Why Phishing is Different on Mobile Aaron Cockerill Gartner - - PowerPoint PPT Presentation

why phishing is different on mobile
SMART_READER_LITE
LIVE PREVIEW

Why Phishing is Different on Mobile Aaron Cockerill Gartner - - PowerPoint PPT Presentation

Dec 26, 2022 351 likes •735 views

Why Phishing is Different on Mobile Aaron Cockerill Gartner Security & Risk Management Summit 2018 1 The world has changed The corporate data center is in the cloud Starbucks is the new corporate Wi-Fi Employees have all gone mobile

slide-1
SLIDE 1 1

Why Phishing is Different on Mobile

Aaron Cockerill

Gartner Security & Risk Management Summit 2018

slide-2
SLIDE 2

The world has changed

slide-3
SLIDE 3

The corporate data center is in the cloud

slide-4
SLIDE 4

Starbucks is the new corporate Wi-Fi

slide-5
SLIDE 5

Employees have all gone mobile

slide-6
SLIDE 6

The IT perimeter has disappeared

slide-7
SLIDE 7

Time on mobile, vs 42% on PC

51% 39%

Of devices connected to the Internet use Android, vs 37% use Windows

2014

Mobile internet traffic surpassed desktop internet traffic

slide-8
SLIDE 8

Time in apps, 
 not the browser

90% 61%

Experienced a security incident directly attributable to a mobile device in the past year

70%

Enterprises software interactions on mobile by 2022

slide-9
SLIDE 9

Hey Aaron, check out the new KTM 500 EXC. http://ktm500exc.iamges.com.au/link

slide-10
SLIDE 10
slide-11
SLIDE 11
slide-12
SLIDE 12
  • f these phishing

attacks were followed by the installation of software

95%

more susceptible to phishing attack on mobile

3X

year-on-year increase in social media and SaaS targeted phishing

3X

  • f breaches involve

phishing or social engineering

91%

slide-13
SLIDE 13

CORPORATE FIREWALL SECURE EMAIL GATEWAY ENDPOINT ANTI-VIRUS

CORPORATE EMAIL
slide-14
SLIDE 14

CORPORATE FIREWALL SECURE EMAIL GATEWAY ENDPOINT ANTI-VIRUS

CORPORATE EMAIL
slide-15
SLIDE 15

CORPORATE FIREWALL SECURE EMAIL GATEWAY ENDPOINT ANTI-VIRUS

CORPORATE EMAIL
slide-16
SLIDE 16
slide-17
SLIDE 17

Pegasus for iOS

August 2016 Discovery: Citizen Lab & Lookout Exploited: three zero-day vulns (Trident)

Pegasus for Android

April 2017 Discovery: Lookout & Google Exploited: known/patched vulns (Framaroot)

slide-18
SLIDE 18
  • 18
slide-19
SLIDE 19

Exfiltrate data

Encryption Kernel

slide-20
SLIDE 20

Exfiltrate data

Encryption Kernel Pegasus

data

slide-21
SLIDE 21

Dark Caracal

THE FIRST GLOBALLY ACTIVE MOBILE APT (mAPT)

  • A long-term offensive cyber campaign(s) 


with global scope & scale

  • Over 100GB of stolen data from over 600

mobile devices in over 21 countries

  • Primarily Android, and also Windows, Linux,

and OS X

  • 2FA codes, Business information, Personal

information, Screenshots, Recordings, Financial transactions, Other sensitive data

slide-22
SLIDE 22

Dark Caracal mobile kill chain

Gain Access

Dark Caracal relies on social engineering via posts on a Facebook groups and WhatsApp messages.

Social Engineer

The goal is to drive victims to a ”watering hole” controlled by Dark Caracal that provides trojanized versions of popular messaging apps.

Perform Espionage

Dark Caracal uses at least 9 unique Android surveillanceware apps to activate a mobile device’s camera, microphone, GPS, or steal data from up to 15 different locations on the device.

slide-23
SLIDE 23

ViperRAT

Sophisticated surveillanceware targeting the Israeli Defense Forces.

FrozenCell

APT C-23 targeting Palestinian individuals and organizations with trojanized education and social media apps including facebook, WhatsApp, Messenger, and LoveChat.

xRAT

Initially used against pro-democracy activists in Hong Kong in 2014, targets iOS and Android. Targets suggests state sponsored

slide-24
SLIDE 24

BancaMarStealer

BANKING TROJAN

slide-25
SLIDE 25

Over 60 international financial institutions

slide-26
SLIDE 26

Fake Real

slide-27
SLIDE 27

Fake Real

slide-28
SLIDE 28

Fake Real

slide-29
SLIDE 29

Phishing is the #1 cybersecurity risk globally

slide-30
SLIDE 30

| CONFIDENTIAL AND PROPRIETARY

Lookout Phishing Statistics

2011 2012 2013 2014 2015 2016

0.9 0.5 0.4 0.2 0.1 0.1

1.00 0.75 0.50 0.25

PHISHING SITE ENCOUNTER RATE

slide-31
SLIDE 31

| CONFIDENTIAL AND PROPRIETARY

Lookout Phishing Statistics

  • The rate at which users are receiving and clicking on

Phishing URLs has increased 85% YoY since 2011.

  • Even with existing phishing protection and user

training 56% of Lookout users received and clicked

  • n a phishing URL*.
  • Those 56% of users clicked on an average of 6

phishing URLs per year over that same time.

* 2014-2016

PHISHING SITE ENCOUNTER RATE

slide-32
SLIDE 32

mobile phishing protection 
 requires a different approach

slide-33
SLIDE 33

CORPORATE FIREWALL SECURE EMAIL GATEWAY ENDPOINT ANTI-VIRUS

CORPORATE EMAIL
slide-34
SLIDE 34

CORPORATE FIREWALL SECURE EMAIL GATEWAY ENDPOINT ANTI-VIRUS

Deb Hey Aaron, check out these pics from the picnic! http://www.picserver.net/picnic
  • OK. Thanks!
message

Phishing Attack Blocked

More Info Proceed Anyway CORPORATE EMAIL
slide-35
SLIDE 35

Device remediation Mobile Endpoint Security Threat Detail

  • 35
slide-36
SLIDE 36

MOBILE RISK MATRIX

Apps Risks

  • Trojans, ransomware, 


rootkits

  • App vulnerabilities

due to poor coding

  • Non-compliant apps

that leak data

  • Sideloaded apps that

bypass app stores

Device Risks

  • Advanced OS

compromise (Pegasus)

  • Unpatched devices
  • Known CVEs*
  • Risky device

configurations

  • User-initiated

jailbreak/root

Network Risks

  • Man-in-the-middle

attacks

  • Host certificate

hijacking

  • SSLstrip
  • TLS protocol

downgrades

  • Rogue wifi detection

Web & Content Risks

  • Mobile phishing

attacks

  • Malicious files (e.g.

Stagefright)

  • Browser vulnerabilities

(e.g. Trident)

  • Browsing to risky

websites

Lookout Mobile Endpoint Security

slide-37
SLIDE 37

COME AND TALK TO US AT BOOTH 250