2011e 2012e
Symbian iPhone Blackberry Win Mobile Android
Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected)
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Security Model
Unix multi-user sandbox (uidgid)
No permissions by default
Strict permissions
bull Enforced by kernel
bull Displayed on installtime
bull Not changeable later on
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
DroidDream Googlersquos removal tool
Which is the real tool
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
The Update Problem
- 2011 = +- 1800 total mobile malware threats (until December 2011)
- 2012 = +- 13000 total mobile malware (until July 201296 Android)
Mobile Malware Situation
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
bull More mobile Malware Apps related malware =gt Drive-By-Download based mobile malware
bull More MitB driven attacks to gain access to encrypted data and to the cloud
bull More Human based behaviour attacks (social)
bull 64Bit Malware Ransomware Java based malware
bull Botnets continue to (mis)use internal networks of companies
bull More targeted attacks cyberespionage and cybersabotage ( not only nation driven)
bull More hacks of SMB websites
=gt =gt =gt Most of it Under the radar of the public lt= lt= lt=
THE FUTURE
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
Malware related to
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems
A Secure Solution for mobile threats hellip-)
Thank you Questions
Twitter EddyWillems